Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware
Tags
country: Netherlands
maec-delivery-vectors: Watering Hole
attack-pattern: Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Private Keys - T1552.004 Scheduled Task - T1053.005 Private Keys - T1145 Scheduled Task - T1053 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID 19982b4a-f9e8-4c85-bd67-561899def42c
Fingerprint c1809919472b9f3a
Analysis status DONE
Considered CTI value 1
Text language
Published Dec. 5, 2022, midnight
Added to db Dec. 14, 2022, 4:13 p.m.
Last updated Oct. 31, 2024, 10:55 a.m.
Headline Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware
Title Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware
Detected Hints/Tags/Attributes 33/3/14
Source URLs
Redirection Url
Details Source https://www.malwarebytes.com/blog/news/2022/12/lazarus-group-uses-fake-cryptocurrency-apps-to-plant-applejeus-malware
URL Provider
Details Provider Source level domain
Details malwarebytes.com www.malwarebytes.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 329 Malwarebytes https://www.malwarebytes.com/blog/feed/index.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 8 
bloxholder.com
Details Domain 5 
strainservice.com
Details Domain 6 
rebelthumb.net
Details Domain 8 
wirexpro.com
Details Domain 6 
oilycargo.com
Details Domain 3 
telloo.io
Details File 7 
camerasettingsuihost.exe
Details File 24 
dui70.dll
Details File 33 
duser.dll
Details File 1 
%appdata%\roaming\bloxholder\camerasettingsuihost.exe
Details File 1 
%appdata%\roaming\bloxholder\duser.dll
Details File 4 
5.msi
Details md5 2 
18e190413af045db88dfbd29609eb877
Details Threat Actor Identifier - APT 144 
APT38