ioc[.]one - OSINT Cyber Threat Intelligence Database

Mac users targeted in new malvertising campaign delivering Atomic Stealer

Tags

country:	Belarus
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Keychain - T1634.001 Keychain - T1555.001 Keychain - T1579 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Search Engines - T1593.002 Server - T1583.004 Server - T1584.004 Software - T1592.002 Keychain - T1142

Show in Graph

Common Information

Type	Value
UUID	42634bd8-8bac-4358-ac37-f7666f7e24a5
Fingerprint	d524b1d18bb6268c
Analysis status	DONE
Considered CTI value	0
Text language
Published	Sept. 6, 2023, midnight
Added to db	Oct. 24, 2023, 1:13 p.m.
Last updated	Sept. 3, 2024, 2:55 a.m.
Headline	Mac users targeted in new malvertising campaign delivering Atomic Stealer
Title	Mac users targeted in new malvertising campaign delivering Atomic Stealer
Detected Hints/Tags/Attributes	32/3/11

Source URLs

	Redirection	Url
Details	Source	https://www.malwarebytes.com/blog/threat-intelligence/2023/09/atomic-macos-stealer-delivered-via-malvertising

URL Provider

Details	Provider	Source level domain
Details	malwarebytes.com	www.malwarebytes.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	1		u0131ews.com
Details	Domain	1		trabingviews.com
Details	Domain	1		app-downloads.org
Details	Domain	1		xn--tradgsvews-0ubd3y.com
Details	File	1		tview.php
Details	File	3		tradingview.dmg
Details	sha256	1		6b0bde56810f7c0295d57c41ffa746544a5370cedbe514e874cf2cd04582f4b0
Details	sha256	1		ce3c57e6c025911a916a61a716ff32f2699f3e3a84eb0ebbe892a5d4b8fb9c7a
Details	IPv4	2		185.106.93.154
Details	Url	1		https://cdn.discordapp.com/attachments/1062068770551631992/1146489462025629766/tradingview-x64.msix
Details	Url	1		https://app-downloads.org/tview.php