 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: TreasureHunter| Names | TreasureHunter TREASUREHUNT huntpos | |
| Category | Malware | |
| Type | POS malware, Credential stealer | |
| Description | (FireEye) In this article we examine TREASUREHUNT, POS malware that appears to have been custom-built for the operations of a particular “dump shop,” which sells stolen credit card data. TREASUREHUNT enumerates running processes, extracts payment card information from memory, and then transmits this information to a command and control server. | |
| Information | <https://www.fireeye.com/blog/threat-research/2016/03/treasurehunt_a_cust.html> <https://isc.sans.edu/diary/How+Malware+Generates+Mutex+Names+to+Evade+Detection/19429/> <https://www.flashpoint-intel.com/blog/treasurehunter-source-code-leaked/> <http://adelmas.com/blog/treasurehunter.php> <https://blog.group-ib.com/majikpos_treasurehunter_malware> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.treasurehunter> | |
| AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:treasurehunt> | |
Last change to this tool card: 18 November 2022
Download this tool card in JSON format
Previous: TranslucentGh0st
Next: TriangleDB
| Changed | Name | Country | Observed | ||
Unknown groups | |||||
 | _[ Interesting malware not linked to an actor yet ]_ | ||||
1 group listed (0 APT, 0 other, 1 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |