March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – CVE-2020-3517 – Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability
August 27, 2020
Rewterz Threat Alert – Lemon_Duck Crypto-miner Targets Cloud Apps & Linux
August 28, 2020
Rewterz Threat Advisory – CVE-2020-3517 – Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability
August 27, 2020
Rewterz Threat Alert – Lemon_Duck Crypto-miner Targets Cloud Apps & Linux
August 28, 2020
Severity
High
Analysis Summary
North Korea’s hacking groups are active again targeting banks in international operations to carry out fraudulent international money orders and ATM cash-outs. In the operation, North Korean operatives seek to gain unauthorized access to networks, point-of-sale systems, and ATMs belonging to their victims. The BeagleBoyz, are likely been active since at least 2014 and have carried out multiple operations like this before denting other countries with a hefty amount of financial losses. The group likely conducts well-planned, disciplined, and methodical cyber operations more akin to careful espionage activities. BeagleBoyz have targeted counties like Argentina, Brazil, Bangladesh, Bosnia and Herzegovina, Bulgaria, Chile, Costa Rica, Ecuador, Ghana, India, Indonesia, Japan, Jordan, Kenya, Kuwait, Malaysia, Malta, Mexico, Mozambique, Nepal, Nicaragua, Nigeria, Pakistan and others.
Impact
Financial loss
Indicators of Compromise
MD5
- b484b0dff093f358897486b58266d069
- f34b72471a205c4eee5221ab9a349c55
- 4c26b2d0e5cd3bfe0a3d07c4b85909a4
- 52ec074d8cb8243976963674dd40ffe7
- d1d779314250fab284fd348888c2f955
- 41fd85ff44107e4604db2f00e911a766
- cf733e719e9677ebfbc84a3ab08dd0dc
- 01d397df2a1cf1d4c8e3615b7064856c
SHA-256
- f12db45c32bda3108adb8ae7363c342fdd5f10342945b115d830701f95c54fa9
- a1f06d69bd6379e310b10a364d689f21499953fa1118ec699a25072779de5d9b
- 0e3552c8232e007f421f241ea4188ea941f4d34eab311a5c2341488749d892c7
- d48b211533f37e082a907d4ee3b0364e5a363f1da14f74a81b187e1ce19945a8
- f9d29b21bb93004cea6431e79f7aa24b9cc419289ca04c0353d9e3db3c587930
- 2938200b7c0300c31aa458860b9f4f684f4f3f5893ab0f1d67c9d797168cad17
- 16251b20e449d46e2b431c3aed229cd1f43f1ff18db67cc5a7fa7dd19673a9bc
- d928b1c1096e636463afbd19f40a6b325e159196b4497895748c31535ea503dc
SHA1
- a20ef335481c2b3a942df1879fca7762f2c69704
- e8b58b9db83b4902a607559301f6985763d2647a
- 157cfb98caa48c2adb3475305c88986e777d9aa3
- a0ebe36c61d4de405fe531ecf013720a3d56d5a1
- 810c7f2c3d045b7c755fb29646297a221cff163f
- 51b9d982abf1d866ed4e86e63dfee548c2f5a3fd
- 71f1bf658e0adb69240546df2bb95005e7e70f33
- 43a7858a0564c500e7f248762353f5b1ec3f3ef8
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.