mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
Merge pull request #272 from Delta-Sierra/master
New clusters based on CIG Circular 66 – FASTCash ATM Cash Out Campaign
This commit is contained in:
commit
123099cd6d
3 changed files with 46 additions and 3 deletions
|
@ -2923,7 +2923,22 @@
|
|||
},
|
||||
"uuid": "f6447046-f4e8-4977-9cc3-edee74ff0038",
|
||||
"value": "Hallaj PRO RAT"
|
||||
},
|
||||
{
|
||||
"value": "NukeSped",
|
||||
"description": "This threat can install other malware on your PC, including Trojan:Win32/NukeSped.B!dha and Trojan:Win32/NukeSped.C!dha. It can show you a warning message that says your files will be made publically available if you don't follow the malicious hacker's commands. \n",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~NukeSped-Z.aspx",
|
||||
"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win64/NukeSped&ThreatID=-2147238204",
|
||||
"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win64/NukeSped!bit&ThreatID=-2147238152",
|
||||
"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/NukeSped",
|
||||
"https://malwarefixes.com/threats/win32nukesped/",
|
||||
"https://www.alienvault.com/forums/discussion/17301/alienvault-labs-threat-intelligence-update-for-usm-anywhere-march-25-march-31-2018"
|
||||
]
|
||||
},
|
||||
"uuid": "5d0369ee-c718-11e8-b328-035ed1bdca07"
|
||||
}
|
||||
],
|
||||
"version": 16
|
||||
"version": 17
|
||||
}
|
||||
|
|
|
@ -5901,7 +5901,21 @@
|
|||
]
|
||||
},
|
||||
"uuid": "dda1b28e-c558-11e8-8666-27cf61d1d7ee"
|
||||
},
|
||||
{
|
||||
"value": "FASTCash",
|
||||
"description": "Treasury has identified a sophisticated cyber-enabled ATM cash out campaign we are calling FASTCash. FASTCash has been active since late 2016 targeting banks in Africa and Asia to remotely compromise payment switch application servers within banks to facilitate fraudulent transactions, primarily involving ATMs, to steal cash equivalent to tens of millions of dollars. FBI has attributed malware used in this campaign to the North Korean government. We expect FASTCash to continue targeting retail payment systems vulnerable to remote exploitation.",
|
||||
"uuid": "e38d32a2-c708-11e8-8785-472c4cfccd85",
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "e306fe62-c708-11e8-89f2-073e396e5403",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"version": 67
|
||||
"version": 68
|
||||
}
|
||||
|
|
|
@ -5849,7 +5849,21 @@
|
|||
]
|
||||
},
|
||||
"uuid": "55d29d1c-c550-11e8-9904-47c1d86af7c5"
|
||||
},
|
||||
{
|
||||
"value": "FASTCash",
|
||||
"description": "Treasury has identified a sophisticated cyber-enabled ATM cash out campaign we are calling FASTCash. FASTCash has been active since late 2016 targeting banks in Africa and Asia to remotely compromise payment switch application servers within banks to facilitate fraudulent transactions, primarily involving ATMs, to steal cash equivalent to tens of millions of dollars. FBI has attributed malware used in this campaign to the North Korean government. We expect FASTCash to continue targeting retail payment systems vulnerable to remote exploitation.",
|
||||
"uuid": "e306fe62-c708-11e8-89f2-073e396e5403",
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "e38d32a2-c708-11e8-8785-472c4cfccd85",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"version": 89
|
||||
"version": 90
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue