Operation AppleJeus Sequel
Tags
| country: | China Poland |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Domains - T1583.001 Domains - T1584.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Windows Service - T1543.003 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 14d970a0-0caa-41ec-b0d7-6fef53fc5d56 |
| Fingerprint | a4a43b1dad2f0483 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 8, 2020, 10 a.m. |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | Operation AppleJeus Sequel |
| Title | Operation AppleJeus Sequel |
| Detected Hints/Tags/Attributes | 75/3/90 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://securelist.com/operation-applejeus-sequel/95596/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 338 | kaspersky.com |
|
| Details | Domain | 4 | www.celasllc.com |
|
| Details | Domain | 1 | www.wb-bot.org |
|
| Details | Domain | 1 | wfcwallet.com |
|
| Details | Domain | 1 | www.chainfun365.com |
|
| Details | Domain | 6 | unioncrypto.vip |
|
| Details | Domain | 3 | www.jmttrading.org |
|
| Details | Domain | 1 | cyptian.com |
|
| Details | Domain | 4 | beastgoc.com |
|
| Details | Domain | 1 | www.private-kurier.com |
|
| Details | Domain | 1 | www.wb-invest.net |
|
| Details | Domain | 1 | chainfun365.com |
|
| Details | Domain | 1 | www.buckfast-zucht.de |
|
| Details | Domain | 1 | invesuccess.com |
|
| Details | Domain | 1 | private-kurier.com |
|
| Details | Domain | 1 | aeroplans.info |
|
| Details | Domain | 1 | mydealoman.com |
|
| Details | Domain | 6 | index.do |
|
| Details | 147 | intelreports@kaspersky.com |
||
| Details | File | 6 | checkupdate.php |
|
| Details | File | 1 | certpkg.php |
|
| Details | File | 1 | markmakingbot.dmg |
|
| Details | File | 1 | wfcupdater.exe |
|
| Details | File | 1 | wfc.cfg |
|
| Details | File | 1 | rasext.dll |
|
| Details | File | 1 | msctfp.dat |
|
| Details | File | 2127 | cmd.exe |
|
| Details | File | 10 | device.exe |
|
| Details | File | 1 | centerupdater.exe |
|
| Details | File | 1 | %appdata%\lenovo\devicecenter\device.exe |
|
| Details | File | 1 | %appdata%\lenovo\devicecenter\centerupdater.exe |
|
| Details | File | 2 | unioncryptotradersetup.exe |
|
| Details | File | 263 | iexplore.exe |
|
| Details | File | 1 | macinstaller.dmg |
|
| Details | File | 1 | 4_5983241673595946132.dmg |
|
| Details | File | 5 | unioncryptotrader.dmg |
|
| Details | File | 2 | jmttrader_mac.dmg |
|
| Details | File | 2 | unioncryptoupdater.exe |
|
| Details | File | 1 | adobeupdator.exe |
|
| Details | File | 42 | adobearm.exe |
|
| Details | File | 1 | unistore.exe |
|
| Details | File | 1 | %appdata%\local\unioncryptotrader\unioncryptoupdater.exe |
|
| Details | File | 1 | c:\programdata\adobe\adobeupdator.exe |
|
| Details | File | 1 | %appdata%\local\comms\unistore.exe |
|
| Details | File | 1 | aeroplans.inf |
|
| Details | File | 3 | grepmonux.php |
|
| Details | md5 | 2 | 48ded52752de9f9b73c6bf9ae81cb429 |
|
| Details | md5 | 1 | 3efeccfc6daf0bf99dcb36f247364052 |
|
| Details | md5 | 1 | c2ffbf7f2f98c73b98198b4937119a18 |
|
| Details | md5 | 1 | dab34d94ca08ba5b25edadfe67ae4607 |
|
| Details | md5 | 1 | cb56955b70c87767dee81e23503086c3 |
|
| Details | md5 | 1 | 8b4c532f10603a8e199aa4281384764e |
|
| Details | md5 | 1 | aeee54a81032a6321a39566f96c822f5 |
|
| Details | md5 | 1 | b63e8d4277b190e2e3f5236f07f89eee |
|
| Details | md5 | 1 | bb04d77bda3ae9c9c3b6347f7aef19ac |
|
| Details | md5 | 1 | be37637d8f6c1fbe7f3ffc702afdfe1d |
|
| Details | md5 | 1 | a9e960948fdac81579d3b752e49aceda |
|
| Details | md5 | 1 | 0f03ec3487578cef2398b5b732631fec |
|
| Details | md5 | 1 | 629b9de3e4b84b4a0aa605a3e9471b31 |
|
| Details | md5 | 1 | e1953fa319cc11c2f003ad0542bca822 |
|
| Details | md5 | 1 | dd03c6eb62c9bf9adaf831f1d7adcbab |
|
| Details | md5 | 1 | bb66ab2db0bad88ac6b829085164cbbb |
|
| Details | md5 | 1 | 267a64ed23336b4a3315550c74803611 |
|
| Details | md5 | 4 | 6588d262529dc372c400bef8478c2eec |
|
| Details | md5 | 1 | 55ec67fa6572e65eae822c0b90dc8216 |
|
| Details | md5 | 1 | da17802bc8d3eca26b7752e93f33034b |
|
| Details | md5 | 1 | 39cdf04be2ed479e0b4489ff37f95bbe |
|
| Details | md5 | 1 | e35b15b2c8bb9eda8bc4021accf7038d |
|
| Details | md5 | 1 | 6058368894f25b7bc8dd53d3a82d9146 |
|
| Details | md5 | 1 | 24B3614D5C5E53E40B42B4E057001770 |
|
| Details | md5 | 1 | 629B9DE3E4B84B4A0AA605A3E9471B31 |
|
| Details | md5 | 1 | E1953FA319CC11C2F003AD0542BCA822 |
|
| Details | md5 | 1 | f221349437f2f6707ecb2a75c3f39145 |
|
| Details | md5 | 1 | 055829E7600DBDAE9F381F83F8E4FF36 |
|
| Details | md5 | 1 | F051A18F79736799AC66F4EF7B28594B |
|
| Details | IPv4 | 1 | 108.174.195.134 |
|
| Details | IPv4 | 1 | 23.254.217.53 |
|
| Details | IPv4 | 2 | 104.168.167.16 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | IPv4 | 1 | 185.243.115.17 |
|
| Details | IPv4 | 1 | 104.168.218.42 |
|
| Details | IPv4 | 1 | 95.213.232.170 |
|
| Details | IPv4 | 2 | 185.228.83.32 |
|
| Details | IPv4 | 1 | 172.81.135.194 |
|
| Details | Pdb | 1 | z:\loader\x64\release\winloaderexe.pdb |
|
| Details | Url | 1 | https://www.wb-bot.org/certpkg.php |
|
| Details | Url | 1 | http://95.213.232.170/probactive/index.do |
|
| Details | Url | 1 | http://beastgoc.com/grepmonux.php |
|
| Details | Url | 5 | https://unioncrypto.vip/update |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\ThirdParty |