AppleJeus: Analysis of North Korea’s Cryptocurrency Malware
Contents
AppleJeus: Analysis of North Korea’s Cryptocurrency Malware
Summary
This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques.
This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury) to highlight the cyber threat to cryptocurrency posed by North Korea, formally known as the Democratic People’s Republic of Korea (DPRK), and provide mitigation recommendations. Working with U.S. government partners, FBI, CISA, and Treasury assess that Lazarus Group—which these agencies attribute to North Korean state-sponsored advanced persistent threat (APT) actors—is targeting individuals and companies, including cryptocurrency exchanges and financial service companies, through the dissemination of cryptocurrency trading applications that have been modified to include malware that facilitates theft of cryptocurrency.
These cyber actors have targeted organizations for cryptocurrency theft in over …
Summary
This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques.
This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury) to highlight the cyber threat to cryptocurrency posed by North Korea, formally known as the Democratic People’s Republic of Korea (DPRK), and provide mitigation recommendations. Working with U.S. government partners, FBI, CISA, and Treasury assess that Lazarus Group—which these agencies attribute to North Korean state-sponsored advanced persistent threat (APT) actors—is targeting individuals and companies, including cryptocurrency exchanges and financial service companies, through the dissemination of cryptocurrency trading applications that have been modified to include malware that facilitates theft of cryptocurrency.
These cyber actors have targeted organizations for cryptocurrency theft in over …
IoC
104.168.167.16
104.200.67.96
107.187.66.103
145.249.106.19
146.112.61.107
175.29.32.160
184.168.221.40
184.168.221.57
185.142.236.213
185.181.104.82
198.187.29.20
198.251.83.27
198.54.114.175
198.54.114.237
198.54.115.51
198.54.117.197
198.54.117.198
198.54.117.199
198.54.117.200
198.58.118.167
208.91.197.46
209.99.64.18
45.199.63.220
45.33.2.79
45.33.23.183
45.56.79.23
45.79.19.196
96.126.123.244
http://104.168.167.16
http://104.200.67.96
http://107.187.66.103
http://145.249.106.19
http://146.112.61.107
http://175.29.32.160
http://184.168.221.40
http://184.168.221.57
http://185.142.236.213
http://185.181.104.82
http://198.187.29.20
http://198.251.83.27
http://198.54.114.175
http://198.54.114.237
http://198.54.115.51
http://198.54.117.197
http://198.54.117.198
http://198.54.117.199
http://198.54.117.200
http://198.58.118.167
http://208.91.197.46
http://209.99.64.18
http://45.199.63.220
http://45.33.2.79
http://45.33.23.183
http://45.56.79.23
http://45.79.19.196
http://96.126.123.244
http://Ants2Whale.com
http://CoinGoTrade.com
http://Dorusio.com
http://ants2whale.com
http://beastgoc.com
http://celasllc.com
http://coingotrade.com
http://cryptoconsortium.github.io/CCSS/
http://dorusio.com
http://jmttrading.org
http://kupaywallet.com
http://unioncrypto.vip
http://www.kupaywallet.com
104.200.67.96
107.187.66.103
145.249.106.19
146.112.61.107
175.29.32.160
184.168.221.40
184.168.221.57
185.142.236.213
185.181.104.82
198.187.29.20
198.251.83.27
198.54.114.175
198.54.114.237
198.54.115.51
198.54.117.197
198.54.117.198
198.54.117.199
198.54.117.200
198.58.118.167
208.91.197.46
209.99.64.18
45.199.63.220
45.33.2.79
45.33.23.183
45.56.79.23
45.79.19.196
96.126.123.244
http://104.168.167.16
http://104.200.67.96
http://107.187.66.103
http://145.249.106.19
http://146.112.61.107
http://175.29.32.160
http://184.168.221.40
http://184.168.221.57
http://185.142.236.213
http://185.181.104.82
http://198.187.29.20
http://198.251.83.27
http://198.54.114.175
http://198.54.114.237
http://198.54.115.51
http://198.54.117.197
http://198.54.117.198
http://198.54.117.199
http://198.54.117.200
http://198.58.118.167
http://208.91.197.46
http://209.99.64.18
http://45.199.63.220
http://45.33.2.79
http://45.33.23.183
http://45.56.79.23
http://45.79.19.196
http://96.126.123.244
http://Ants2Whale.com
http://CoinGoTrade.com
http://Dorusio.com
http://ants2whale.com
http://beastgoc.com
http://celasllc.com
http://coingotrade.com
http://cryptoconsortium.github.io/CCSS/
http://dorusio.com
http://jmttrading.org
http://kupaywallet.com
http://unioncrypto.vip
http://www.kupaywallet.com