RawPos Malware: Deconstructing an Intruder’s Toolkit Publication

or to bookmark this page

Click here to bookmark this page

Click here to remove bookmark

Over the years, Kroll’s Cyber investigators have been engaged by our clients in diverse industries to address a wide range of issues, from breach response to traditional digital forensics, and from identification of custom malicious software (“malware”) to breach response.

Commonly, network intruders will leverage malware as part of the compromise or network reconnaissance and information gathering phases of their malicious cyber intrusion. Once Kroll’s team is engaged, it is common for our investigators to discover fragments of malware remaining in the system’s memory (“fileless malware”) or written to the disk in scattered locations. What begins as a hunt for circumstantial clues evolves into a deep dig to identify and understand the malware capabilities, so that the knowledge gained from the analysis can be used to answer questions that otherwise would often go unresolved in the course of a traditional forensic and incident response scenario.

In 2016, Kroll’s Cyber experts had the opportunity to focus on a collection of malware related to the RawPOS family, and Kroll proceeded to identify numerous tools that the attacker(s) had dropped into the enterprise environment in order to expand their foothold, target specific machines, collect additional information about the compromised environment, and prepare that data for exfiltration.

Through the following Report, Kroll is pleased to share the research conducted on the malware and the intruder’s toolkit with the greater information security community.

RawPos Malware: Deconstructing an Intruder’s Toolkit 2017-02-16T05:00:00.0000000 /en/insights/publications/malware-analysis-report-rawpos-malware /-/media/kroll/images/publications/thumbnails/rawpos-malware-deconstructing-an-intruders-toolkit.jpg publication {E39587AD-8F0B-4FE2-865F-969BC5501096} {01699FB1-A280-41EA-B450-4639512275D3}

Other Areas We Can Help

Cyber Risk

Cyber Risk

Global, end-to-end cyber risk solutions.

Cyber Risk

Insights

Cyber Risk

Kroll Ransomware Attack Trends – 2020 YTD

Cyber Risk
Cyber Risk

Using Kroll CyberClarity360 Express to Meet Compliance Requirements

Cyber Risk
Cyber Risk

Kroll CyberClarity360 and Buying Legal Webinar Series Wrap-up

Cyber Risk