FASTCash for Linux
Contents
FASTCash for Linux
Analysis of a newly discovered Linux based variant of the DPRK attributed FASTCash malware along with background information on payment switches used in financial networks.
Introduction
This post analyzes a newly identified variant of FASTCash "payment switch" malware which specifically targets the Linux operating system. The term 'FASTCash' is used to refer to the DPRK attributed malware that is installed on payment switches within compromised networks that handle card transactions for the means of facilitating the unauthorized withdrawal of cash from ATMs.
Discovery of a Linux variant adds to the list of operating systems that this malware has been compiled for, with prior samples known to target IBM AIX (FASTCash for UNIX) and Microsoft Windows (FASTCash for Windows). As per an updated amended to CISA's 2018 advisory for the Windows variant:
Since the publication of the in October 2018, there have been two particularly significant developments in the campaign: (1) the capability …
Analysis of a newly discovered Linux based variant of the DPRK attributed FASTCash malware along with background information on payment switches used in financial networks.
Introduction
This post analyzes a newly identified variant of FASTCash "payment switch" malware which specifically targets the Linux operating system. The term 'FASTCash' is used to refer to the DPRK attributed malware that is installed on payment switches within compromised networks that handle card transactions for the means of facilitating the unauthorized withdrawal of cash from ATMs.
Discovery of a Linux variant adds to the list of operating systems that this malware has been compiled for, with prior samples known to target IBM AIX (FASTCash for UNIX) and Microsoft Windows (FASTCash for Windows). As per an updated amended to CISA's 2018 advisory for the Windows variant:
Since the publication of the in October 2018, there have been two particularly significant developments in the campaign: (1) the capability …
IoC
2611f784e3e7f4cf16240a112c74b5bcd1a04067eff722390f5560ae95d86361c3904f5e36d7f45d99276c53fed5e4dde849981c2619eaa4dbbac66a38181cbe
f34b532117b3431387f11e3d92dc9ff417ec5dcee38a0175d39e323e5fdb1d2c
609a5b9c98ec40f93567fbc298d4c3b2f9114808dfbe42eb4939f0c5d1d63d44078f284536420db1022475dc650327a6fd46ec0ac068fe07f2e2f925a924db49
afff4d4deb46a01716a4a3eb7f80da58e027075178b9aa438e12ea24eedea4b0
7f3d046b2c5d8c008164408a24cac7e820467ff0dd9764e1d6ac4e70623a1071
10ac312c8dd02e417dd24d53c99525c29d74dcbc84730351ad7a4e0a4b1a0eba
5232d942da0a86ff4a7ff29a9affbb5bd531a5393aa5b81b61fe3044c72c1c00
3a5ba44f140821849de2d82d5a137c3bb5a736130dddb86b296d94e6b421594c
f43d4e7e2ab1054d46e2a93ce37d03aff3a85e0dff2dd7677f4f7fb9abe1abc8
129b8825eaf61dcc2321aad7b84632233fa4bbc7e24bdf123b507157353930f0
f34b532117b3431387f11e3d92dc9ff417ec5dcee38a0175d39e323e5fdb1d2c
609a5b9c98ec40f93567fbc298d4c3b2f9114808dfbe42eb4939f0c5d1d63d44078f284536420db1022475dc650327a6fd46ec0ac068fe07f2e2f925a924db49
afff4d4deb46a01716a4a3eb7f80da58e027075178b9aa438e12ea24eedea4b0
7f3d046b2c5d8c008164408a24cac7e820467ff0dd9764e1d6ac4e70623a1071
10ac312c8dd02e417dd24d53c99525c29d74dcbc84730351ad7a4e0a4b1a0eba
5232d942da0a86ff4a7ff29a9affbb5bd531a5393aa5b81b61fe3044c72c1c00
3a5ba44f140821849de2d82d5a137c3bb5a736130dddb86b296d94e6b421594c
f43d4e7e2ab1054d46e2a93ce37d03aff3a85e0dff2dd7677f4f7fb9abe1abc8
129b8825eaf61dcc2321aad7b84632233fa4bbc7e24bdf123b507157353930f0