ioc[.]one - OSINT Cyber Threat Intelligence Database

A Deceitful 'Doctor' in the Mac App Store

Tags

country:	China
attack-pattern:	Data Applescript - T1059.002 Dns - T1071.004 Dns - T1590.002 Launchd - T1053.004 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Applescript - T1155 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	714f0df3-6838-4cbf-903f-8773f69fdc46
Fingerprint	1d50d9120f2307b9
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 9, 2018, midnight
Added to db	Nov. 6, 2023, 6:28 p.m.
Last updated	Nov. 17, 2024, 6:30 p.m.
Headline	UNKNOWN
Title	A Deceitful 'Doctor' in the Mac App Store
Detected Hints/Tags/Attributes	63/2/60

Source URLs

	Redirection	Url
Details	Source	https://objective-see.org/blog/blog_0x37.html
Details	Redirection	https://objective-see.com/blog/blog_0x37.html

URL Provider

Details	Provider	Source level domain
Details	objective-see.com	objective-see.com
Details	objective-see.org	objective-see.org

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	186	✔	Objective-See's Blog	https://objective-see.org/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	doctor.zip
Details	Domain	1	adwareres.securemacos.com
Details	Domain	1	www.adwaredoctor.com
Details	Domain	3	webtools.app
Details	Domain	27	com.microsoft
Details	Domain	1	history.zip
Details	Domain	1	adscan.yelabapp.com
Details	Domain	3	https.py
Details	Domain	454	www.google.com
Details	Domain	4	com.apple.security.files.user-selected.read
Details	Domain	1	doctor.app
Details	Domain	3	com.apple.yahoo
Details	Domain	11	player.app
Details	Domain	4	siri.app
Details	Domain	4	chess.app
Details	Domain	2	booth.app
Details	Domain	359	com.apple
Details	Domain	15	dl.google.com
Details	Domain	3	www.charlesproxy.com
Details	Domain	1	download-installer.cdn.mozilla.net
Details	Domain	1	www.yelabapp.com
Details	File	1	doctor.zip
Details	File	2	5.js
Details	File	26	0.js
Details	File	1	file201808243.db
Details	File	17	agent.pl
Details	File	1	webhelper.pl
Details	File	1	haxm.pl
Details	File	1	ovpnagent.pl
Details	File	1	mixlraudiolink.pl
Details	File	1	eupdate.pl
Details	File	1	scanfactory.pl
Details	File	1	scanmanager.pl
Details	File	1	fmpd.pl
Details	File	3	helper.pl
Details	File	1	engine.pl
Details	File	11	history.db
Details	File	1	history.zip
Details	File	3	https.py
Details	File	1	'history.zip
Details	File	2	yahoo.pl
Details	File	1	vmware-tools-userd.pl
Details	File	25	places.sql
Details	File	1	googlechrome.dmg
Details	File	4	6.dmg
Details	File	3	2.dmg
Details	md5	1	48a96e1c00be257debc9c9c58fafaffe
Details	md5	1	f1a19b8929ec88a81a6bdce6d5ee66e6
Details	md5	1	3e653285b290c12d40982e6bb65928c1
Details	md5	1	801e59290d99ecb39fd218227674646e
Details	md5	1	8d0cd4565256a781f73aa1e68e2a63de
Details	md5	1	e233edd82b3dffd41fc9623519ea281b
Details	md5	1	1db830f93667d9c38dc943595dcc2d85
Details	IPv4	1	192.168.86.76
Details	Url	1	http://www.adwaredoctor.com/adware-doctor-faq
Details	Url	1	https://adwareres.securemacos.com/patten/file201808243.db
Details	Url	1	https://www.google.com/search?q=if
Details	Url	1	https://www.google.com/search?q=does
Details	Url	1	https://www.google.com/search?client=safari&rls=en&q=what
Details	Url	1	https://www.google.com/search?client=safari&rls=en&q=where