Pillowmint | Malware Detail

Description

[Pillowmint](https://attack.mitre.org/software/S0517) is a point-of-sale malware used by [FIN7](https://attack.mitre.org/groups/G0046) designed to capture credit card information.(Citation: Trustwave Pillowmint June 2020)

External References

mitre-attack
Trustwave Pillowmint June 2020

Techniques Used by This Malware

T1005 — Data from Local System
T1012 — Query Registry
T1027 — Obfuscated Files or Information
T1027.011 — Fileless Storage
T1027.015 — Compression
T1055.004 — Asynchronous Procedure Call
T1057 — Process Discovery
T1059.001 — PowerShell
T1070.004 — File Deletion
T1070.009 — Clear Persistence
T1106 — Native API
T1112 — Modify Registry
T1140 — Deobfuscate/Decode Files or Information
T1546.011 — Application Shimming
T1560 — Archive Collected Data

APT Groups Using This Malware

FIN7