Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 17:35:57 UTC
Home > List all groups > List all tools > List all groups using tool RawPOS
 Tool: RawPOS
Names
RawPOS
FIENDCRY
DUEBREW
DRIFTWOOD
Category Malware
Type POS malware, Backdoor, Info stealer
Description
(Trend Micro) Despite being one of the oldest Point-of-Sale (PoS) RAM scraper
malware families out in the wild, RawPOS (detected by Trend Micro as
TSPY_RAWPOS) is still very active today, with the threat actors behind it primarily
focusing on the lucrative multibillion-dollar hospitality industry. While the threat actor’s
tools for lateral movement, as well as RawPOS’ components, remain consistent, new
behavior from the malware puts its victims at greater risk via potential identity theft.
Specifically, this new behavior involves RawPOS stealing the driver’s license
information from the user to aid in the threat group’s malicious activities.
Information
MITRE ATT&CK Malpedia AlienVault OTX Last change to this tool card: 25 May 2020
Download this tool card in JSON format
All groups using tool RawPOS
Changed Name Country Observed
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=72670111-f95a-423c-a296-f424939cc08e
Page 1 of 2

APT groups
  FIN5 [Unknown] 2008  
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=72670111-f95a-423c-a296-f424939cc08e
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=72670111-f95a-423c-a296-f424939cc08e
Page 2 of 2