Rewterz Threat Advisory – CVE-2020-9294 – Authentication bypass in FortiMail and FortiVoice Enterprise
July 10, 2020Rewterz Threat Alert – Latest Trickbot IOCs
July 13, 2020Rewterz Threat Advisory – CVE-2020-9294 – Authentication bypass in FortiMail and FortiVoice Enterprise
July 10, 2020Rewterz Threat Alert – Latest Trickbot IOCs
July 13, 2020Severity
High
Analysis Summary
FASTCash schemes remotely compromise payment switch application servers within banks to facilitate fraudulent transactions. Lazarus has been targeting this fastcash schemes previous aly as well for their financial gains and targeting different banking sectors around the world. The identified backdoor is a dynamic link library (DLL) with intention to gain access on a targeted machine to obtain remote access.
Impact
- Exposure of sensitive data
- Financial loss
Indicators of Compromise
MD5
08b6891f3320c653d69dfd5d0694c69a
SHA-256
8df7a903d5230d89c8c57ef81507dd5b987896f6c9eb0854687c9536104f345f
SHA1
fec2f43389d51c5b0b867a177a8297d10d567e0f
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.