BlackHat 2020
FASTCash and INJX_Pure: How Threat Actors Use Public Standards for Financial Fraud
Discussion regarding ISO 8583 and XFS financial standards, and how threat actors incorporate them in their malware to perform large scale ATM cashouts.
Slides
Paper
Hashes Referenced
Keylogger
d13c15016b5ea2a88434d427bb47110d (India)
d45931632ed9e11476325189ccb6b530 (api)
34404a3fb9804977c6ab86cb991fb130 (Pakistan)
3122b0130f5135b6f76fca99609d5cbe (Vietnam)
Injector (FASTCash)
89081f2e14e9266de8c042629b764926 (Windows)
b3efec620885e6cf5b60f72e66d908a9 (AIX)
Injector (Non-FASTCash)
b9ad0cc2a2e0f513ce716cdf037da907 (signed)
a042e53edd734b6a96ef9ab82bec8193 (unsigned)
Fake Resume Application
d1d779314250fab284fd348888c2f955 (Middle East)
b484b0dff093f358897486b58266d069 (Chile)
4c26b2d0e5cd3bfe0a3d07c4b85909a4 (Pakistan)
DLL Installer
a827d598b4d13005526839473f38a01b (Pakistan)
PowerShell Backdoor
b12325a1e6379b213d35def383da2986 (Thailand)
7c651d115109fd8f35fddfc44fd24518 (Pakistan)
FASTCash
c4141ee8e9594511f528862519480d36 (Windows)
46b318bbb72ee68c9d9183d78e79fb5a (AIX Type 1)
d790997dd950bb39229dc5bd3c2047ff (AIX Type 2)
BlackHat 2018
Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Infrastructure
Discussion regarding mapping Namecoin infrastructure via Blockchain analysis and Splunk.
Video
SANS 2017
Tracking Bitcoin Transactions on the Blockchain
Discussion regarding tracking threat actor activity through Bitcoin transactions.
Video