Operation AppleJeus
Lazarus Group campaign targeting cryptocurrency exchanges with trojanised trading applications for macOS and Windows.
Start date
1 January 2018
End date
—
Techniques
21
Indicators of compromise
73
24 md521 sha25621 sha15 ip2 url
Attributed actors
Techniques (21)
command-and-control3
T1573.001Symmetric Cryptography
T1105Ingress Tool Transfer
T1071.001Web Protocols
credential-access2
T1552.001Credentials In Files
T1555Credentials from Password Stores
discovery3
T1057Process Discovery
T1082System Information Discovery
T1083File and Directory Discovery
execution3
T1059.003Windows Command Shell
T1059.001PowerShell
T1059.004Unix Shell
exfiltration1
T1041Exfiltration Over C2 Channel
initial-access3
T1566.002Spearphishing Link
T1566.001Spearphishing Attachment
T1195.002Compromise Software Supply Chain
persistence2
T1547.001Registry Run Keys / Startup Folder
T1543.003Windows Service
privilege-escalation3
T1547.001Registry Run Keys / Startup Folder
T1055Process Injection
T1543.003Windows Service
stealth4
T1140Deobfuscate/Decode Files or Information
T1070.004File Deletion
T1055Process Injection
T1027Obfuscated Files or Information
Indicators of compromise (73)
SHA25621
8ae766795cda6336fd5cad9e89199ea2a1939a35e03eb0e54c503b1029d870c4confirmed
e4226e9f6faaafaafca5f572770eeffa1512c496aa9ed63977729a01513d27a9confirmed
c0e22e80ea020ca8f71f58a8b53855293abdf8d4e0b34a69068004abaac60f42confirmed
7c61fc881b84a60c84876f9d6ff74003349345694f3b7f0b08059687b5e6b846confirmed
7f000893320d77e012686e20e1212e297408d5684335f7f24e40889401e24dffconfirmed
efa6c2894896343e55337231989d46c665f84930ce99fa5a259f398e62d211f4confirmed
1b8d3e69fc214cb7a08bef3c00124717f4b4d7fd6be65f2829e9fd337fc7c03cconfirmed
d555dcb6da4a6b87e256ef75c0150780b8a343c4a1e09935b0647f01d974d94dconfirmed
0c06e129902925c7ebd70e93d4d09707add781d8bd89cd557cda023045f3853econfirmed
0b6056e7ce278fb31bf644ef41e9532009e5dfbc33849b29f59c77ec993a8f46confirmed
4f9a8e4f807b52f941213b0d55990a317b6466484847f51effc73a2180cf8eafconfirmed
bdff852398f174e9eef1db1c2d3fefdda25fe0ea90a40a2e06e51b5c0ebd69ebconfirmed
6829b51523f69bd0ea6ebc6157e989d269661567f3e62d92ae26d71e6abf6652confirmed
fe29ed0336d7b3259ab8c391e0d0f40d2876f6fc83f5e57af888578636fccb7fconfirmed
ca70aa2f89bee0c22ebc18bd5569e542f09d3c4a060b094ec6abeeeb4768a143confirmed
d404c0a634cef0d32029286fde8efccb6dfe1809066bbec7ac32d42c5ce3bc04confirmed
08012e68f4f84bba8b74690c379cb0b1431cdcadc9ed076ff068de289e0f6774confirmed
d3ef262bae0beb5d35841d131b3f89a9b71a941a86dab1913bda72b935744d2econfirmed
e2199fc4e4b31f7e4c61f6d9038577633ed6ad787718ed7c39b36f316f38befdconfirmed
ef400d73c6920ac811af401259e376458b498eb0084631386136747dfc3dcfa8confirmed
6ee19085ad5c17f989616d17ef68041910b3d0cbcf7e08cc7d7c1a1cb09e6b69confirmed
MD524
d7089e6bc8bd137a7241a7ad297f975dconfirmed
cafda7b3e9a4f86d4bd005075040a712confirmed
c501ea6c56ba9133c3c26a7d5ed4ce49confirmed
0a15a33844c9df11f12a4889ae7b7e4bconfirmed
81c3a3c5a0129477b59397173fdc0b01confirmed
cea1a63656fb199dd5ab90528188e87cconfirmed
0bdb652bbe15942e866083f29fb6dd62confirmed
e1ed584a672cab33af29114576ad6cceconfirmed
ffae703a1e327380d85880b9037a0aebconfirmed
9e740241ca2acdc79f30ad2c3f50990aconfirmed
abec84286df80704b823e698199d89f7confirmed
56f5088f488e50999ee6cced1f5dd6aaconfirmed
cd6796f324ecb7cf34bc9bc38ce4e649confirmed
b054a7382adf6b774b15f52d971f3799confirmed
5ad7d35f0617595f26d565a3b7ebc6d0confirmed
d8484469587756ce0d10a09027044808confirmed
48ded52752de9f9b73c6bf9ae81cb429confirmed
94dfcabd8ba5ca94828cd5a88d6ed488confirmed
6b061267c7ddeb160368128a933d38beconfirmed
6cb34af551b3fb63df6c9b86900cf044confirmed
4126e1f34cf282c354e17587bb6e8da3confirmed
14b6d24873f19332701177208f85e776confirmed
21694c8db6234df74102e8b5994b7627confirmed
bbbcf6da5a4c352e8846bf91c3358d5cconfirmed
SHA121
5feee99bd64af03698a2cdd3d0d445838bb0fc96confirmed
0c5e4cec03d2eea2b1dd5356fe05de64a0278cd6confirmed
b4d43cd2d81d17dec523915c0fc61b4b29e62c58confirmed
e90cd55d544a097306b61af8af7f73c524e00ad2confirmed
1abd0583b4ef0de8bbb29073aca8e1340c055ef3confirmed
258537df5611d9cbf3f8f3f6ea703f35e0e47dfaconfirmed
f1203cf53b0ea0edaac0db04c88f6714274d284econfirmed
2707b7d9becb01d81b1b8e2a8858447ddbe6769cconfirmed
cadb4e5fcc1338938808de8877e738243394ba96confirmed
999513f13fb9cea5d6321631a10a8fbf741a107aconfirmed
aa08f8e721dfd875de6139a1ad795620f1b2340aconfirmed
8596dc6dee6089318ab1d97f1dacd1f2cf36d1abconfirmed
313aca049a83c362066cd130d6263af1bcd43565confirmed
4d92b56cac6a02e70adbd16a9d1121c918f0c257confirmed
1e8a2f1f751e5a9931bca5710b4f304798d665dcconfirmed
597a06bd3b9987859d13658ff2d72689523cbd5bconfirmed
ebd7186ff1968fab758b089ad726b02c6761e7b6confirmed
5ff9cbaec255fffdf119b24e007af777d71534abconfirmed
15062b26d9dd1cf7b0cdf167f4b37cb632ddbd41confirmed
a09658ce5642f9bedf2e737d8da81d7ffc232c14confirmed
d48a81613b3c0186d563744e79d28c05df49c480confirmed
URL2
www.celasllc.com/checkupdate.phpconfirmed
https://www.celasllc.com/checkupdate.phpconfirmed
IP5
196.38.48.121confirmed
185.142.236.226confirmed
80.82.64.91confirmed
185.142.236.213confirmed
185.142.239.173confirmed