Trusted Design

POSEIDON AND BACKOFF POS

概要

Poseidon, also known as FindPOS, is a malware family designed for Windows point-of-sale systems. Poseidon scans the memory for running processes and employs keystroke logging to gather payment card data and credentials. Recent Team Cymru analysis of Poseidon samples revealed a number of similarities to the much-publicized Backoff POS malware family, and this post documents those similarities and a number of new IOCs.

Created: 2026-02-23

Indicators

• FileHash-SHA1 - aa90a93833cb1171e9e213ba73928d32c546c1fd -
• FileHash-SHA1 - 8cfbfa37d31bcdeba00f0cab1509f93feec43e37 -
• FileHash-SHA1 - e51ac9b4180ed0045e690dd09bfe3a69af3b8a0c -
• FileHash-SHA1 - 66244a0d24231839333e8ce970b6ab1b3ad469b7 -
• URL - https://mehanistran.com/ldl01/viewtopic.php -
• FileHash-SHA1 - 21ef25799050ca8360cb6f8679fc90bd9af8a9de -
• FileHash-SHA1 - 8b83112e29b4c51ad5e63c4e7c4dc3cd6065e6d7 -
• URL - https://linturefa.com/ldl01/viewtopic.php -
• FileHash-SHA1 - 05b124b5f33a65ebb7489cdbcb55eee1692049f3 -
• FileHash-SHA1 - 1770d90d828b01a46ab4e39257db28f0a00f2cd8 -
• URL - http://fimzusoln.ru/pes13/viewtopic.php -
• URL - http://reswahatce.ru/pes19/viewtopic.php -
• FileHash-SHA1 - 164af045a08d718372dd6ecd34b746e7032127b1 -
• FileHash-SHA1 - d28c053075b2636e8b217f439f15565abe26f569 -
• FileHash-SHA1 - 8ab3bd0c323ef967245bd7756070733f3386eb45 -
• URL - https://tabidzuwek.ru/ldl01/viewtopic.php -
• URL - http://dingdownmahedt.ru/pes18/viewtopic.php -
• FileHash-SHA1 - 1c22a10c198257316a41e3f7d6f8ad4c40f05e5d -
• URL - http://newdomainreservenow.ru/pes9/viewtopic.php -
• FileHash-SHA1 - 17a2c61bf5c49d465a527625cd3e73c60afc07a4 -
• FileHash-SHA1 - 6f6dc9f09c593a57cf9ef658d2447da9c56fbbb4 -
• FileHash-SHA1 - 6e45ba4be815ee0f2f8954a05b3f79ffa52bbce2 -
• FileHash-SHA1 - edb3a9ab30702d1750a3ec5cfd37893af329e788 -
• FileHash-SHA1 - f1dca78808b7f32ef817bd36e2b250e9c7d736b6 -
• URL - http://quartlet.com/pes13/viewtopic.php -
• FileHash-SHA1 - 303ced5245f0efe080a945d269ec94b2972cbee6 -
• FileHash-SHA1 - e0158ac0ced198dad89220c2063bbfed515f60fc -
• URL - https://spartanwore.com/ldl01srf/viewtopic.php -
• FileHash-SHA1 - 40eb76aa1c1cd58db621cf21d27b26b33cce5f8a -
• FileHash-SHA1 - 2d29baaebaf719d284a9ee4eb0192934ae0f91ce -
• URL - https://Askyourspace.com/ldl01aef/viewtopic.php -
• FileHash-SHA1 - 16cc234cdd9b180801e79d0b4beb0d88462911c0 -
• FileHash-SHA1 - 0e8827796ea18b18891a2015bc000776664ebff4 -
• FileHash-SHA1 - 9391c66dd409a2908c54f573c975d1a2053f5b8e -
• URL - https://weksrubaz.ru/ldl01/index.php -
• URL - https://serppoglandam.ru/ldl01/viewtopic.php -
• FileHash-SHA1 - 26495828c9a7bb33328b54f772fb1bbd06f6106e -
• FileHash-SHA1 - 3de607115b6f0372ad9d4d68c27a118eca463a11 -
• FileHash-SHA1 - 3a800f25408c679f337b6899dca137db66fead66 -
• URL - http://dinghareun.ru/pes18/viewtopic.php -
• URL - https://petronasconn.ru/ldl01/viewtopic.php -
• URL - http://dreplicag.ru/pes13/viewtopic.php -
• URL - https://tabidzuwek.ru/ldl01/index.php -
• FileHash-SHA1 - c78130f95c4c4db31585521ce4668f962b7385df -
• URL - https://switlawert.com/ldl01/viewtopic.php -
• URL - http://howthatficy.ru/pes19/viewtopic.php -
• URL - https://tabidzuwek.com/ldl01/viewtopic.php -
• URL - https://followhell.ru/ldl01z/viewtopic.php -
• URL - https://lacdileftre.ru/pes2/viewtopic.php -
• FileHash-SHA1 - 0d9a8b1c179e705f589f84a4ee3d635fe4ecf4f6 -
• FileHash-SHA1 - f3420cb99c4689bd613f8195571f5dcb417e6d22 -
• URL - https://wertstumbahn.ru/ldl01/viewtopic.php -
• FileHash-SHA1 - 3c97379ea625a584b91c63b8d9286d6182d61ea2 -
• FileHash-SHA1 - 29c29b4d3b81d054dc1d4adea63d606e04663c95 -
