ioc[.]one - OSINT Cyber Threat Intelligence Database

Mac Malware of 2017

Tags

country:	Germany Iran Italy Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Applescript - T1059.002 Clipboard Data - T1414 Credentials - T1589.001 Keychain - T1634.001 Keychain - T1555.001 Keychain - T1579 Keylogging - T1056.001 Keylogging - T1417.001 Launch Agent - T1543.001 Launch Daemon - T1543.004 Launchctl - T1569.001 Login Hook - T1037.002 Login Items - T1547.015 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Python - T1059.006 Rc Scripts - T1037.004 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 Ssh - T1021.004 Tool - T1588.002 Applescript - T1155 Brute Force - T1110 Clipboard Data - T1115 Connection Proxy - T1090 Keychain - T1142 Launch Agent - T1159 Launch Daemon - T1160 Launchctl - T1152 Login Item - T1162 Rc.Common - T1163 Sudo - T1169

Show in Graph

Common Information

Type	Value
UUID	23765471-f072-4b0a-8e8e-34cf1c949c16
Fingerprint	b625ac980d770fcb
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 1, 2016, midnight
Added to db	June 5, 2023, 11:24 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	UNKNOWN
Title	Mac Malware of 2017
Detected Hints/Tags/Attributes	204/3/114

Source URLs

	Redirection	Url
Details	Source	https://objective-see.com/blog/blog_0x25.html#MacDownloader
Details	Source	https://objective-see.com/blog/blog_0x25.html#Snake
Details	Redirection	https://objective-see.com/blog/blog_0x25.html
Details	Source	https://objective-see.com/blog/blog_0x25.html#Dok
Details	Source	https://objective-see.com/blog/blog_0x25.html#Empyre
Details	Source	https://objective-see.com/blog/blog_0x25.html#FileCoder
Details	Source	https://objective-see.com/blog/blog_0x25.html#FruitFly
Details	Source	https://objective-see.com/blog/blog_0x25.html#Proton
Details	Source	https://objective-see.com/blog/blog_0x25.html#XAgent
Details	Source	https://objective-see.org/blog/blog_0x25.html

URL Provider

Details	Provider	Source level domain
Details	objective-see.com	objective-see.com
Details	objective-see.org	objective-see.org

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	186	✔	Objective-See's Blog	https://objective-see.org/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	flashplayer.app
Details	Domain	4	store.app
Details	Domain	5	automator.app
Details	Domain	25	calculator.app
Details	Domain	4	calendar.app
Details	Domain	4	chess.app
Details	Domain	1	dock.app
Details	Domain	1	spotlight.app
Details	Domain	11	safari.app
Details	Domain	5	ps.stdout.read
Details	Domain	54	re.search
Details	Domain	3	www.securitychecking.org
Details	Domain	1	malware.py
Details	Domain	4	handbrake.app
Details	Domain	111	www.apple.com
Details	Domain	359	com.apple
Details	Domain	2	proton.zip
Details	Domain	11	script.google.com
Details	Domain	4	cr.zip
Details	Domain	2	ff.zip
Details	Domain	2	mozilla.sh
Details	Domain	2	sf.zip
Details	Domain	2	op.zip
Details	Domain	3	kc.zip
Details	Domain	2	handbrakestore.com
Details	Domain	2	handbrake.cc
Details	Domain	2	luwenxdsnhgfxckcjgxvtugj.com
Details	Domain	2	6gmvshjdfpfbeqktpsde5xav.com
Details	Domain	2	kjfnbfhu7ndudgzhxpwnnqkc.com
Details	Domain	2	yaxw8dsbttpwrwlq3h6uc9eq.com
Details	Domain	2	qrtfvfysk4bdcwwwe9pxmqe9.com
Details	Domain	2	fyamakgtrrjt9vrwhmc76v38.com
Details	Domain	2	kcdjzquvhsua6hlfbmjzkzsb.com
Details	Domain	2	ypu4vwlenkpt29f95etrqllq.com
Details	Domain	2	au.pub
Details	Domain	1	updateragent.app
Details	Domain	3	patcher.app
Details	Domain	2	dokument.zip
Details	Domain	2	paoyu7gub72lykuk.onion
Details	Domain	291	raw.githubusercontent.com
Details	Domain	129	api.ipify.org
Details	Domain	11	player.app
Details	Domain	79	install.sh
Details	Domain	2	installd.sh
Details	Domain	1	car-service.effers.com
Details	Domain	1	vlone.cc
Details	Domain	1	asset.zip
Details	Domain	1	fonts.zip
Details	Domain	1	www.vlone.cc
Details	Domain	1	jumpcash.xyz
Details	Domain	16	xmr.pool.minergate.com
Details	Domain	136	mail.com
Details	Email	1	jeffguyen@mail.com
Details	File	5	client.pl
Details	File	2	applist.txt
Details	File	1	kcbackup.cfg
Details	File	1	apsd.key
Details	File	9	system.key
Details	File	3	peace.docm
Details	File	29	vbaproject.bin
Details	File	58	document.xml
Details	File	14	theme1.xml
Details	File	35	index.asp
Details	File	4	malware.py
Details	File	3	activity_agent.pl
Details	File	1	updateragent.pl
Details	File	2	xpcd.pl
Details	File	2	proton.zip
Details	File	6	str.txt
Details	File	4	cr.zip
Details	File	2	cr_def.zip
Details	File	2	ff.zip
Details	File	60	cookies.sql
Details	File	15	formhistory.sql
Details	File	64	logins.json
Details	File	2	sf.zip
Details	File	2	op.zip
Details	File	3	kc.zip
Details	File	2	gnu_pw.zip
Details	File	2	info_.pl
Details	File	130	info.pl
Details	File	2	au.pub
Details	File	6	updates.pl
Details	File	367	readme.txt
Details	File	2	dokument.zip
Details	File	1	pac.pl
Details	File	2	proxy.pl
Details	File	7	update.pl
Details	File	1	mm_snake_queuefile.py
Details	File	1	webkit.pl
Details	File	6	finder.pl
Details	File	2	pleasedontencryptme.txt
Details	File	1	asset.zip
Details	File	1	fonts.zip
Details	File	4	d.zip
Details	File	1	webtwainservice.pl
Details	File	1	webtwain.log
Details	File	1	cpucooler.pl
Details	File	1	decrypt_strings.py
Details	Github username	8	homebrew
Details	md5	3	fff96aed07cb7ea65e7f031bd714607d
Details	sha1	1	0d35855003ce4f920addb805fb240786443169c4
Details	sha1	1	ffc1a65f9153c94999212fb8bd7e3950eca035ae
Details	IPv4	295	8.8.8.8
Details	IPv4	1441	127.0.0.1
Details	Threat Actor Identifier - APT	783	APT28
Details	Url	3	https://www.securitychecking.org:443/index.asp').read
Details	Url	2	https://www.securitychecking.org:443/index.asp
Details	Url	73	http://www.apple.com/dtds/propertylist-1.0.dtd
Details	Url	2	https://script.google.com/macros/s/akfycbyd5acbanwi2yn0xhfrbyzs4qmq1vucmvgvvhul5xqs9hkayjy/exec
Details	Url	5	https://raw.githubusercontent.com/homebrew/install/master/install
Details	Url	2	http://127.0.0.1:5555/${str}.js?ip=
Details	Url	1	https://vlone.cc/abc/assets/asset.zip
Details	Url	1	https://www.vlone.cc/abc/assets/d.zip