OSX/Hydromac
Tags
| country: | United States Of America |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Ip Addresses - T1590.005 Launch Daemon - T1543.004 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Software - T1592.002 Launch Daemon - T1160 |
Common Information
| Type | Value |
|---|---|
| UUID | 2df124e4-a07f-490a-92c5-62e88d2f3143 |
| Fingerprint | 86343d2f09539617 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 4, 2021, midnight |
| Added to db | Oct. 22, 2023, 10:29 p.m. |
| Last updated | Nov. 17, 2024, 10:43 p.m. |
| Headline | UNKNOWN |
| Title | OSX/Hydromac |
| Detected Hints/Tags/Attributes | 55/3/9 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Redirection | https://objective-see.com/blog/blog_0x65.html |
| Details | Source | https://objective-see.org/blog/blog_0x65.html |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 186 | ✔ | Objective-See's Blog | https://objective-see.org/rss.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | mapperstate.com |
|
| Details | Domain | 538 | pic.twitter.com |
|
| Details | Domain | 7 | confiant.com |
|
| Details | Domain | 3 | api.mughthesec.com |
|
| Details | 4 | taha@confiant.com |
||
| Details | File | 3 | mapperstate.sys |
|
| Details | sha256 | 2 | 919d049d5490adaaed70169ddd0537bfa2018a572e93b19801cf245f7fd28408 |
|
| Details | sha256 | 2 | 7f7c7e1b181142592b2f8b7c823a969fb79160c9a5920abd718364eae98d1496 |
|
| Details | Yara rule | 2 | rule CFNT_HYDROMAC_COMPONENTS {
meta:
author = "taha@confiant.com"
strings:
$a = "HM_A_Init_1"
$b = "HM_A_Init_1" ascii wide
$c = "HM_RA_Init_1"
$d = "HM_RA_Init_1" ascii wide
$e = "HM_A_P_Init_1"
$f = "HM_A_P_Init_1" ascii wide
condition:
($a) or ($b) or ($c) or ($d) or ($e) or ($f)
} |