{
	"id": "c0b158b3-1c63-482d-9efc-ed97c3c6c2c9",
	"created_at": "2026-04-06T00:08:22.782388Z",
	"updated_at": "2026-04-10T03:20:46.592913Z",
	"deleted_at": null,
	"sha1_hash": "0ed2185043c1d06975494009c274be91b9bc2f47",
	"title": "LevelBlue - Open Threat Exchange",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 28326,
	"plain_text": "LevelBlue - Open Threat Exchange\r\nBy Garrett\r\nArchived: 2026-04-05 22:04:37 UTC\r\nFor the last five years Trustwave has been monitoring a threat across a number of forensic cases that we have\r\ndubbed \"Cherry Picker\". This targeted Point of Sale (PoS) memory scraper has enjoyed a very low detection rate\r\nin the wild for quite some time. Cherry Picker uses a new memory scraping algorithm, a file infector for\r\npersistence, and cleaner malware that removes all traces of the infection from target systems. This sophisticated\r\nfunctionality and highly targeted victims have helped the malware remain under the radar of many AV and\r\nsecurity companies. This post will expose the functionality of Cherry Picker and hopefully help organizations\r\nprovide protection from this threat.\r\nSource: https://otx.alienvault.com/browse/pulses?q=tag:cherry%20picker\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:cherry%20picker\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://otx.alienvault.com/browse/pulses?q=tag:cherry%20picker"
	],
	"report_names": [
		"pulses?q=tag:cherry%20picker"
	],
	"threat_actors": [],
	"ts_created_at": 1775434102,
	"ts_updated_at": 1775791246,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0ed2185043c1d06975494009c274be91b9bc2f47.pdf",
		"text": "https://archive.orkl.eu/0ed2185043c1d06975494009c274be91b9bc2f47.txt",
		"img": "https://archive.orkl.eu/0ed2185043c1d06975494009c274be91b9bc2f47.jpg"
	}
}