Flurry of new Mac malware drops in December | Malwarebytes Labs
Tags
country: Netherlands Germany Luxembourg
attack-pattern: Ip Addresses - T1590.005 Launch Agent - T1543.001 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Visual Basic - T1059.005 Launch Agent - T1159
Show in Graph
Common Information
Type Value
UUID 1e7e3501-d1e5-44ec-b3c1-1dafc8a0dc78
Fingerprint ad3209112cba25d2
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 11, 2018, midnight
Added to db Jan. 18, 2023, 8:35 p.m.
Last updated Nov. 17, 2024, 12:55 p.m.
Headline Flurry of new Mac malware drops in December
Title Flurry of new Mac malware drops in December | Malwarebytes Labs
Detected Hints/Tags/Attributes 40/2/14
Source URLs
Redirection Url
Details Source https://blog.malwarebytes.com/threat-analysis/2018/12/flurry-new-mac-malware-drops-december/
URL Provider
Details Provider Source level domain
Details malwarebytes.com blog.malwarebytes.com
Attributes
Details Type #Events CTI Value
Details Domain 5 
ps.stdout.read
Details Domain 54 
re.search
Details Domain 359 
com.apple
Details Domain 1 
discordapp.app.zip
Details File 3 
bitcoinmagazine-quidax_interviewquestions_2018.docm
Details File 35 
index.asp
Details File 28 
apple.sys
Details File 1 
temkeeper.pl
Details File 17 
app.zip
Details md5 1 
7b3639a4ab39765739a5e0ed75bc8016
Details sha256 1 
4454e768b295ed2869f657b2e9f47421b6ca0548e67092735665cd339a41dddb
Details sha256 1 
a899a7d33d9ba80b6f9500585fa108178753894dfd249c2ba64c9d6a601c516b
Details IPv4 2 
37.1.221.204
Details Url 1 
http://37.1.221.204:8080/index.asp').read