From c3294a822bdb1a94279b44d1bf19d761a83c70d9 Mon Sep 17 00:00:00 2001
From: Florian Roth <florian.roth@bsk-consulting.de>
Date: Fri, 24 Aug 2018 12:07:00 +0200
Subject: [PATCH] Lazarus - Operation Applejeus Filename IOCs
 https://securelist.com/operation-applejeus/87553/

---
 iocs/filename-iocs.txt | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/iocs/filename-iocs.txt b/iocs/filename-iocs.txt
index ee54f584..ffb109d3 100644
--- a/iocs/filename-iocs.txt
+++ b/iocs/filename-iocs.txt
@@ -3060,4 +3060,11 @@ ystem32\\Microsoft\\Protect\\Windows\\svchost.exe;80
 \\cbmsfgrc\.dat;60
 \\mswmpdat\.tlb;60
 
+# Lazarus - Operation Applejeus https://securelist.com/operation-applejeus/87553/
+:\\Recovery\\msn\.exe;80
+:\\Recovery\\msndll\.log;80
+\\Windows\\msn\.exe;80
+ystem32\\uploadmgrsvc\.dll;80
+ystem32\\uploadmgr\.dat;80
+
 # End