SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Cherry Picker
Cherry Picker is a point of sale (PoS) memory scraper. [1]
ID: S0107
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 31 May 2017
Last Modified: 30 March 2020
Techniques Used
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1546 | .010 | Event Triggered Execution: AppInit DLLs |
Some variants of Cherry Picker use AppInit_DLLs to achieve persistence by creating the following Registry key: |
Enterprise | T1048 | .003 | Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
Cherry Picker exfiltrates files over FTP.[1] |
Enterprise | T1070 | .004 | Indicator Removal on Host: File Deletion |
Recent versions of Cherry Picker delete files and registry keys created by the malware.[1] |
References
×