Operation AppleJeus Sequel

2020-01-08 Kaspersky

https://securelist.com/operation-applejeus-sequel/95596/

Thumbnail for Operation AppleJeus Sequel

Kaspersky reported continued Lazarus Group operations against cryptocurrency businesses after Operation AppleJeus. The actor used fake companies and manipulated applications to gain trust, then delivered macOS and Windows malware through multi-stage infection chains. The macOS tooling included homemade malware and authenticated payload delivery designed to load later stages carefully, while the Windows path used a fake wallet updater and loader components. The report highlights Lazarus’ adaptation after earlier public reporting and its persistent focus on cryptocurrency-sector targets.

Indicators of Compromise

Type Value First Seen Last Seen
DOMAIN beastgoc.com 2019-10-12 2021-02-18
DOMAIN unioncrypto.vip 2019-12-03 2021-02-17
IPv4 104.168.167.16 2019-12-03 2021-02-17
HASH 6588d262529dc372c400bef8478c2eec 2019-12-03 2020-02-22
URL https://unioncrypto.vip/update 2019-12-03 2020-02-22
HASH da17802bc8d3eca26b7752e93f33034b 2020-01-08 2020-01-08
HASH 24b3614d5c5e53e40b42b4e057001770 2020-01-08 2020-01-08
HASH a9e960948fdac81579d3b752e49aceda 2020-01-08 2020-01-08
HASH dab34d94ca08ba5b25edadfe67ae4607 2020-01-08 2020-01-08
HASH e35b15b2c8bb9eda8bc4021accf7038d 2020-01-08 2020-01-08
HASH cb56955b70c87767dee81e23503086c3 2020-01-08 2020-01-08
HASH c2ffbf7f2f98c73b98198b4937119a18 2020-01-08 2020-01-08
HASH e1953fa319cc11c2f003ad0542bca822 2020-01-08 2020-01-08
HASH 39cdf04be2ed479e0b4489ff37f95bbe 2020-01-08 2020-01-08
HASH f051a18f79736799ac66f4ef7b28594b 2020-01-08 2020-01-08
HASH be37637d8f6c1fbe7f3ffc702afdfe1d 2020-01-08 2020-01-08
HASH dd03c6eb62c9bf9adaf831f1d7adcbab 2020-01-08 2020-01-08
HASH 267a64ed23336b4a3315550c74803611 2020-01-08 2020-01-08
HASH 6058368894f25b7bc8dd53d3a82d9146 2020-01-08 2020-01-08
HASH bb66ab2db0bad88ac6b829085164cbbb 2020-01-08 2020-01-08
HASH 055829e7600dbdae9f381f83f8e4ff36 2020-01-08 2020-01-08
HASH bb04d77bda3ae9c9c3b6347f7aef19ac 2020-01-08 2020-01-08
HASH 0f03ec3487578cef2398b5b732631fec 2020-01-08 2020-01-08
HASH 629b9de3e4b84b4a0aa605a3e9471b31 2020-01-08 2020-01-08
HASH 55ec67fa6572e65eae822c0b90dc8216 2020-01-08 2020-01-08
HASH f221349437f2f6707ecb2a75c3f39145 2020-01-08 2020-01-08
URL https://www.wb-bot.org/certpkg.… 2020-01-08 2020-01-08
URL http://beastgoc.com/grepmonux.p… 2020-01-08 2020-01-08
DOMAIN mydealoman.com 2020-01-08 2020-01-08
DOMAIN chainfun365.com 2020-01-08 2020-01-08
DOMAIN wfcwallet.com 2020-01-08 2020-01-08
DOMAIN aeroplans.info 2020-01-08 2020-01-08
DOMAIN cyptian.com 2020-01-08 2020-01-08
DOMAIN private-kurier.com 2020-01-08 2020-01-08
DOMAIN invesuccess.com 2020-01-08 2020-01-08
IPv4 108.174.195.134 2020-01-08 2020-01-08
IPv4 95.213.232.170 2020-01-08 2020-01-08
IPv4 23.254.217.53 2020-01-08 2020-01-08
IPv4 104.168.218.42 2020-01-08 2020-01-08
IPv4 185.243.115.17 2020-01-08 2020-01-08
IPv4 172.81.135.194 2020-01-08 2020-01-08
IPv4 185.228.83.32 2019-10-12 2020-01-08
HASH 3efeccfc6daf0bf99dcb36f247364052 2019-03-29 2020-01-08
HASH b63e8d4277b190e2e3f5236f07f89eee 2019-03-29 2020-01-08
HASH 8b4c532f10603a8e199aa4281384764e 2019-03-29 2020-01-08
HASH 48ded52752de9f9b73c6bf9ae81cb429 2018-08-23 2020-01-08
HASH aeee54a81032a6321a39566f96c822f5 2018-08-15 2020-01-08

Related Actors

Related Reports

« Back