Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 7433a9e6-fcce-48e3-be07-b33af012143f |
| Fingerprint | 459cb91bed230693 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 23, 2018, 8 a.m. |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 6:50 p.m. |
| Headline | Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware |
| Title | Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware |
| Detected Hints/Tags/Attributes | 123/3/86 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://securelist.com/blog/incidents/73914/operation- |
| Details | Source | https://securelist.com/operation-applejeus/87553/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Autonomous System Number | 4 | AS174 |
|
| Details | Autonomous System Number | 1 | AS3741 |
|
| Details | Autonomous System Number | 2 | AS29073 |
|
| Details | Domain | 4 | www.celasllc.com |
|
| Details | Domain | 4 | celasllc.com |
|
| Details | Domain | 1174 | gmail.com |
|
| Details | Domain | 4 | 1a7ea920.bitcoin-dns.hosting |
|
| Details | Domain | 3 | a8332f3a.bitcoin-dns.hosting |
|
| Details | Domain | 3 | ad636824.bitcoin-dns.hosting |
|
| Details | Domain | 2 | c358ea2d.bitcoin-dns.hosting |
|
| Details | Domain | 111 | www.apple.com |
|
| Details | Domain | 1 | black.host |
|
| Details | Domain | 1 | libertyvps.net |
|
| Details | Domain | 1 | www.domains4bitcoins.com |
|
| Details | Domain | 15 | www.namecheap.com |
|
| Details | Domain | 1 | www.changeip.com |
|
| Details | Domain | 3 | njal.la |
|
| Details | 1 | johnbroox200@gmail.com |
||
| Details | File | 2 | 00.msi |
|
| Details | File | 52 | updater.exe |
|
| Details | File | 6 | checkupdate.php |
|
| Details | File | 1 | temp.gif |
|
| Details | File | 2 | 00.dmg |
|
| Details | File | 5 | celastradepro.pl |
|
| Details | File | 1 | c:\recovery\msn.exe |
|
| Details | File | 1 | msncf.dat |
|
| Details | File | 1 | msndll.tmp |
|
| Details | File | 1 | msndll.dat |
|
| Details | File | 6 | svc.dll |
|
| Details | File | 1 | msndll.log |
|
| Details | File | 1 | c:\windows\system32\uploadmgrsvc.dll |
|
| Details | File | 1 | c:\windows\system32\uploadmgr.dat |
|
| Details | File | 1 | uploadmgrsvc.dll |
|
| Details | File | 130 | info.pl |
|
| Details | File | 1 | celastradepro-installer.msi |
|
| Details | File | 4 | msn.exe |
|
| Details | File | 1 | uploadmgr.dat |
|
| Details | File | 1 | c:\recovery\msndll.log |
|
| Details | File | 1 | c:\windows\msn.exe |
|
| Details | md5 | 1 | 9e740241ca2acdc79f30ad2c3f50990a |
|
| Details | md5 | 1 | b054a7382adf6b774b15f52d971f3799 |
|
| Details | md5 | 1 | 4126e1f34cf282c354e17587bb6e8da3 |
|
| Details | md5 | 2 | 0bdb652bbe15942e866083f29fb6dd62 |
|
| Details | md5 | 1 | ffae703a1e327380d85880b9037a0aeb |
|
| Details | md5 | 2 | bbbcf6da5a4c352e8846bf91c3358d5c |
|
| Details | md5 | 2 | 48ded52752de9f9b73c6bf9ae81cb429 |
|
| Details | md5 | 1 | 0a15a33844c9df11f12a4889ae7b7e4b |
|
| Details | md5 | 1 | e1ed584a672cab33af29114576ad6cce |
|
| Details | md5 | 1 | d8484469587756ce0d10a09027044808 |
|
| Details | md5 | 2 | d7089e6bc8bd137a7241a7ad297f975d |
|
| Details | md5 | 1 | 81c3a3c5a0129477b59397173fdc0b01 |
|
| Details | md5 | 1 | 6cb34af551b3fb63df6c9b86900cf044 |
|
| Details | md5 | 1 | 21694c8db6234df74102e8b5994b7627 |
|
| Details | md5 | 1 | 5ad7d35f0617595f26d565a3b7ebc6d0 |
|
| Details | md5 | 1 | c501ea6c56ba9133c3c26a7d5ed4ce49 |
|
| Details | md5 | 1 | cafda7b3e9a4f86d4bd005075040a712 |
|
| Details | md5 | 1 | cea1a63656fb199dd5ab90528188e87c |
|
| Details | md5 | 3 | 6b061267c7ddeb160368128a933d38be |
|
| Details | md5 | 1 | 56f5088f488e50999ee6cced1f5dd6aa |
|
| Details | md5 | 1 | cd6796f324ecb7cf34bc9bc38ce4e649 |
|
| Details | md5 | 1 | 94dfcabd8ba5ca94828cd5a88d6ed488 |
|
| Details | md5 | 1 | 14b6d24873f19332701177208f85e776 |
|
| Details | md5 | 1 | abec84286df80704b823e698199d89f7 |
|
| Details | md5 | 1 | E1ed584a672cab33af29114576ad6cce |
|
| Details | md5 | 1 | D8484469587756ce0d10a09027044808 |
|
| Details | md5 | 1 | D7089e6bc8bd137a7241a7ad297f975d |
|
| Details | IPv4 | 1 | 196.38.48.121 |
|
| Details | IPv4 | 1 | 185.142.236.226 |
|
| Details | IPv4 | 2 | 185.142.236.213 |
|
| Details | IPv4 | 1 | 80.82.64.91 |
|
| Details | IPv4 | 1 | 185.142.239.173 |
|
| Details | Mandiant Temporary Group Assumption | 1 | TEMP.GIF |
|
| Details | Pdb | 2 | z:\jeus\downloader\downloader_exe_vs2010\release\dloader.pdb |
|
| Details | Pdb | 1 | h:\dev\tmanager\dloader\20180702\dloader\workingdir\output\00000009\release\dloader.pdb |
|
| Details | Pdb | 1 | h:\dev\tmanager\dloader\20180702\dloader\workingdir\output\00000006\release\dloader.pdb |
|
| Details | Pdb | 2 | serverdll.pdb |
|
| Details | Url | 2 | https://www.celasllc.com/checkupdate.php |
|
| Details | Url | 73 | http://www.apple.com/dtds/propertylist-1.0.dtd |
|
| Details | Url | 1 | https://black.host |
|
| Details | Url | 1 | https://libertyvps.net |
|
| Details | Url | 1 | https://www.domains4bitcoins.com |
|
| Details | Url | 2 | https://www.namecheap.com |
|
| Details | Url | 1 | https://www.changeip.com |
|
| Details | Url | 2 | https://njal.la |
|
| Details | Windows Registry Key | 164 | HKLM\SOFTWARE\Microsoft\Windows |
|
| Details | Windows Registry Key | 1 | HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\TaskConfigs\Description |