Malware: FrameworkPOS

Description

[FrameworkPOS](https://attack.mitre.org/software/S0503) is a point of sale (POS) malware used by [FIN6](https://attack.mitre.org/groups/G0037) to steal payment card data from sytems that run physical POS devices.(Citation: SentinelOne FrameworkPOS September 2019)

External References

• mitre-attack
• SentinelOne FrameworkPOS September 2019

Techniques Used by This Malware

• T1005 — Data from Local System
• T1048 — Exfiltration Over Alternative Protocol
• T1057 — Process Discovery
• T1074.001 — Local Data Staging
• T1560.003 — Archive via Custom Method

APT Groups Using This Malware

• FIN6