CapturaTela

Description

(Palo Alto) In December 2018, Palo Alto Networks Unit 42 researchers identified an ongoing campaign with a strong focus on the hospitality sector, specifically on hotel reservations. Although our initial analysis didn’t show any novel or advanced techniques, we did observe strong persistence during the campaign that triggered our curiosity.

We followed network traces and pivoted on the information left behind by this actor, such as open directories, document metadata, and binary peculiarities, which enabled us to find a custom-made piece of malware, that we named “CapturaTela”. Our discovery of this malware family shows the reason for the persistent focus on hotel reservations as a primary vector: stealing credit card information from customers.

Names

Name
CapturaTela

Type

Info stealer

Information

https://unit42.paloaltonetworks.com/operation-comando-or-how-to-run-a-cheap-and-effective-credit-card-business/

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:CapturaTela

Other Information

Uuid

122697a3-bdef-49b8-94fb-e0f3419c0752

Last Card Change

2020-04-20

Threat Intelligence Garden

Explorer

CapturaTela

CapturaTela

Description

Names

Category

Type

Information

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks