GratefulPOS credit card stealing malware - just in time for the shopping season
Tags
attack-pattern: Data Direct Dns - T1071.004 Dns - T1590.002 Dns Server - T1583.002 Dns Server - T1584.002 Domains - T1583.001 Domains - T1584.001 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Windows Service - T1543.003 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID 161eaedd-e0cb-488e-aac6-1903e23d46a4
Fingerprint ad54f9db81328ea7
Analysis status DONE
Considered CTI value 1
Text language
Published Dec. 8, 2017, 11:03 p.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 17, 2024, 5:56 p.m.
Headline NetWitness Community
Title GratefulPOS credit card stealing malware - just in time for the shopping season
Detected Hints/Tags/Attributes 71/1/16
Source URLs
Redirection Url
Details Source https://community.rsa.com/community/products/netwitness/blog/2017/12/08/gratefulpos-credit-card-stealing-malware-just-in-time-for-the-shopping-season
URL Provider
Details Provider Source level domain
Details rsa.com community.rsa.com
Attributes
Details Type #Events CTI Value
Details CVE 172 
cve-2022-30190
Details Domain 1 
whatsthisfile.rsa.com
Details Domain 123 
ipinfo.io
Details Domain 4 
ipchicken.com
Details Domain 3 
canihazip.com
Details Domain 1 
a193-108-94-56-deploy-akamaitechnologies.com
Details Domain 1 
wallethub.com
Details Domain 3 
securitykitten.github.io
Details md5 1 
9a58657669bb3075c1103e73a8948a56
Details IPv4 1 
96.44.135.70
Details Mandiant Security Validation Actions 1 
A193-108
Details Url 1 
https://whatsthisfile.rsa.com
Details Url 1 
https://wallethub.com/edu/credit-debit-card-fraud-statistics/25725
Details Url 1 
http://securitykitten.github.io/getmypass-point-of-sale-malware
Details Url 1 
https://www.gdatasoftware.com/blog/2014/10/23942-new-frameworkpos-variant-exfiltrates-data-via-dns-requests
Details Url 1 
https://www.anomali.com/blog/three-month-frameworkpos-malware-campaign-nabs-43000-credits-cards-from-poi