Merge pull request #272 from Delta-Sierra/master

New clusters based on CIG Circular 66 – FASTCash ATM Cash Out Campaign
This commit is contained in:
Deborah Servili 2018-10-03 16:38:33 +02:00 committed by GitHub
commit 123099cd6d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 46 additions and 3 deletions

View file

@ -2923,7 +2923,22 @@
},
"uuid": "f6447046-f4e8-4977-9cc3-edee74ff0038",
"value": "Hallaj PRO RAT"
},
{
"value": "NukeSped",
"description": "This threat can install other malware on your PC, including Trojan:Win32/NukeSped.B!dha and Trojan:Win32/NukeSped.C!dha. It can show you a warning message that says your files will be made publically available if you don't follow the malicious hacker's commands. \n",
"meta": {
"refs": [
"https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~NukeSped-Z.aspx",
"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win64/NukeSped&ThreatID=-2147238204",
"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win64/NukeSped!bit&ThreatID=-2147238152",
"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/NukeSped",
"https://malwarefixes.com/threats/win32nukesped/",
"https://www.alienvault.com/forums/discussion/17301/alienvault-labs-threat-intelligence-update-for-usm-anywhere-march-25-march-31-2018"
]
},
"uuid": "5d0369ee-c718-11e8-b328-035ed1bdca07"
}
],
"version": 16
"version": 17
}

View file

@ -5901,7 +5901,21 @@
]
},
"uuid": "dda1b28e-c558-11e8-8666-27cf61d1d7ee"
},
{
"value": "FASTCash",
"description": "Treasury has identified a sophisticated cyber-enabled ATM cash out campaign we are calling FASTCash. FASTCash has been active since late 2016 targeting banks in Africa and Asia to remotely compromise payment switch application servers within banks to facilitate fraudulent transactions, primarily involving ATMs, to steal cash equivalent to tens of millions of dollars. FBI has attributed malware used in this campaign to the North Korean government. We expect FASTCash to continue targeting retail payment systems vulnerable to remote exploitation.",
"uuid": "e38d32a2-c708-11e8-8785-472c4cfccd85",
"related": [
{
"dest-uuid": "e306fe62-c708-11e8-89f2-073e396e5403",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
]
}
],
"version": 67
"version": 68
}

View file

@ -5849,7 +5849,21 @@
]
},
"uuid": "55d29d1c-c550-11e8-9904-47c1d86af7c5"
},
{
"value": "FASTCash",
"description": "Treasury has identified a sophisticated cyber-enabled ATM cash out campaign we are calling FASTCash. FASTCash has been active since late 2016 targeting banks in Africa and Asia to remotely compromise payment switch application servers within banks to facilitate fraudulent transactions, primarily involving ATMs, to steal cash equivalent to tens of millions of dollars. FBI has attributed malware used in this campaign to the North Korean government. We expect FASTCash to continue targeting retail payment systems vulnerable to remote exploitation.",
"uuid": "e306fe62-c708-11e8-89f2-073e396e5403",
"related": [
{
"dest-uuid": "e38d32a2-c708-11e8-8785-472c4cfccd85",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
]
}
],
"version": 89
"version": 90
}