Openhunting Threat Library

GlitchPOS

GlitchPOS
(Type: POS malware, Credential stealer)

(Talos) Cisco Talos recently discovered a new PoS malware that the attackers are selling on a crimeware forum. Our researchers also discovered the associated payloads with the malware, its infrastructure and control panel. We assess with high confidence that this is not the first malware developed by this actor. A few years ago, they were also pushing the DiamondFox L!NK botnet. Known as 'GlitchPOS,' this malware is also being distributed on alternative websites at a higher price than the original.

[News Analysis] Trends:

Total Trend: 1

Trend Per Year
1
2019


Trend Per Month
1
Mar 2019



[News Analysis] News Mention Another Threat Name:

0 - GlitchPOS


[TTP Analysis] Technique Performance:



[TTP Analysis] Mitre Attack Matrix:

TA0043 TA0042 TA0001 TA0002 TA0003 TA0004 TA0005 TA0006 TA0007 TA0008 TA0009 TA0011 TA0010 TA0040
Reconnaissance Resource Development Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact


[Infrastructure Analysis] Based on Related IOC:

IP:Port Timestamp
Domain Timestamp
URL Timestamp


[Target Analysis] Region/Sector:

No information


References:

News Basic Information Indicator of Compromise Mitre Attack

News Article (Credit @Malpedia)

GlitchPOS: New PoS malware for sale

2019-03-13 by Warren Mercer from Cisco Talos

Basic Information (Credit @etda.or.th)

Tool: GlitchPOS

Names: GlitchPOS

Description: (Talos) Cisco Talos recently discovered a new PoS malware that the attackers are selling on a crimeware forum. Our researchers also discovered the associated payloads with the malware, its infrastructure and control panel. We assess with high confidence that this is not the first malware developed by this actor. A few years ago, they were also pushing the DiamondFox L!NK botnet. Known as 'GlitchPOS,' this malware is also being distributed on alternative websites at a higher price than the original.

Category: Malware

Type: POS malware, Credential stealer

Information: https://blog.talosintelligence.com/2019/03/glitchpos-new-pos-malware-for-sale.html

Information: https://cis.verint.com/2019/05/07/the-awakening-of-pos-malware-or-has-it-really-been-dormant/

Malpedia: https://malpedia.caad.fkie.fraunhofer.de/details/win.glitch_pos

Alienvault-otx: https://otx.alienvault.com/browse/pulses?q=tag:GlitchPOS

Last-card-change: 2020-05-25

Source: https://apt.etda.or.th/cgi-bin/listtools.cgi

TA0043 TA0042 TA0001 TA0002 TA0003 TA0004 TA0005 TA0006 TA0007 TA0008 TA0009 TA0011 TA0010 TA0040
Reconnaissance Resource Development Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact