Rewterz Threat Alert – EasyJet Airlines 9 million travel records taken in data breach
May 19, 2020Rewterz Threat Advisory – ICS: Rockwell Automation EDS Subsystem Denial of Service Vulnerability
May 20, 2020Rewterz Threat Alert – EasyJet Airlines 9 million travel records taken in data breach
May 19, 2020Rewterz Threat Advisory – ICS: Rockwell Automation EDS Subsystem Denial of Service Vulnerability
May 20, 2020Severity
High
Analysis Summary
FASTCash schemes remotely compromise payment switch application servers within banks to facilitate fraudulent transactions. Lazarus has been targeting this fastcash schemes previous aly as well for their financial gains and targeting different banking sectors around the world.
The newly identified file is a dynamic link library (DLL) backdoor likely used by the threat actors to obtain remote access to a targeted machine.
Impact
Financial loss
Indicators of Compromise
MD5
98c1ecc4aed0099fb8c797b1ce72f3c0
SHA-256
333b4da636271f57c2f16acba9adc389c66fc4d7e215050f0e4f50218b52c979
SHA1
241531a971e41dee5023798b736e2e2151b405d7
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your existing environments.