{ "id": "f4a0d343-a7fd-45b5-92aa-e64bb1c75db1", "created_at": "2026-04-06T00:13:01.398926Z", "updated_at": "2026-04-10T03:35:16.297902Z", "deleted_at": null, "sha1_hash": "89f0ae2f95d285e40e7c40a56142b44f6a63cca9", "title": "LevelBlue - Open Threat Exchange", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 241452, "plain_text": "LevelBlue - Open Threat Exchange\r\nBy TheNewRaikage\r\nArchived: 2026-04-05 18:51:26 UTC\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:ElectricFish\r\nPage 1 of 4\n\nThreat Research | FireEye Inc\r\nFind out more about FireEye.com, the world's leading cyber security company, which provides security services to\r\nmore than 1.5 million customers across the globe, and offers a wide range of products and services.\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:ElectricFish\r\nPage 2 of 4\n\n17 Subscribers\r\nCISA Alert (AA20-239A) Joint Technical Alert: FASTCash 2.0: North Korea's BeagleBoyz\r\nRobbing Banks\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:ElectricFish\r\nPage 3 of 4\n\nCISA Alert (AA20-239A) FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks This joint advisory is the\r\nresult of analytic efforts among the Cybersecurity and Infrastructure Security Agency (CISA), the Department of\r\nthe Treasury (Treasury), the Federal Bureau of Investigation (FBI) and U.S. Cyber Command (USCYBERCOM).\r\nWorking with U.S. government partners, CISA, Treasury, FBI, and USCYBERCOM identified malware and\r\nindicators of compromise (IOCs) used by the North Korean government in an automated teller machine (ATM)\r\ncash-out scheme—referred to by the U.S. Government as “FASTCash 2.0: North Korea's BeagleBoyz Robbing\r\nBanks.” CISA, Treasury, FBI, and USCYBERCOM highlight the cyber threat posed by North Korea—formally\r\nknown as the Democratic People’s Republic of Korea (DPRK)—and provide recommended steps to mitigate the\r\nthreat. Refer to the following Malware Analysis Reports for associated IOCs: CROWDEDFLOUNDER,\r\nECCENTRICBANDWAGON, ELECTRICFISH, FASTCash for Windows, HOPLIGHT, and VIVACIOUSGIFT.\r\n108 Subscribers\r\nAuthor Url\r\nNew ElectricFish samples from USCYBERCOM\r\nFileHash-MD5: 2 | FileHash-SHA1: 2 | FileHash-SHA256: 2\r\nNew ElectricFish samples uploaded to VT by USCYBERCOM. Check\r\nhttps://otx.alienvault.com/pulse/5cd45f00ae1a8e3cb266c520 for previous activity and Yara rule.\r\n373,973 Subscribers\r\nSource: https://otx.alienvault.com/browse/pulses?q=tag:ElectricFish\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:ElectricFish\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://otx.alienvault.com/browse/pulses?q=tag:ElectricFish" ], "report_names": [ "pulses?q=tag:ElectricFish" ], "threat_actors": [ { "id": "fdf8d396-bbe4-454c-970a-81c4c3093b27", "created_at": "2022-10-25T16:07:23.763387Z", "updated_at": "2026-04-10T02:00:04.742186Z", "deleted_at": null, "main_name": "BeagleBoyz", "aliases": [ "BeagleBoyz", "Operation FASTCash" ], "source_name": "ETDA:BeagleBoyz", "tools": [ "Cyruslish", "ECCENTRICBANDWAGON", "FASTCash", "NACHOCHEESE", "NachoCheese", "PSLogger", "TWOPENCE", "VIVACIOUSGIFT" ], "source_id": "ETDA", "reports": null }, { "id": "679e335a-38a4-4db9-8fdf-a48c17a1f5e6", "created_at": "2023-01-06T13:46:38.820429Z", "updated_at": "2026-04-10T02:00:03.112131Z", "deleted_at": null, "main_name": "FASTCash", "aliases": [], "source_name": "MISPGALAXY:FASTCash", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "a2b92056-9378-4749-926b-7e10c4500dac", "created_at": "2023-01-06T13:46:38.430595Z", "updated_at": "2026-04-10T02:00:02.971571Z", "deleted_at": null, "main_name": "Lazarus Group", "aliases": [ "Operation DarkSeoul", "Bureau 121", "Group 77", "APT38", "NICKEL GLADSTONE", "G0082", "COPERNICIUM", "Moonstone Sleet", "Operation GhostSecret", "APT 38", "Appleworm", "Unit 121", "ATK3", "G0032", "ATK117", "NewRomanic Cyber Army Team", "Nickel Academy", "Sapphire Sleet", "Lazarus group", "Hastati Group", "Subgroup: Bluenoroff", "Operation Troy", "Black Artemis", "Dark Seoul", "Andariel", "Labyrinth Chollima", "Operation AppleJeus", "COVELLITE", "Citrine Sleet", "DEV-0139", "DEV-1222", "Hidden Cobra", "Bluenoroff", "Stardust Chollima", "Whois Hacking Team", "Diamond Sleet", "TA404", "BeagleBoyz", "APT-C-26" ], "source_name": "MISPGALAXY:Lazarus Group", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "f426f0a0-faef-4c0e-bcf8-88974116c9d0", "created_at": "2022-10-25T15:50:23.240383Z", "updated_at": "2026-04-10T02:00:05.299433Z", "deleted_at": null, "main_name": "APT38", "aliases": [ "APT38", "NICKEL GLADSTONE", "BeagleBoyz", "Bluenoroff", "Stardust Chollima", "Sapphire Sleet", "COPERNICIUM" ], "source_name": "MITRE:APT38", "tools": [ "ECCENTRICBANDWAGON", "HOPLIGHT", "Mimikatz", "KillDisk", "DarkComet" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434381, "ts_updated_at": 1775792116, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/89f0ae2f95d285e40e7c40a56142b44f6a63cca9.pdf", "text": "https://archive.orkl.eu/89f0ae2f95d285e40e7c40a56142b44f6a63cca9.txt", "img": "https://archive.orkl.eu/89f0ae2f95d285e40e7c40a56142b44f6a63cca9.jpg" } }