Trusted Design

FRAMEWORKPOS MALWARE CAMPAIGN NABS ~43,000 CREDIT CARDS

概要

Threatstream Labs came across an interesting FrameworkPOS sample that given it is two months old, its digitally signed and its certificate hasn't been revoked. FrameworkPOS is a malware family that targets POS (Point of Sale) terminals and its main objective is to steal credit card data from them in order to be sold in the black market. This blogpost is divided in two sections. The first section aims to analyze the malware's capabilities e.g.: c2 connectivity, encoding mechanisms and overall system activity. The second section will provide an analysis on campaign information that was gathered throughout the research.

Created: 2026-02-23

Indicators

類似Pulses

NitlovePOS: Another New POS Malware (score: 0.67)
Unskal, Saluchtra, Dexter and IeEnablerCby (score: 0.63)
New POS Malware Emerges - Punkey (score: 0.63)
TrendLabs: Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind (score: 0.62)
FighterPOS Gets Worm Routine (score: 0.62)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 23.66

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1588.002 - Tool
T1111 - Multi-Factor Authentication Interception
T1588.003 - Code Signing Certificates
T1587 - Develop Capabilities
T1588.005 - Exploits

MITREへのリンク →

FIN13

Score: 6.94

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1588.002 - Tool

MITREへのリンク →

Moonstone Sleet

Score: 13.37

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1195.002 - Compromise Software Supply Chain
T1587 - Develop Capabilities
T1566.003 - Spearphishing via Service

MITREへのリンク →

Indrik Spider

Score: 5.72

Matched TTPs:

T1587.001 - Malware
T1484.001 - Group Policy Modification

MITREへのリンク →

Lazarus Group

Score: 20.75

Matched TTPs:

T1587.001 - Malware
T1588.002 - Tool
T1036.003 - Rename Legitimate Utilities
T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1529 - System Shutdown/Reboot

MITREへのリンク →

Contagious Interview

Score: 16.55

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1657 - Financial Theft
T1588.002 - Tool
T1587 - Develop Capabilities
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

OilRig

Score: 18.68

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1588.003 - Code Signing Certificates
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

UNC3886

Score: 7.52

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1588.001 - Malware
T1203 - Exploitation for Client Execution

MITREへのリンク →

LuminousMoth

Score: 7.38

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

Sandworm Team

Score: 18.50

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1592.002 - Software
T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution

MITREへのリンク →

Salt Typhoon

Score: 7.16

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

APT29

Score: 8.43

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

Play

Score: 6.94

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1588.002 - Tool

MITREへのリンク →

Aoqin Dragon

Score: 4.44

Matched TTPs:

T1587.001 - Malware
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

Moses Staff

Score: 4.41

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1588.002 - Tool

MITREへのリンク →

Turla

Score: 5.40

Matched TTPs:

T1587.001 - Malware
T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

Ke3chang

Score: 4.41

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1588.002 - Tool

MITREへのリンク →

Mustang Panda

Score: 20.98

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1678 - Delay Execution
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1588.003 - Code Signing Certificates
T1027.007 - Dynamic API Resolution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

TeamTNT

Score: 4.07

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware

MITREへのリンク →

FIN7

Score: 13.85

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1674 - Input Injection
T1588.002 - Tool
T1195.002 - Compromise Software Supply Chain

MITREへのリンク →

TA2541

Score: 5.28

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

Earth Lusca

Score: 6.75

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

Mustard Tempest

Score: 6.51

Matched TTPs:

T1608.001 - Upload Malware
T1608.006 - SEO Poisoning

MITREへのリンク →

LazyScripter

Score: 4.43

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware

MITREへのリンク →

Gamaredon Group

Score: 6.44

Matched TTPs:

T1608.001 - Upload Malware
T1588.002 - Tool
T1027.004 - Compile After Delivery

MITREへのリンク →

Threat Group-3390

Score: 11.87

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution
T1588.003 - Code Signing Certificates

MITREへのリンク →

TA505

Score: 5.28

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

BlackByte

Score: 3.44

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application

MITREへのリンク →

BITTER

Score: 4.32

Matched TTPs:

T1608.001 - Upload Malware
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT32

Score: 10.35

Matched TTPs:

T1608.001 - Upload Malware
T1588.002 - Tool
T1036.003 - Rename Legitimate Utilities
T1203 - Exploitation for Client Execution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Saint Bear

Score: 3.47

Matched TTPs:

T1608.001 - Upload Malware
T1203 - Exploitation for Client Execution

MITREへのリンク →

EXOTIC LILY

Score: 5.99

Matched TTPs:

T1608.001 - Upload Malware
T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT42

Score: 6.44

Matched TTPs:

T1608.001 - Upload Malware
T1588.002 - Tool
T1111 - Multi-Factor Authentication Interception

MITREへのリンク →

Ember Bear

Score: 13.40

Matched TTPs:

T1195 - Supply Chain Compromise
T1190 - Exploit Public-Facing Application
T1588.001 - Malware
T1203 - Exploitation for Client Execution
T1588.005 - Exploits

MITREへのリンク →

Rocke

Score: 5.09

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1027.004 - Compile After Delivery

MITREへのリンク →

APT28

Score: 8.35

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1546.015 - Component Object Model Hijacking
T1203 - Exploitation for Client Execution

MITREへのリンク →

BackdoorDiplomacy

Score: 4.78

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.40

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1195.002 - Compromise Software Supply Chain

