ioc[.]one - OSINT Cyber Threat Intelligence Database

MAR-10322463-1.v1 - AppleJeus: Celas Trade Pro | CISA

Tags

country:	North Korea Netherlands
maec-delivery-vectors:	Watering Hole
attack-pattern:	Code Signing - T1553.002 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Whois - T1596.002 Code Signing - T1116

Show in Graph

Common Information

Type	Value
UUID	74a8b4a4-b8b3-404d-a441-aedc157eac91
Fingerprint	d79d89db45f3178e
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 17, 2021, midnight
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 5:57 p.m.
Headline	Malware Analysis Report (AR21-048A)
Title	MAR-10322463-1.v1 - AppleJeus: Celas Trade Pro \| CISA
Detected Hints/Tags/Attributes	73/3/27

Source URLs

	Redirection	Url
Details	Source	https://us-cert.cisa.gov/ncas/analysis-reports/ar21-048a

URL Provider

Details	Provider	Source level domain
Details	cisa.gov	us-cert.cisa.gov

Attributes

Details	Type	#Events	Value
Details	Autonomous System Number	4	AS174
Details	Domain	145	www.us-cert.gov
Details	Domain	4	celasllc.com
Details	Domain	5	celastradepro.app
Details	Domain	154	us-cert.cisa.gov
Details	Domain	84	malware.us-cert.gov
Details	Domain	84	ftp.malware.us-cert.gov
Details	Domain	469	www.cisa.gov
Details	Email	1	admin@celasllc.com
Details	Email	84	submit@malware.us-cert.gov
Details	File	1	celastradepro.exe
Details	File	52	updater.exe
Details	File	6	checkupdate.php
Details	File	2	00.msi
Details	File	5	celastradepro.pl
Details	File	2	00.dmg
Details	sha256	2	5e54bccbd4d93447e79cda0558b0b308a186c2be571c739e5460a3cb6ef665c0
Details	sha256	1	6ee19085ad5c17f989616d17ef68041910b3d0cbcf7e08cc7d7c1a1cb09e6b69
Details	sha256	1	a84ed8ce714dff76b48b26414de9f045de561146d7eaa09019cbfbb2586c9765
Details	sha256	1	bdff852398f174e9eef1db1c2d3fefdda25fe0ea90a40a2e06e51b5c0ebd69eb
Details	sha256	1	c0c2239138b9bc659b5bddd8f49fa3f3074b65df8f3a2f639f7c632d2306af70
Details	sha256	1	d404c0a634cef0d32029286fde8efccb6dfe1809066bbec7ac32d42c5ce3bc04
Details	IPv4	2	185.142.236.213
Details	Pdb	2	z:\jeus\downloader\downloader_exe_vs2010\release\dloader.pdb
Details	Url	42	http://www.us-cert.gov/tlp.
Details	Url	53	https://us-cert.cisa.gov/forms/feedback
Details	Url	84	https://malware.us-cert.gov