ioc[.]one - OSINT Cyber Threat Intelligence Database

Mac Users Targeted by Trojanized iTerm2 App

Tags

country:	China Hong Kong
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Bash History - T1552.003 Data From Configuration Repository - T1602 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Keychain - T1634.001 Keychain - T1555.001 Keychain - T1579 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Python - T1059.006 Search Engines - T1593.002 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Tool - T1588.002 Whois - T1596.002 Bash History - T1139 Connection Proxy - T1090 Data From Local System - T1005 Deobfuscate/Decode Files Or Information - T1140 Exfiltration Over Command And Control Channel - T1041 Keychain - T1142 Masquerading - T1036

Show in Graph

Common Information

Type	Value
UUID	5ba51069-ca2d-4b4d-b770-336321648894
Fingerprint	9000ab5321760386
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 30, 2021, midnight
Added to db	Oct. 16, 2024, 1:14 a.m.
Last updated	Nov. 17, 2024, 6:30 p.m.
Headline	Mac Users Targeted by Trojanized iTerm2 App
Title	Mac Users Targeted by Trojanized iTerm2 App
Detected Hints/Tags/Attributes	62/3/56

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_se/research/21/i/mac-users-targeted-by-trojanized-iterm2-app.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	item2.net
Details	Domain	4	iterm2.com
Details	Domain	2	iterm2.net
Details	Domain	2	www.kaidingle.com
Details	Domain	1	iterm2.app
Details	Domain	1	iterm.app.zip
Details	Domain	1	snailsvn.cn
Details	Domain	1	kaidingle.com
Details	Domain	1	rjxz.jxhwst.top
Details	Domain	1	remotedesktop.vip
Details	Domain	1	jxhwst.top
Details	Domain	27	com.microsoft
Details	File	3	trojanspy.py
Details	File	7	g.py
Details	File	2	iterm.dmg
Details	File	13	login.key
Details	File	17	app.zip
Details	File	2	securecrt.dmg
Details	File	1	desktop.dmg
Details	File	2	navicat15_cn.dmg
Details	File	1	securectr.dmg
Details	File	6	u.php
Details	sha256	1	5f59ead37fa836c6329a7ba3edd4afc9a2c5fec61de4e0cdb8e8a41031ae4db0
Details	sha256	1	ae0510032cd4699ef17de7ed1587918ffcd7ff7c9a77fc45f9d68effe2934132
Details	sha256	1	1e462f8716275dbae6acb3ff4f7a95624c1afb23c5069fa42a14ed49c2588921
Details	sha256	1	5ca2fb207762e886dd3336cf1cb92c28f096a5fbb1798ea6721b7c94c1395259
Details	sha256	1	6df91af12c87874780cc9d49e700161e1ead71ae045954adbe7633ec9e5e45ff
Details	sha256	1	91541cfc0474d6c06376460759517ae94f36fca74d5ab84cf5c23d98bd33939e
Details	sha256	1	79ef23214c61228a03faea00a1859509ea3bf0247219d65ae6de335fde4061f5
Details	sha256	1	f005ea1db6da3f56e4c8b1135218b1da56363b077d3be7d218d8284444d7824f
Details	sha256	1	d12ef7f6de48c09e84143e90fe4a4e7b1b3d10cee5cd721f7fdf61e62e08e749
Details	sha256	1	a83edc0eb5a2f1db62acfa60c666b5a5c53733233ce264702a16cb5220df9d4e
Details	sha256	3	e5126f74d430ff075d6f7edcae0c95b81a5e389bf47e4c742618a042f378a3fa
Details	sha256	1	4e8287b61b0269e0d704c6d064cb584c1378e9b950539fea366ee304f695743f
Details	sha256	1	4aece9a7d73c1588ce9441af1df6856d8e788143cd9e53a2e9cf729e23877343
Details	sha256	1	8db4f17abc49da9dae124f5bf583d0645510765a6f7256d264c82c2b25becf8b
Details	sha256	1	62cae3c971ed01c61454e4c3d9a8439cdcb409a8e1c5641e5c7c4ac7667cb5e5
Details	sha256	1	aba7c61d2c16cdae17785a38b070df57aa3009f00686881642be31a589fabe0a
Details	sha256	1	af2cb957387b7c4b0c5c9fa24a711988c9e8802e758622b321c9bdc5720120d2
Details	sha256	1	e8184e1169373e2d529f23b9842f258dddc1d24c77ced0d12b08959967dfadef
Details	sha256	1	2c269ff4216dc6a14fd81ffe541994531b23a1d8e0fbd75b9316a9fa0e0d5fef
Details	sha256	1	ffb0a802fdf054d4988d68762d9922820bdc3728f0378fcd6c4ed28c06da5cf0
Details	IPv4	4	47.75.123.111
Details	IPv4	1	43.129.218.115
Details	IPv4	3	47.75.96.198
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	7	T1602
Details	MITRE ATT&CK Techniques	422	T1041
Details	Url	2	http://www.kaidingle.com/iterm/iterm.dmg
Details	Url	2	http://47.75.123.111/g.py
Details	Url	2	http://47.75.123.111/googleupdate
Details	Url	1	http://rjxz.jxhwst.top/3
Details	Url	1	http://remotedesktop.vip
Details	Url	1	http://47.75.123.111/u.php