Free Phone Consultation For New Clients | CONTACT NOW

Distribution of AppleSeed to Specific Military Base Maintenance Companies

The ASEC analysis team recently observed the distribution of AppleSeed malware to specific military base maintenance companies. AppleSeed malware is a backdoor malware mainly used by the Kimsuky organization.

According to the analysis, AppleSeed was distributed to multiple companies that maintain and manage various military bases in the United States. The ultimate purpose of the distribution is unknown; however, based on the analysis of past cases, it can be inferred that this is done for data theft.

As of now, no hacking or data dumping activities have been observed from these maintenance companies. Based on historical cases, there is a high chance of data theft and subsequent distribution after a certain amount of time has passed since the infection.

The Kimsuky organization was known to have hacked digital certificates to distribute malicious code. Another AppleSeed derivative, "Dokkaebi", was distributed in November 2015, while it was already known that the Kimsuky group had minted their own Android malware. The new code can be assumed as a variant of "Dokkaebi".

AppleSeed is the booter malware that is distributed along with Greasemonkey scripts and Portable Executable (PE) files. This malware is stealthier; it does not usually notice if a computer has been infected through its dropper package, or if it is being loaded through a browser. AppleSeed is distributed through malicious clicking on malicious links, downloading through malicious email attachments, or by visiting malicious websites.

The majority of the AppleSeed distribution cases discovered by the ASEC team have involved the Kimsuky group. A variant of this family has been observed in August 2015 and was used to distribute different APT attacks.

All AppleSeed malware samples were found to be associated with a unique file name "applex2".

Source: Distribution of AppleSeed to specific military base maintenance companies - AlienVault - Open Threat Exchange

Need secure managed IT services in the Greenville, SC, area?