diff --git a/malware/FastPOS b/malware/FastPOS
new file mode 100644
index 0000000..4c53b06
--- /dev/null
+++ b/malware/FastPOS
@@ -0,0 +1,15 @@
+rule PoS_Malware_fastpos : FastPOS
+{
+meta:
+author = "Trend Micro, Inc."
+date = "2016-05-18"
+description = "Used to detect FastPOS keyloggger + scraper"
+sample_filetype = "exe"
+strings:
+$string1 = "uniqyeidclaxemain"
+$string2 = "http://%s/cdosys.php"
+$string3 = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"
+$string4 = "\\The Hook\\Release\\The Hook.pdb" nocase
+condition:
+all of ($string*)
+}