Trusted Design

POSEIDON AND BACKOFF POS

概要

Poseidon, also known as FindPOS, is a malware family designed for Windows point-of-sale systems. Poseidon scans the memory for running processes and employs keystroke logging to gather payment card data and credentials. Recent Team Cymru analysis of Poseidon samples revealed a number of similarities to the much-publicized Backoff POS malware family, and this post documents those similarities and a number of new IOCs.

Created: 2026-02-23

Indicators

類似Pulses

PoSeidon, A Deep Dive Into Point of Sale Malware (score: 0.75)
New PoSeidon spotted (score: 0.62)
KASPERSKY 2016-02-09: Poseidon Group: a Targeted Attack Boutique (score: 0.61)
MajikPOS Combines PoS Malware and RATs to Pull Off its Malicious Tricks (score: 0.59)
NitlovePOS: Another New POS Malware (score: 0.59)

このPulseに関連する脅威アクター (事実ベース)

APT28

Score: 10.91

Matched TTPs:

T1205.001 - Port Knocking
T1583.006 - Web Services
T1547.002 - Authentication Package
T1200 - Hardware Additions

MITREへのリンク →

CURIUM

Score: 3.84

Matched TTPs:

T1205.001 - Port Knocking

MITREへのリンク →

Storm-1811

Score: 3.84

Matched TTPs:

T1205.001 - Port Knocking

MITREへのリンク →

Volt Typhoon

Score: 3.28

Matched TTPs:

T1583.006 - Web Services
T1209 - Time Providers

MITREへのリンク →

Tropic Trooper

Score: 15.47

Matched TTPs:

T1583.006 - Web Services
T1683 - Generate Content
T1128 - Netsh Helper DLL
T1200 - Hardware Additions
T1209 - Time Providers
T1490 - Inhibit System Recovery

MITREへのリンク →

Deep Panda

Score: 4.26

Matched TTPs:

T1583.006 - Web Services
T1027.014 - Polymorphic Code

MITREへのリンク →

HAFNIUM

Score: 4.18

Matched TTPs:

T1583.006 - Web Services
T1490 - Inhibit System Recovery

MITREへのリンク →

Play

Score: 4.18

Matched TTPs:

T1583.006 - Web Services
T1490 - Inhibit System Recovery

MITREへのリンク →

Stealth Falcon

Score: 5.14

Matched TTPs:

T1583.006 - Web Services
T1556.009 - Conditional Access Policies

MITREへのリンク →

TeamTNT

Score: 3.28

Matched TTPs:

T1583.006 - Web Services
T1209 - Time Providers

MITREへのリンク →

Chimera

Score: 6.90

Matched TTPs:

T1583.006 - Web Services
T1132.002 - Non-Standard Encoding
T1209 - Time Providers

MITREへのリンク →

Lazarus Group

Score: 16.18

Matched TTPs:

T1583.006 - Web Services
T1547.002 - Authentication Package
T1209 - Time Providers
T1055.005 - Thread Local Storage
T1556 - Modify Authentication Process
T1216 - System Script Proxy Execution

MITREへのリンク →

Storm-0501

Score: 4.26

Matched TTPs:

T1583.006 - Web Services
T1027.014 - Polymorphic Code

MITREへのリンク →

Medusa Group

Score: 9.65

Matched TTPs:

T1583.006 - Web Services
T1128 - Netsh Helper DLL
T1209 - Time Providers
T1216 - System Script Proxy Execution

MITREへのリンク →

Mustang Panda

Score: 14.70

Matched TTPs:

T1583.006 - Web Services
T1169 - Sudo
T1209 - Time Providers
T1055.005 - Thread Local Storage
T1556 - Modify Authentication Process

MITREへのリンク →

FIN7

Score: 6.58

Matched TTPs:

T1583.006 - Web Services
T1547.002 - Authentication Package
T1490 - Inhibit System Recovery

MITREへのリンク →

Turla

Score: 10.20

Matched TTPs:

T1583.006 - Web Services
T1547.002 - Authentication Package
T1556.009 - Conditional Access Policies
T1490 - Inhibit System Recovery

MITREへのリンク →

MuddyWater

Score: 3.92

Matched TTPs:

T1583.006 - Web Services
T1547.002 - Authentication Package

MITREへのリンク →

Rocke

Score: 3.28

Matched TTPs:

T1583.006 - Web Services
T1209 - Time Providers

MITREへのリンク →

Magic Hound

Score: 9.30

Matched TTPs:

T1583.006 - Web Services
T1683 - Generate Content
T1547.002 - Authentication Package
T1209 - Time Providers

MITREへのリンク →

APT37

Score: 7.54

Matched TTPs:

T1583.006 - Web Services
T1547.002 - Authentication Package
T1216 - System Script Proxy Execution

MITREへのリンク →

Kimsuky

Score: 12.95

Matched TTPs:

T1583.006 - Web Services
T1027.014 - Polymorphic Code
T1547.002 - Authentication Package
T1132.002 - Non-Standard Encoding
T1490 - Inhibit System Recovery

MITREへのリンク →

HEXANE

Score: 3.92

Matched TTPs:

