{ "id": "244727bc-d861-4866-bdb5-ba509fd52201", "created_at": "2026-04-06T01:31:29.428965Z", "updated_at": "2026-04-10T13:12:46.508868Z", "deleted_at": null, "sha1_hash": "7688eb2e773b91147625b0602d6f5550ed3285e7", "title": "ModPipe (Malware Family)", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 29453, "plain_text": "ModPipe (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-06 00:59:18 UTC\r\nModPipe\r\nModPipe is point-of-sale (POS) malware capable of accessing sensitive information stored in devices running\r\nORACLE MICROS Restaurant Enterprise Series (RES) 3700 POS – a management software suite used by\r\nhundreds of thousands of bars, restaurants, hotels and other hospitality establishments worldwide. ModPipe uses\r\nmodular architecture consisting of basic components and downloadable modules. One of them – named\r\nGetMicInfo – contains an algorithm designed to gather database passwords by decrypting them from Windows\r\nregistry values. Exfiltrated credentials allow ModPipe's operators access to database contents, including various\r\ndefinitions and configuration, status tables and information about POS transactions.\r\nReferences\r\nThere is no Yara-Signature yet.\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.modpipe\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.modpipe\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://malpedia.caad.fkie.fraunhofer.de/details/win.modpipe" ], "report_names": [ "win.modpipe" ], "threat_actors": [], "ts_created_at": 1775439089, "ts_updated_at": 1775826766, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/7688eb2e773b91147625b0602d6f5550ed3285e7.pdf", "text": "https://archive.orkl.eu/7688eb2e773b91147625b0602d6f5550ed3285e7.txt", "img": "https://archive.orkl.eu/7688eb2e773b91147625b0602d6f5550ed3285e7.jpg" } }