MITREへのリンク →

BlackTech

Score: 6.96

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1588.003 - Code Signing Certificates

MITREへのリンク →

Magic Hound

Score: 8.69

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1592.002 - Software
T1566.003 - Spearphishing via Service

MITREへのリンク →

Medusa Group

Score: 8.46

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1588.002 - Tool
T1529 - System Shutdown/Reboot

MITREへのリンク →

Sea Turtle

Score: 11.97

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1608.003 - Install Digital Certificate
T1027.004 - Compile After Delivery

MITREへのリンク →

Storm-0501

Score: 7.61

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1484.001 - Group Policy Modification
T1657 - Financial Theft

MITREへのリンク →

Cinnamon Tempest

Score: 8.46

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1484.001 - Group Policy Modification
T1657 - Financial Theft
T1588.002 - Tool

MITREへのリンク →

menuPass

Score: 5.60

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1036.003 - Rename Legitimate Utilities

MITREへのリンク →

ToddyCat

Score: 3.99

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1566.003 - Spearphishing via Service

MITREへのリンク →

GALLIUM

Score: 5.60

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1036.003 - Rename Legitimate Utilities

MITREへのリンク →

INC Ransom

Score: 4.84

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1588.002 - Tool

MITREへのリンク →

Dragonfly

Score: 6.74

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT41

Score: 10.36

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1484.001 - Group Policy Modification
T1588.002 - Tool
T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution

MITREへのリンク →

MuddyWater

Score: 7.43

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1027.004 - Compile After Delivery

MITREへのリンク →

LAPSUS$

Score: 6.93

Matched TTPs:

T1588.001 - Malware
T1588.002 - Tool
T1111 - Multi-Factor Authentication Interception

MITREへのリンク →

Metador

Score: 3.31

Matched TTPs:

T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

APT1

Score: 3.31

Matched TTPs:

T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

Aquatic Panda

Score: 3.31

Matched TTPs:

T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

Andariel

Score: 7.80

Matched TTPs:

T1588.001 - Malware
T1592.002 - Software
T1203 - Exploitation for Client Execution

MITREへのリンク →

Scattered Spider

Score: 5.83

Matched TTPs:

T1588.001 - Malware
T1657 - Financial Theft
T1588.002 - Tool

MITREへのリンク →

Wizard Spider

Score: 6.75

Matched TTPs:

T1588.002 - Tool
T1588.003 - Code Signing Certificates
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Storm-1811

Score: 3.37

Matched TTPs:

T1588.002 - Tool
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN8

Score: 6.75

Matched TTPs:

T1588.002 - Tool
T1588.003 - Code Signing Certificates
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

FIN6

Score: 6.12

Matched TTPs:

T1588.002 - Tool
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Cobalt Group

Score: 5.27

Matched TTPs:

T1588.002 - Tool
T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution

MITREへのリンク →

Thrip

Score: 3.60

Matched TTPs:

T1588.002 - Tool
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

APT38

Score: 12.29

Matched TTPs:

T1588.002 - Tool
T1036.003 - Rename Legitimate Utilities
T1036.006 - Space after Filename
T1529 - System Shutdown/Reboot

MITREへのリンク →

APT33

Score: 5.09

Matched TTPs:

T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Chimera

Score: 4.47

Matched TTPs:

T1588.002 - Tool
T1111 - Multi-Factor Authentication Interception

MITREへのリンク →

Daggerfly

Score: 6.21

Matched TTPs:

T1195.002 - Compromise Software Supply Chain
T1036.003 - Rename Legitimate Utilities

MITREへのリンク →

APT37

Score: 5.12

Matched TTPs:

T1203 - Exploitation for Client Execution
T1529 - System Shutdown/Reboot

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.78

Matched TTPs:

T1587 - Develop Capabilities
T1111 - Multi-Factor Authentication Interception
T1588.005 - Exploits
T1608.001 - Upload Malware
T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1588.003 - Code Signing Certificates
T1657 - Financial Theft

MITREへのリンク →

Mustang Panda

Score: 0.73

Matched TTPs:

T1608.001 - Upload Malware
T1587.001 - Malware
T1027.007 - Dynamic API Resolution
T1588.002 - Tool
T1678 - Delay Execution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1588.003 - Code Signing Certificates
T1203 - Exploitation for Client Execution

MITREへのリンク →

Lazarus Group

Score: 0.70

Matched TTPs:

T1036.003 - Rename Legitimate Utilities
T1566.003 - Spearphishing via Service
T1587.001 - Malware
T1027.007 - Dynamic API Resolution
T1588.002 - Tool
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1529 - System Shutdown/Reboot
T1203 - Exploitation for Client Execution

MITREへのリンク →

Sandworm Team

Score: 0.65

Matched TTPs:

T1592.002 - Software
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution

MITREへのリンク →

OilRig

Score: 0.64

Matched TTPs:

T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1587.001 - Malware
T1566.003 - Spearphishing via Service
T1588.002 - Tool
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1588.003 - Code Signing Certificates
T1203 - Exploitation for Client Execution

MITREへのリンク →

Contagious Interview

Score: 0.58

Matched TTPs:

T1587 - Develop Capabilities
T1608.001 - Upload Malware
T1566.003 - Spearphishing via Service
T1587.001 - Malware
T1588.002 - Tool
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1657 - Financial Theft

MITREへのリンク →

FIN7

Score: 0.58

Matched TTPs:

T1608.001 - Upload Malware
T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1674 - Input Injection
T1195.002 - Compromise Software Supply Chain

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る