Leery Turtle Threat Report
Contents
TLP : AMBER
Leery Turtle
Threat Report
Report Date: 6 May 2020
Report No: 20CTI212
TLP : AMBER
TABLE OF CONTENT
I.
THREAT GROUP SUMMARY
3
Introducing the Leery Turtle APT Group
3
Targets and Capabilities
3
II. TECHNICAL ANALYSIS OF KEY ATTACKS
Activity Summary
4
4
III. DETECTION AND MITIGATION
12
IV. APPENDIX
13
V. CONTACT
14
TLP : AMBER
I.
THREAT GROUP SUMMARY
Group Name
Leery Turtle
Threat Class
Advanced Persistent Threat
Target Industry
Cryptocurrency Exchange Business
Motivation
Financial Gain
Attack Scope
Global
Favorite Method
Spearphishing, Malware Infection
Active Since
Late 2017
Introducing the Leery Turtle APT Group
Leery Turtle is a threat group which is active since at least late 2017. They are targeting Cryptocurrency
Exchange companies globally. They continuously carry out spear-phishing campaigns to infect their targets with
custom written malware. The forensic analysis concludes that this group is systematically operated, persistent,
and funded.
Targets and Capabilities
All of the campaigns observed were directed towards Cryptocurrency Exchange companies. Leery Turtle does
not focus on any particular region, and target businesses worldwide. they mostly target technical and executive
roles.
In their operations, Leery Turtle employs extensive reconnaissance tactics. To specify vulnerable entry points,
they send decoy …
Leery Turtle
Threat Report
Report Date: 6 May 2020
Report No: 20CTI212
TLP : AMBER
TABLE OF CONTENT
I.
THREAT GROUP SUMMARY
3
Introducing the Leery Turtle APT Group
3
Targets and Capabilities
3
II. TECHNICAL ANALYSIS OF KEY ATTACKS
Activity Summary
4
4
III. DETECTION AND MITIGATION
12
IV. APPENDIX
13
V. CONTACT
14
TLP : AMBER
I.
THREAT GROUP SUMMARY
Group Name
Leery Turtle
Threat Class
Advanced Persistent Threat
Target Industry
Cryptocurrency Exchange Business
Motivation
Financial Gain
Attack Scope
Global
Favorite Method
Spearphishing, Malware Infection
Active Since
Late 2017
Introducing the Leery Turtle APT Group
Leery Turtle is a threat group which is active since at least late 2017. They are targeting Cryptocurrency
Exchange companies globally. They continuously carry out spear-phishing campaigns to infect their targets with
custom written malware. The forensic analysis concludes that this group is systematically operated, persistent,
and funded.
Targets and Capabilities
All of the campaigns observed were directed towards Cryptocurrency Exchange companies. Leery Turtle does
not focus on any particular region, and target businesses worldwide. they mostly target technical and executive
roles.
In their operations, Leery Turtle employs extensive reconnaissance tactics. To specify vulnerable entry points,
they send decoy …
IoC
192.168.100.2
192.168.100.207
203.144.133.42
192.168.100.207
203.144.133.42