MAR-10322463-3.v1 - AppleJeus: Union Crypto | CISA
Tags
| country: | North Korea |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Code Signing - T1553.002 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Software - T1592.002 Vulnerabilities - T1588.006 Whois - T1596.002 Code Signing - T1116 |
Common Information
| Type | Value |
|---|---|
| UUID | d0e72ff6-36bb-42b2-82cd-620bc0f8c151 |
| Fingerprint | df9de9df4d2313cf |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 17, 2021, midnight |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 5:57 p.m. |
| Headline | Malware Analysis Report (AR21-048C) |
| Title | MAR-10322463-3.v1 - AppleJeus: Union Crypto | CISA |
| Detected Hints/Tags/Attributes | 61/3/33 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://us-cert.cisa.gov/ncas/analysis-reports/ar21-048c |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 145 | www.us-cert.gov |
|
| Details | Domain | 6 | unioncrypto.vip |
|
| Details | Domain | 3 | www.unioncrypto.vip |
|
| Details | Domain | 52 | whois.arin.net |
|
| Details | Domain | 154 | us-cert.cisa.gov |
|
| Details | Domain | 84 | malware.us-cert.gov |
|
| Details | Domain | 84 | ftp.malware.us-cert.gov |
|
| Details | Domain | 469 | www.cisa.gov |
|
| Details | 84 | submit@malware.us-cert.gov |
||
| Details | File | 2 | unioncryptoupdater.exe |
|
| Details | File | 1 | unioncryptotrader.exe |
|
| Details | File | 5 | unioncryptotrader.dmg |
|
| Details | File | 1 | nodedll.dll |
|
| Details | File | 1 | unioncryptotrader.msi |
|
| Details | File | 1 | unioncryptosetup.exe |
|
| Details | File | 2 | unioncryptotradersetup.exe |
|
| Details | File | 1 | push.jsp |
|
| Details | File | 5 | unioncrypto.pl |
|
| Details | sha256 | 1 | 01c13f825ec6366ac2b6dd80e5589568fa5c8685cb4d924d1408e3d7c178902f |
|
| Details | sha256 | 1 | 0967d2f122a797661c90bc4fc00d23b4a29f66129611b4aa76f62d8a15854d36 |
|
| Details | sha256 | 2 | 2ab58b7ce583402bf4cbc90bee643ba5f9503461f91574845264d4f7e3ccb390 |
|
| Details | sha256 | 3 | 631ac269925bb72b5ad8f469062309541e1edfec5610a21eecded75a35e65680 |
|
| Details | sha256 | 1 | 6f45a004ad6bb087f733feb618e115fe88164f6db9562cb9b428372c9add75f0 |
|
| Details | sha256 | 1 | 755bd7a3765efceb8183ffade090ef2637a85c4505f8078dda116013dd5758f3 |
|
| Details | sha256 | 1 | af4144c1f0236e6b59f40d88635ec54c2ef8034f6a96a83f5dbfd6b8ea2c0d49 |
|
| Details | sha256 | 1 | e3623c2440b692f6b557a862719dc95f41d2e9ad7b560e837d3b59bfe4b8b774 |
|
| Details | IPv4 | 1 | 216.189.150.185 |
|
| Details | Url | 42 | http://www.us-cert.gov/tlp. |
|
| Details | Url | 5 | https://unioncrypto.vip/update |
|
| Details | Url | 3 | https://www.unioncrypto.vip/download/w6c2dq8by7lumhcmya2v97yen |
|
| Details | Url | 1 | https://unioncrypto.vip/update. |
|
| Details | Url | 53 | https://us-cert.cisa.gov/forms/feedback |
|
| Details | Url | 84 | https://malware.us-cert.gov |