Threat Spotlight: PoSeidon, A Deep Dive Into Point of Sale Malware
Tags
attack-pattern: Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002
Show in Graph
Common Information
Type Value
UUID 752733c3-850f-48d7-b202-a07e1f9ce918
Fingerprint d4ec1d954173a293
Analysis status DONE
Considered CTI value 0
Text language
Published March 20, 2015, 7:57 a.m.
Added to db Oct. 9, 2022, 4:07 p.m.
Last updated Nov. 18, 2024, 1:24 p.m.
Headline Vulnerability Information
Title Threat Spotlight: PoSeidon, A Deep Dive Into Point of Sale Malware
Detected Hints/Tags/Attributes 58/1/39
Source URLs
Redirection Url
Details Source https://blog.talosintelligence.com/2015/03/threat-spotlight-poseidon-deep-dive.html
URL Provider
Details Provider Source level domain
Details talosintelligence.com blog.talosintelligence.com
Attributes
Details Type #Events CTI Value
Details Domain 2 
wondertechmy.com
Details Domain 2 
wondertechmy.ru
Details Domain 2 
wondwondnew.ru
Details Domain 2 
linturefa.com
Details Domain 2 
xablopefgr.com
Details Domain 2 
tabidzuwek.com
Details Domain 2 
lacdileftre.ru
Details Domain 3 
weksrubaz.ru
Details Domain 4 
linturefa.ru
Details Domain 3 
mifastubiv.ru
Details Domain 2 
xablopefgr.ru
Details Domain 2 
tabidzuwek.ru
Details Domain 5 
badguy.com
Details Domain 2 
quartlet.com
Details Domain 2 
horticartf.com
Details Domain 2 
kilaxuntf.ru
Details Domain 2 
dreplicag.ru
Details Domain 2 
fimzusoln.ru
Details Domain 2 
wetguqan.ru
Details File 40 
viewtopic.php
Details File 11 
winhost.exe
Details File 5 
winhost32.exe
Details File 2 
%userprofile%\winhost32.exe
Details File 2130 
cmd.exe
Details File 2 
malwarefilename.exe
Details File 2 
pes13n.exe
Details File 2 
poseidon.reg
Details sha256 2 
334079dc9fa5b06fbd68e81de903fcd4e356b4f2d0e8bbd6bdca7891786c39d4
Details IPv4 2 
151.236.11.167
Details IPv4 2 
185.13.32.132
Details IPv4 2 
185.13.32.48
Details IPv4 3 
31.184.192.196
Details IPv4 2 
91.220.131.116
Details IPv4 2 
91.220.131.87
Details IPv4 2 
1.220.131.116
Details Url 2 
http://badguy.com/malwarefilename.exe
Details Url 2 
https://01.220.131.116/ldl01/files/pes13n.exe
Details Windows Registry Key 2 
HKCU\Software\LogMeIn
Details Windows Registry Key 2 
HKCU\Microsoft\Windows\CurrentVersion\Run\WinHost32