RDFSNIFFER

Description

(FireEye) RDFSNIFFER, a payload of Boostwrite, appears to have been developed to tamper with NCR Corporation’s “Aloha Command Center” client. NCR Aloha Command Center is a remote administration toolset designed to manage and troubleshoot systems within payment card processing sectors running the Command Center Agent. The malware loads into the same process as the Command Center process by abusing the DLL load order of the legitimate Aloha utility. Mandiant provided this information to NCR.

Names

Name
RDFSNIFFER

Type

ATM malware
Backdoor

Information

https://www.fireeye.com/blog/threat-research/2019/10/mahalo-fin7-responding-to-new-tools-and-techniques.html

Mitre Attack

https://attack.mitre.org/software/S0416/

Other Information

Uuid

d23c84b9-1a28-4c39-a9ab-3d9e9292030d

Last Card Change

2020-04-22

Threat Intelligence Garden

Explorer

RDFSNIFFER

RDFSNIFFER

Description

Names

Category

Type

Information

Mitre Attack

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks