ioc[.]one - OSINT Cyber Threat Intelligence Database

Mac-ing sense of the 3CX supply chain attack: analysis of the macOS payloads

Show in Graph

Common Information

Type	Value
UUID	6e3ce418-7050-45d3-ba4d-3514f3ac540b
Fingerprint	de144e0e2e5ac46cd6d6e400df75c631b80c7901473e1c4ae68f5ff59d9e1ebb
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 23, 2023, 9:31 a.m.
Added to db	April 16, 2024, 7:06 p.m.
Last updated	Aug. 31, 2024, 12:01 a.m.
Headline	Mac-ing sense of the 3CX supply chain attack: analysis of the macOS payloads
Title	Mac-ing sense of the 3CX supply chain attack: analysis of the macOS payloads
Detected Hints/Tags/Attributes	113/3/82

Source URLs

	Redirection	Url
Details	Source	https://www.virusbulletin.com/uploads/pdf/conference/vb2023/papers/Mac-ing-sense-of-the-3CX-supply-chain-attack-analysis-of-the-macOS-payloads.pdf

URL Provider

Details	Provider	Source level domain
Details	virusbulletin.com	www.virusbulletin.com

Attributes

Details	Type	#Events	Value
Details	Domain	30	objective-see.com
Details	Domain	247	www.virusbulletin.com
Details	Domain	4	airbseeker.com
Details	Domain	4	globalkeystroke.com
Details	Domain	1	www.woodmate.it
Details	Domain	21	filemonitor.app
Details	Domain	43	file.read
Details	Domain	1	decryptconfig.py
Details	Domain	20	processmonitor.app
Details	Domain	8	app.app
Details	Domain	3	target.run
Details	Domain	359	com.apple
Details	Domain	14	in.read
Details	Domain	41	officestoragebox.com
Details	Domain	40	visualstudiofactory.com
Details	Domain	40	azuredeploystore.com
Details	Domain	42	msstorageboxes.com
Details	Domain	41	officeaddons.com
Details	Domain	39	sourceslabs.com
Details	Domain	41	zacharryblogs.com
Details	Domain	41	pbxcloudeservices.com
Details	Domain	41	pbxphonenetwork.com
Details	Domain	40	akamaitechcloudservices.com
Details	Domain	40	azureonlinestorage.com
Details	Domain	40	msedgepackageinfo.com
Details	Domain	41	glcloudservice.com
Details	Domain	42	pbxsources.com
Details	Domain	20	www.3cx.com
Details	Domain	37	sbmsa.wiki
Details	Domain	2	servicemax.3cx.com
Details	Domain	3	dnsmonitor.app
Details	Domain	1373	twitter.com
Details	Domain	124	www.sentinelone.com
Details	Domain	8	objective-see.org
Details	Domain	182	www.mandiant.com
Details	Domain	469	www.cisa.gov
Details	Domain	53	developer.apple.com
Details	Email	2	patrick@objective-see.com
Details	File	130	info.pl
Details	File	1	plain.jpg
Details	File	2	rediret.php
Details	File	1	pockbackx.php
Details	File	1	taghelper.php
Details	File	1	decryptconfig.py
Details	File	7	3cxdesktopapp-latest.dmg
Details	File	8	416.dmg
Details	File	5	strings.txt
Details	File	12	systemversion.pl
Details	File	153	config.json
Details	File	1	blog_0x73.html
Details	File	2	blog_0x74.html
Details	File	3	utilities.html
Details	md5	1	d9d19abffc2c7dac11a16745f4aea44f
Details	md5	3	451c23709ecd5a8461ad060f6346930c
Details	sha1	1	5555494424668e99d3173e03a74c86801f09f4a9
Details	sha1	2	55554944839216049d683075bc3f5a8628778bb8
Details	sha256	16	a64fa9f1c76457ecc58402142a8728ce34ccba378c17318b3340083eeb7acc67
Details	sha256	4	6c121f2b2efa6592c2c22b29218157ec9e63f385e7a1d7425857d603ddef8c59
Details	Mandiant Uncategorized Groups	59	UNC4736
Details	Url	2	https://airbseeker.com/rediret.php
Details	Url	1	https://globalkeystroke.com/pockbackx.php
Details	Url	1	https://www.woodmate.it/administrator/help/en-gb/bins/tags/taghelper.php
Details	Url	1	https://airbseeker.com/rediret.php...https://globalkeystroke.com/pockbackx.
Details	Url	1	https://airbseeker.com/rediret.php...https://www.woodmate.it/administrator/help/en-
Details	Url	4	https://akamaitechcloudservices.com/v2/fileapi
Details	Url	8	https://sbmsa.wiki/blog/_insert
Details	Url	2	https://servicemax.3cx.com/provisioning/<redacted>/<redacted>/<redacted>.xml
Details	Url	2	https://sbmsa.wiki/blog/_insert.
Details	Url	1	https://www.3cx.com
Details	Url	1	https://twitter.com/crowdstrike/status/1641167508215349249.
Details	Url	1	https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-
Details	Url	1	https://objective-see.org/blog/blog_0x73.html
Details	Url	2	https://objective-see.org/blog/blog_0x74.html
Details	Url	1	https://www.mandiant.com/resources/blog/3cx-software-supply-
Details	Url	1	https://www.3cx.com/blog/news/mandiant-security-update2/.
Details	Url	1	https://www.3cx.com/blog/news/mandiant-initial-results/.
Details	Url	2	https://www.cisa.gov/news-events/analysis-reports
Details	Url	1	https://objective-see.org/products/utilities.html#filemonitor
Details	Url	1	https://objective-see.org/products/utilities.html#processmonitor
Details	Url	1	https://developer.apple.com/documentation
Details	Url	1	https://objective-see.org/products/utilities.html#dnsmonitor
Details	Url	1	https://twitter.com/juanandres_gs/status/1642151623605510144.