MAR-10322463-4.v1 - AppleJeus: Kupay Wallet | CISA
Tags
| country: | North Korea |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Software - T1592.002 Vulnerabilities - T1588.006 Whois - T1596.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 9c8e7c4d-b3e2-4631-afa3-fcc77cf53d61 |
| Fingerprint | c79da9df4e733bcf |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 17, 2021, midnight |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 5:57 p.m. |
| Headline | Malware Analysis Report (AR21-048D) |
| Title | MAR-10322463-4.v1 - AppleJeus: Kupay Wallet | CISA |
| Detected Hints/Tags/Attributes | 61/3/30 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://us-cert.cisa.gov/ncas/analysis-reports/ar21-048d |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 145 | www.us-cert.gov |
|
| Details | Domain | 1 | kupaywallet.com |
|
| Details | Domain | 3 | levelframeblog.com |
|
| Details | Domain | 2 | bitpay.com |
|
| Details | Domain | 154 | us-cert.cisa.gov |
|
| Details | Domain | 84 | malware.us-cert.gov |
|
| Details | Domain | 84 | ftp.malware.us-cert.gov |
|
| Details | Domain | 469 | www.cisa.gov |
|
| Details | 1 | admin@kupaywallet.com |
||
| Details | 84 | submit@malware.us-cert.gov |
||
| Details | File | 1 | kupay.exe |
|
| Details | File | 1 | kupay.dmg |
|
| Details | File | 1 | kupay.msi |
|
| Details | File | 1 | kupayupgrade.exe |
|
| Details | File | 1 | kupay_update.php |
|
| Details | File | 2 | pkg.wallet |
|
| Details | File | 1 | felix.php |
|
| Details | sha256 | 1 | 0bc7517aa2f0c1820ced399bfd66b993f10ad77e8d72727b0f3dc1ca35cad7ba |
|
| Details | sha256 | 1 | 1b60a6d35c872102f535ae6a3d7669fb7d55c43dc7e73354423fdcca01a955d6 |
|
| Details | sha256 | 1 | 55eacc25e9eaba5d3f04b6cbcac2e16879b83d967596d645e5ec4b8f42656ef9 |
|
| Details | sha256 | 1 | 6b945159b4c816ec5e212ba125eb01938234205d8d3e57fca46de7c064c628f8 |
|
| Details | sha256 | 4 | 91eaf215be336eae983d069de16630cc3580e222c427f785e0da312d0692d0fd |
|
| Details | sha256 | 2 | a0c461c94ba9f1573c7253666d218b3343d24bfa5d8ef270ee9bc74b7856e492 |
|
| Details | sha256 | 1 | fc1aafd2ed190fa523e60c3d22b6f7ca049d97fc41c9a2fe987576d6b5e81d6d |
|
| Details | IPv4 | 2 | 23.152.0.101 |
|
| Details | Url | 42 | http://www.us-cert.gov/tlp. |
|
| Details | Url | 1 | https://kupaywallet.com |
|
| Details | Url | 1 | https://kupaywallet.com/kupay_update.php |
|
| Details | Url | 53 | https://us-cert.cisa.gov/forms/feedback |
|
| Details | Url | 84 | https://malware.us-cert.gov |