AppleJeus

2025-08-25 MITRE

https://attack.mitre.org/groups/G1049/

Thumbnail for AppleJeus

AppleJeus is identified as a North Korean state-sponsored group attributed to the Reconnaissance General Bureau and associated with the broader Lazarus Group umbrella. The entry says the group focuses on generating and laundering revenue for the DPRK government, primarily by targeting the cryptocurrency industry with phishing and malicious cryptocurrency software before selectively deploying backdoors against high-value financial targets. Its documented 3CX supply-chain activity involved compromise of end-of-life Trading Technologies software, access to the 3CX environment, modification of Windows and macOS build environments, and delivery of components such as ICONICSTEALER, VEILEDSIGNAL, POOLRAT, and TAXHAUL. The techniques include code signing abuse, DLL search-order hijacking, malicious installer packages, process injection, encrypted payloads, GitHub dead-drop resolvers, and use of legitimate VPN credentials and FRP for internal movement.

Related Actors

Related Reports

2017-05-31 • 35% Match
#G0032 #T1082 #T1090 #T1140 #T1005 #T1041 #T1560 #T1046 #T1083 #T1497 #T1036 #T1027 #T1567 #T1071 #T1124 #T1204 #T1057 #T1053 #T1566 #T1102 #T1059 #T1001 #T1105 #T1055 #T1620 #T1543 #T1489 #T1078 #T1008 #T1571 #T1218 #T1220 #T1588 #T1203 #T1189 #T1049 #T1574 #T1098 #T1087 #T1593 #T1589 #T1016 #T1587 #T1591 #T1585 #T1583 #T1557 #T1547 #T1614 #T1106 #T1573 #T1048 #T1562 #T1608 #T1070 #T1047 #T1074 #T1134 #T1056 #T1529 #T1010 #T1553 #T1033 #T1485 #T1012 #T1110 #T1534 #T1104 #T1202 #T1221 #T1132 #T1021 #T1561 #T1564 #T1584 #T0865 #T1542 #T1491
Shares tags: T1027, T1071, T1566 • Same author: MITRE
2025-08-13 • 32% Match
#Lazarus #T1102.002 #T1082 #T1059.003 #T1567.002 #T1140 #T1584.004 #T1005 #T1070.004 #T1587.001 #T1041 #T1560 #T1608.001 #T1071.001 #T1046 #T1083 #T1056.001 #T1204.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1566.003 #T1124 #T1057 #T1059.005 #T1583.006 #T1566.001 #T1547.001 #T1585.002 #T1053.005 #T1583.001 #T1059.001 #T1036.005 #T1132.001 #T1001.003 #T1585.001 #T1497.001 #T1105 #T1553.002 #T1620 #T1574.002 #T1562.001 #T1027.002 #T1489 #T1078 #T1008 #T1571 #T1491.001 #T1218 #T1220 #T1203 #T1189 #T1049 #T1564.001 #T1098 #T1016 #T1074.001 #T1588.002 #T1562.004 #T1591 #T1218.011 #T1583.004 #T1036.004 #T1588.003 #T1218.010 #T1593.001 #T1218.005 #T1589.002 #T1584.001 #T1070.006 #T1048.003 #T1134.002 #T1027.007 #T1021.001 #T1106 #T1090.001 #T1573 #T1070 #T1047 #T1574.013 #T1561.001 #T1036.003 #T1529 #T1055.001 #T1614.001 #T1010 #T1021.002 #T1033 #T1543.003 #T1485 #T1090.002 #T1542.003 #T1560.002 #T1012 #T1110 #T1547.009 #T1110.003 #T1534 #T1588.004 #T1104 #T1591.004 #T1561.002 #T1608.002 #T1202 #T1221 #T1557.001 #T1087.002 #T1560.003 #T1070.003 #T1021.004
Shares tags: T1027, T1620, T1078 • Published within a month
2019-08-26 • 28% Match
#Kimsuky #G0094 #T1082 #T1140 #T1005 #T1041 #T1555 #T1560 #T1112 #T1083 #T1036 #T1027 #T1567 #T1071 #T1204 #T1552 #T1057 #T1053 #T1566 #T1102 #T1059 #T1003 #T1105 #T1219 #T1055 #T1543 #T1078 #T1133 #T1218 #T1190 #T1588 #T1114 #T1098 #T1593 #T1589 #T1016 #T1587 #T1111 #T1591 #T1585 #T1598 #T1583 #T1594 #T1557 #T1547 #T1562 #T1608 #T1546 #T1070 #T1074 #T1056 #T1586 #T1176 #T1553 #T1012 #T1534 #T1007 #T1518 #T1021 #T1040 #T1564 #T1584 #T1136 #T1505 #T1550
Shares tags: T1027, T1071, T1566 • Same author: MITRE
« Back