How a New macOS Malware Dropper Delivers VindInstaller Adware
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Applescript - T1059.002 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Tool - T1588.002 Applescript - T1155 |
Common Information
| Type | Value |
|---|---|
| UUID | 2286887b-275f-4cb3-b254-556ddb8eff2f |
| Fingerprint | b560998429f58787 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 29, 2020, midnight |
| Added to db | Jan. 18, 2023, 11:41 p.m. |
| Last updated | Sept. 1, 2024, 4:35 p.m. |
| Headline | How a New macOS Malware Dropper Delivers VindInstaller Adware |
| Title | How a New macOS Malware Dropper Delivers VindInstaller Adware |
| Detected Hints/Tags/Attributes | 34/2/34 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 16 | installer.app |
|
| Details | Domain | 1 | installer.installerapi.com |
|
| Details | Domain | 1 | installer.yougotupdated.com |
|
| Details | Domain | 1 | tracking.uzasignals.com |
|
| Details | Domain | 1 | tracker.installerapi.com |
|
| Details | File | 1 | installgenieo.dmg |
|
| Details | File | 1 | flashinstaller.dmg |
|
| Details | sha256 | 1 | 58490b58afbb533bbcb28cb756e5f91fe0eeb765ca571ac97e9f7104a317562e |
|
| Details | sha256 | 1 | 97ef25ad5ffaf69a74f8678665179b917007c51b5b69d968ffd9edbfdf986ba0 |
|
| Details | sha256 | 1 | d49ee2850277170d6dc7ef5f218b0697683ffd7cc66bd1a55867c4d4de2ab2fb |
|
| Details | sha256 | 1 | 907c31b2da15aa14d06c6e828eef6ca627bd1af88655314548f747e5ed2f5697 |
|
| Details | sha256 | 1 | 05b9383b6af36e6bf232248bf9ff44e9120afcf76e50ac8aa28f09b3307f4186 |
|
| Details | sha256 | 1 | 4f47a06190cbdaac457d86f77baa22313ce6b1d3939e0ff4fa3cadf5a680b6c9 |
|
| Details | sha256 | 1 | 709f633b12a335911ce213419c72062d05f538abdc412b659cdb10d4db9006ce |
|
| Details | sha256 | 1 | 3af1c03214cd194b94c6fe0891de6c5201cc8d13d009c04ef383d67e1a750b2b |
|
| Details | sha256 | 1 | ee7db16ca9eac460b748957cd0a33548ef015e12f9f6fadcea30671204c3c4ba |
|
| Details | IPv4 | 1 | 172.67.197.161 |
|
| Details | IPv4 | 1 | 104.18.51.67 |
|
| Details | IPv4 | 1 | 104.31.89.115 |
|
| Details | IPv4 | 1 | 104.31.88.115 |
|
| Details | IPv4 | 1 | 172.67.186.96 |
|
| Details | Url | 1 | http://installer.installerapi.com/offers |
|
| Details | Url | 1 | http://installer.yougotupdated.com/updates/% |
|
| Details | Url | 1 | http://tracking.uzasignals.com/signals/% |
|
| Details | Url | 1 | http://tracker.installerapi.com/visit/meta?mid=% |
|
| Details | Url | 1 | http://tracker.installerapi.com/visit/meta?response=pipe |
|
| Details | Url | 1 | http://installer.installerapi.com/offers/detections?vid=% |
|
| Details | Url | 1 | http://installer.installerapi.com/offers?response=json&os=mac% |
|
| Details | Url | 1 | http://installer.installerapi.com/offers/% |
|
| Details | Url | 1 | http://tracker.installerapi.com/statistics/event?origin=installer&name=% |
|
| Details | Url | 1 | http://installer.yougotupdated.com |
|
| Details | Url | 1 | http://tracker.installerapi.com |
|
| Details | Url | 1 | http://tracker.installerapi.com/statistics |
|
| Details | Url | 1 | http://tracking.uzasignals.com |