Malware Analysis Reports Released for HIDDEN COBRA’s AppleJeus Malware

Summary

The Cybersecurity and Infrastructure Security Agency (CISA) released several malware analysis reports (MAR) related to AppleJeus, a malware variant used by the North Korean government-sponsored cyber threat actor HIDDEN COBRA (aka Lazarus Group). The group is targeting individuals and companies, including cryptocurrency exchanges and financial service companies, through the dissemination of cryptocurrency trading applications that have been modified to include malware that facilitates the theft of cryptocurrency. The MARs were developed in collaboration with several agencies, including the FBI and US Department of Treasury, and include indicators of compromise associated with this threat actor.

MAR-10322463-7.v1 - AppleJeus: Ants2Whale
MAR-10322463-3.v1 - AppleJeus: Union Crypto
MAR-10322463-4.v1 - AppleJeus: Kupay Wallet
MAR-10322463-5.v1 - AppleJeus: CoinGoTrade
MAR-10322463-2.v1 - AppleJeus: JMT Trading
MAR-10322463-6.v1 - AppleJeus: Dorusio
MAR-10322463-1.v1 - AppleJeus: Celas Trade Pro

Recommendations

The NJCCIC recommends reviewing the MARs and searching systems for the indicators of compromise provided to identify any activity associated with HIDDEN COBRA's AppleJesus malware.