• FileHash-SHA1 - 31a7ae4d92cf742f447396a197a5ba722e672f05 -
• FileHash-SHA1 - 11b3a6866c153c0ed266b5d6e151217299fba3ac -
• FileHash-SHA1 - 723af5e6d126021aa0d8032a4cc45da5bedbe946 -
• FileHash-SHA1 - 2b53394dad68bfc2a22d710259cb922d44799282 -
• FileHash-SHA1 - bc244f41938cbdc419590b34f74b8f4a88a73104 -
• URL - https://firstcupworlds.com/ldl01zeg/viewtopic.php -
• URL - http://xoftunhbyirf.tk/pes18/viewtopic.php -
• YARA - b885e064b55851dd29684d47befbe958a3f6dc52 -
• FileHash-SHA1 - 415132ffccbb95856db3acb3c3648244864a0586 -
• FileHash-SHA1 - 47430cf79c6d01abe6630e4c08d3fc821040069e -
• FileHash-SHA1 - c3120212263c7d272b5664fbd33291d46f5357ea -
• URL - https://srachechno.com/ldl01/viewtopic.php -
• FileHash-SHA1 - 82189618784f98846bac2139ebe3d3839fe855e9 -
• FileHash-SHA1 - ba983efd45dc4a21c34a9be4273fd82d27768267 -
• URL - https://serfilefnom.ru/ldl01/viewtopic.php -
• FileHash-SHA1 - bad699af3fc8fda8e8cd271aac8a018c5faa3748 -
• FileHash-SHA1 - 837ac1eaea0ae07fda97e659d55996d09d8485da -
• FileHash-SHA1 - 4959d2bdb93f2a75fd92ebbb1de391e3ed72ac55 -
• URL - https://linturefa.ru/ldl01/viewtopic.php -
• FileHash-SHA1 - 0417922ec0503730297c167abcefcb4bdadcf8d8 -
• URL - https://vesnarusural.ru/ldl01/viewtopic.php -
• FileHash-SHA1 - 5e70840747264adee10bb298262207c8c25cff40 -
• FileHash-SHA1 - 47eda908dd3757d66409e6f3a6225ca1cd03fa2c -
• FileHash-SHA1 - 1be1781de69d6d6e8e749538c28dd0a5bff9a2bb -
• FileHash-SHA1 - 884f02ea7e0da210a3d62a347a43c0079cb5218a -
• FileHash-SHA1 - 7915d8736770d4ead4c10304bd54ad72a1120afe -
• FileHash-SHA1 - 24ddc01f6446f3970fb1b895cb7fced9d9ab6328 -
• URL - https://weksrubaz.ru/ldl01/viewtopic.php -
• FileHash-SHA1 - 7dd0e3ae8bd7a69789d6117fb3e64926e4baad53 -
• URL - http://horticartf.com/pes13/viewtopic.php -
• FileHash-SHA1 - 02a39351450616c624a7d06ae2e91fbad2515bfd -
• FileHash-SHA1 - f562eaed7ddbfb1eee7e95417b54556cabd55c36 -
• URL - http://rabbutdownlitt.ru/pes19/viewtopic.php -
• FileHash-SHA1 - 1a7f93af47c4ddd9e9c52e39d6b388ce6bc86a7f -
• URL - https://xablopefgr.com/ldl01/viewtopic.php -
• FileHash-SHA1 - 8f57a662898f5eec84b9fd06da21354184c67f5d -
• FileHash-SHA1 - d5ac494c02f47d79742b55bb9826363f1c5a656c -
• URL - http://refherssuce.ru/pes19/viewtopic.php -
• URL - http://terethaundv.ru/pes18/viewtopic.php -
• FileHash-SHA1 - 41a1c644af30dc4caae59a22dc94bed18e8736de -
• FileHash-SHA1 - 5531d79887f9fd8491596c4ac39a46e2df3e3b19 -
• URL - https://gorestforus.ru/ldl01987/viewtopic.php -
• URL - https://xablopefgr.ru/ldl01/viewtopic.php -
• URL - http://kilaxuntf.ru/pes13/viewtopic.php -
• URL - https://queryforworld.com/ldl01/viewtopic.php -
• URL - https://mifastubiv.ru/ldl01/viewtopic.php -
• FileHash-SHA1 - aded4e686227c932c77fe158ec18251aad4d7097 -
• FileHash-SHA1 - b542f06b600e4caf2c3089a1ebb3a68d9d0a8003 -
• URL - http://p9yhenm.ru/pes9/viewtopic.php -
• URL - http://ferepritdi.ru/pes18/viewtopic.php -
• URL - http://wetguqan.ru/pes13/viewtopic.php -
• URL - https://restavratormira.ru/ldl01/viewtopic.php -
• URL - http://lasttrainforest.com/pes19/viewtopic.php -
• URL - http://apporistale.com/pes18/viewtopic.php -
• FileHash-SHA1 - c0c6fd8b23e627188814cd36ea7a6a5d9f1391e8 -
• URL - https://servelatmiru.com/ldl01/viewtopic.php -
• FileHash-SHA1 - 8b2455854fdd9907c601a4b00703f9aa6ec62408 -

類似Pulses

• PoSeidon, A Deep Dive Into Point of Sale Malware (score: 0.75)
• New PoSeidon spotted (score: 0.62)
• KASPERSKY 2016-02-09: Poseidon Group: a Targeted Attack Boutique (score: 0.61)
• MajikPOS Combines PoS Malware and RATs to Pull Off its Malicious Tricks (score: 0.59)
• NitlovePOS: Another New POS Malware (score: 0.59)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る