Analyzing a watering hole campaign using macOS exploits
Tags
country: Hong Kong
maec-delivery-vectors: Watering Hole
attack-pattern: Data Model Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Hardware - T1592.001 Javascript - T1059.007 Keylogging - T1056.001 Keylogging - T1417.001 Python - T1059.006 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Screen Capture - T1113 Screen Capture
Show in Graph
Common Information
Type Value
UUID 116008e2-4abe-4d30-bf13-87fc929104d4
Fingerprint bcb119f5a78fe5a3
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 11, 2021, midnight
Added to db Sept. 11, 2022, 12:36 p.m.
Last updated Oct. 16, 2024, 3:03 a.m.
Headline Analyzing a watering hole campaign using macOS exploits
Title Analyzing a watering hole campaign using macOS exploits
Detected Hints/Tags/Attributes 53/3/39
Source URLs
Redirection Url
Details Source https://blog.google/threat-analysis-group/analyzing-watering-hole-campaign-using-macos-exploits/
URL Provider
Details Provider Source level domain
Details blog.google blog.google
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 35 Threat Analysis Group (TAG) https://blog.google/threat-analysis-group/rss/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 11 
cve-2021-30869
Details CVE 5 
cve-2019-8506
Details CVE 10 
cve-2021-1789
Details CVE 7 
cve-2020-27932
Details CVE 13 
cve-2021-37973
Details CVE 11 
cve-2021-37976
Details Domain 1 
backdoor.as
Details Domain 3 
code.in
Details Domain 1 
appleid-server.com
Details Domain 1 
www.apple-webservice.com
Details Domain 2 
amnestyhk.org
Details File 2 
capstone.js
Details File 1 
6ne5djzum2wv.html
Details File 1 
00anw8lt0nem.html
Details File 1 
evgsou39kpft.html
Details File 1 
7pvwm74vusn2.html
Details File 2 
defaultaa.html
Details File 2 
4ba29d5b72266b28.html
Details File 3 
mac.js
Details sha256 1 
cbbfd767774de9fecc4f8d2bdc4c23595c804113a3f6246ec4dfe2b47cb4d34c
Details sha256 1 
bc6e488e297241864417ada3c2ab9e21539161b03391fc567b3f1e47eb5cfef9
Details sha256 1 
9d9695f5bb10a11056bf143ab79b496b1a138fbeb56db30f14636eed62e766f8
Details sha256 1 
8fae0d5860aa44b5c7260ef7a0b277bcddae8c02cea7d3a9c19f1a40388c223f
Details sha256 1 
df5b588f555cccdf4bbf695158b10b5d3a5f463da7e36d26bdf8b7ba0f8ed144
Details sha256 2 
cf5edcff4053e29cb236d3ed1fe06ca93ae6f64f26e25117d68ee130b9bc60c8
Details sha256 2 
f0b12413c9d291e3b9edd1ed1496af7712184a63c066e1d5b2bb528376d66ebc
Details IPv4 1 
103.255.44.56
Details IPv4 1 
123.1.170.152
Details IPv4 1 
207.148.102.208
Details Url 1 
http://103.255.44.56:8372/6ne5djzum2wv.html
Details Url 1 
http://103.255.44.56:8371/00anw8lt0nem.html
Details Url 1 
http://103.255.44.56:8371/sxym5vpo2mgj?rid=
Details Url 1 
http://103.255.44.56:8371/iwbvexrdvqyq?rid=
Details Url 1 
https://appleid-server.com/evgsou39kpft.html
Details Url 1 
https://www.apple-webservice.com/7pvwm74vusn2.html
Details Url 1 
https://appleid-server.com/server.enc
Details Url 2 
https://amnestyhk.org/ss/defaultaa.html
Details Url 2 
https://amnestyhk.org/ss/4ba29d5b72266b28.html
Details Url 2 
https://amnestyhk.org/ss/mac.js