JokerSpy | Unknown Adversary Targeting Organizations with Multi-Stage macOS Malware
Tags
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 4faf66b2-b704-4333-96c9-f3c574b68dfb |
| Fingerprint | b4871d116901836f |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 28, 2023, midnight |
| Added to db | June 28, 2023, 8:59 p.m. |
| Last updated | Nov. 15, 2024, 2:39 p.m. |
| Headline | JokerSpy | Unknown Adversary Targeting Organizations with Multi-Stage macOS Malware |
| Title | JokerSpy | Unknown Adversary Targeting Organizations with Multi-Stage macOS Malware |
| Detected Hints/Tags/Attributes | 49/1/38 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 234 | ✔ | SentinelOne | https://sentinelone.com/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | qrcodewriter.java |
|
| Details | Domain | 3 | www.git-hub.me |
|
| Details | Domain | 1 | preftmp.java |
|
| Details | Domain | 13 | sh.py |
|
| Details | Domain | 4 | appleaccountassistant.app |
|
| Details | Domain | 4 | app.influmarket.org |
|
| Details | Domain | 359 | com.apple |
|
| Details | Domain | 4 | idea.app |
|
| Details | Domain | 5 | iterm.app |
|
| Details | Domain | 4 | code.app |
|
| Details | Domain | 4 | sample.zip |
|
| Details | File | 2 | qrcodewriter.java |
|
| Details | File | 73 | view.php |
|
| Details | File | 7 | p.dat |
|
| Details | File | 1 | preftmp.java |
|
| Details | File | 9 | shared.dat |
|
| Details | File | 15 | sh.py |
|
| Details | File | 3 | sar.dat |
|
| Details | File | 4 | app.inf |
|
| Details | File | 2 | sb.log |
|
| Details | File | 130 | info.pl |
|
| Details | File | 3 | sample.zip |
|
| Details | sha1 | 2 | 55554944f74096a836b73310bd55d97d1dff5cd4 |
|
| Details | sha1 | 1 | 89706d1258b6f1c165ff8d1d6d13346e02b48e22 |
|
| Details | sha1 | 1 | 9860c28299d58e71540c64e56c709aa619cfac27 |
|
| Details | sha1 | 4 | 1ed2c5ee95ab77f8e1c1f5e2bd246589526c6362 |
|
| Details | sha1 | 1 | 1f99081affd7bef83d44e0072eb860d515893698 |
|
| Details | sha1 | 1 | 21ffda8a6a05a007ef92088f99ab54485cfe473d |
|
| Details | sha1 | 1 | 2234c9fc3c3d340f0367c49c6599379b96544b5a |
|
| Details | sha1 | 4 | 370a0bb4177eeebb2a75651a8addb0477b7d610b |
|
| Details | sha1 | 4 | 76b790eb3bed4a625250b961a5dda86ca5cd3a11 |
|
| Details | sha1 | 4 | 937a9811b3e5482eb8f96832454723d59229f945 |
|
| Details | sha1 | 4 | bd8626420ecfd1ab5f4576d83be35edecd8fa70e |
|
| Details | sha1 | 1 | c304aef96a783a39aedf1af30de5d5f1c33c68ca |
|
| Details | sha1 | 4 | c7d6ede0f6ac9f060ae53bb1db40a4fbe96f9ceb |
|
| Details | sha256 | 1 | 89706d1258b6f1c165ff8d1d6d13346e02b48e22d1a741ff451d1cb6ba81bab2 |
|
| Details | IPv4 | 2 | 45.76.238.53 |
|
| Details | Url | 1 | https://www.git-hub.me/view.php |