{
	"id": "5f5b3bca-a8b8-449c-a69e-182752de44d5",
	"created_at": "2026-04-06T00:13:12.473309Z",
	"updated_at": "2026-04-10T13:11:36.476891Z",
	"deleted_at": null,
	"sha1_hash": "891b4ecd53137260e2465008e3d7c9004536d118",
	"title": "LevelBlue - Open Threat Exchange",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 34754,
	"plain_text": "LevelBlue - Open Threat Exchange\r\nBy TheNewRaikage\r\nArchived: 2026-04-05 16:39:58 UTC\r\nFileHash-SHA256: 5 | IPv4: 1 | URL: 4 | YARA: 2 | Domain: 2\r\nCrooks behind MajikPOS have various tricks up their sleeves. Apart from infecting systems with it, we also\r\nspotted instances where common lateral movement tools were detected around the same time they were actively\r\ncompromising the endpoint with MajikPOS. These tools include: HKTL_MIMIKATZ, HKTL_FGDUMP, and\r\nHKTL_VNCPASSVIEW. We surmise that the bad guys attempted to gain further access within the victim’s\r\nnetwork. In separate isolated incidents, we also noticed the deployment of MajikPOS via PsExec, a command-line\r\ntool that can be used to remotely execute processes on other systems. This may indicate that valid, administrative\r\nlevel credentials were used against the host. The attackers also tend to deploy what works or what\u0026#39;s\r\nconvenient, as we’ve also seen them attempt to infect the target host with other PoS malware such as PwnPOS\r\n(TSPY_PWNPOS.SMA), and BlackPOS (TSPY_POCARDL.AI).\r\nSource: https://otx.alienvault.com/browse/pulses?q=tag:MajikPOS\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:MajikPOS\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://otx.alienvault.com/browse/pulses?q=tag:MajikPOS"
	],
	"report_names": [
		"pulses?q=tag:MajikPOS"
	],
	"threat_actors": [],
	"ts_created_at": 1775434392,
	"ts_updated_at": 1775826696,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/891b4ecd53137260e2465008e3d7c9004536d118.pdf",
		"text": "https://archive.orkl.eu/891b4ecd53137260e2465008e3d7c9004536d118.txt",
		"img": "https://archive.orkl.eu/891b4ecd53137260e2465008e3d7c9004536d118.jpg"
	}
}