← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
PoS Malware and Operation Black Atlas
WHITE AlienVault 2015-12-18 Modified: 2018-04-10
125
IOCs
HIGH VOLUME
Operation Black Atlas has already spread to a multi-state healthcare provider, dental clinics, a machine manufacturer, a technology company focusing on insurance services, a gas station that has a multi-state presence, and a beauty supply shop. It continues to spread across small and medium-sized businesses across the globe, using the modular Gorynych/Diamond Fox botnet to exfiltrate stolen data.
pospoint of salesblack atlasGORYNYCHblackposkasidetcenterposneutrinordpNewPOSThingsPwnPOSalinaJokerspygatePosHookfgdumpDiamond Foxtrendmicro
Indicators of Compromise (7 / 125 total)
All domain hostname FileHash-SHA1 email YARA FileHash-MD5
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 16b596de4c0e4d2acdfdd6632c80c070 2017-08-23
FileHash-MD5 21f8b9d9a6fa3a0cd3a3f0644636bf09 2017-08-23
FileHash-MD5 28bc48ac4a92bde15945afc0cee0bd54 2017-08-23
FileHash-MD5 2afaa709ef5260184cbda8b521b076e1 2017-08-23
FileHash-MD5 759154d20849a25315c4970fe37eac59 2017-08-23
FileHash-MD5 ce0296e2d77ec3bb112e270fc260f274 2017-08-23
FileHash-MD5 e3dd1dc82ddcfaf410372ae7e6b2f658 2017-08-23
References (3)
↗ http://blog.trendmicro.com/trendlabs-security-intelligence/operation-black-atlas-part-2-tools-and-malware-used-and-how-to-detect-them/ ↗ http://documents.trendmicro.com/assets/Operation%20Black%20Atlas_Indicators_of_Compromise.pdf ↗ http://documents.trendmicro.com/assets/Operation_Black%20Atlas_Technical_Brief.pdf