T1583.006 - Web Services
T1547.002 - Authentication Package

MITREへのリンク →

Inception

Score: 7.42

Matched TTPs:

T1583.006 - Web Services
T1027.014 - Polymorphic Code
T1200 - Hardware Additions

MITREへのリンク →

OilRig

Score: 12.40

Matched TTPs:

T1583.006 - Web Services
T1128 - Netsh Helper DLL
T1556.009 - Conditional Access Policies
T1209 - Time Providers
T1556 - Modify Authentication Process

MITREへのリンク →

Gamaredon Group

Score: 7.07

Matched TTPs:

T1583.006 - Web Services
T1547.002 - Authentication Package
T1200 - Hardware Additions

MITREへのリンク →

APT38

Score: 5.14

Matched TTPs:

T1583.006 - Web Services
T1216 - System Script Proxy Execution

MITREへのリンク →

BITTER

Score: 3.62

Matched TTPs:

T1683 - Generate Content

MITREへのリンク →

APT29

Score: 10.83

Matched TTPs:

T1683 - Generate Content
T1546.018 - Python Startup Hooks
T1490 - Inhibit System Recovery

MITREへのリンク →

Cobalt Group

Score: 7.26

Matched TTPs:

T1027.014 - Polymorphic Code
T1128 - Netsh Helper DLL
T1209 - Time Providers

MITREへのリンク →

Blue Mockingbird

Score: 7.28

Matched TTPs:

T1027.014 - Polymorphic Code
T1001.001 - Junk Data

MITREへのリンク →

APT32

Score: 9.92

Matched TTPs:

T1027.014 - Polymorphic Code
T1209 - Time Providers
T1556 - Modify Authentication Process
T1490 - Inhibit System Recovery

MITREへのリンク →

APT39

Score: 4.16

Matched TTPs:

T1547.002 - Authentication Package
T1209 - Time Providers

MITREへのリンク →

Velvet Ant

Score: 5.41

Matched TTPs:

T1128 - Netsh Helper DLL
T1490 - Inhibit System Recovery

MITREへのリンク →

RedCurl

Score: 4.51

Matched TTPs:

T1128 - Netsh Helper DLL
T1209 - Time Providers

MITREへのリンク →

APT42

Score: 6.37

Matched TTPs:

T1128 - Netsh Helper DLL
T1132.002 - Non-Standard Encoding

MITREへのリンク →

FIN6

Score: 7.26

Matched TTPs:

T1128 - Netsh Helper DLL
T1209 - Time Providers
T1556 - Modify Authentication Process

MITREへのリンク →

FIN8

Score: 5.49

Matched TTPs:

T1128 - Netsh Helper DLL
T1556 - Modify Authentication Process

MITREへのリンク →

Wizard Spider

Score: 6.37

Matched TTPs:

T1556.009 - Conditional Access Policies
T1556 - Modify Authentication Process

MITREへのリンク →

Dragonfly

Score: 3.15

Matched TTPs:

T1200 - Hardware Additions

MITREへのリンク →

Confucius

Score: 3.15

Matched TTPs:

T1200 - Hardware Additions

MITREへのリンク →

DarkHydrus

Score: 3.15

Matched TTPs:

T1200 - Hardware Additions

MITREへのリンク →

LAPSUS$

Score: 3.62

Matched TTPs:

T1132.002 - Non-Standard Encoding

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.79

Matched TTPs:

T1556 - Modify Authentication Process
T1055.005 - Thread Local Storage
T1216 - System Script Proxy Execution
T1209 - Time Providers
T1547.002 - Authentication Package
T1583.006 - Web Services

MITREへのリンク →

Tropic Trooper

Score: 0.75

Matched TTPs:

T1683 - Generate Content
T1490 - Inhibit System Recovery
T1209 - Time Providers
T1583.006 - Web Services
T1200 - Hardware Additions
T1128 - Netsh Helper DLL

MITREへのリンク →

Mustang Panda

Score: 0.70

Matched TTPs:

T1556 - Modify Authentication Process
T1055.005 - Thread Local Storage
T1169 - Sudo
T1209 - Time Providers
T1583.006 - Web Services

MITREへのリンク →

Kimsuky

Score: 0.64

Matched TTPs:

T1132.002 - Non-Standard Encoding
T1027.014 - Polymorphic Code
T1490 - Inhibit System Recovery
T1547.002 - Authentication Package
T1583.006 - Web Services

MITREへのリンク →

OilRig

Score: 0.60

Matched TTPs:

T1556 - Modify Authentication Process
T1209 - Time Providers
T1583.006 - Web Services
T1128 - Netsh Helper DLL
T1556.009 - Conditional Access Policies

MITREへのリンク →

APT28

Score: 0.56

Matched TTPs:

T1200 - Hardware Additions
T1205.001 - Port Knocking
T1547.002 - Authentication Package
T1583.006 - Web Services

MITREへのリンク →

Medusa Group

Score: 0.55

Matched TTPs:

T1128 - Netsh Helper DLL
T1209 - Time Providers
T1583.006 - Web Services
T1216 - System Script Proxy Execution

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る