ioc[.]one - OSINT Cyber Threat Intelligence Database

New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects | Microsoft Security Blog

Tags

cmtmf-attack-pattern:	Code Injection
country:	Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Applescript - T1059.002 Artificial Intelligence - T1588.007 Code Injection - T1540 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Javascript - T1059.007 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 System Information Discovery - T1426 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Applescript - T1155 Browser Extensions - T1176 Scripting - T1064 System Information Discovery - T1082 Scripting

Show in Graph

Common Information

Type	Value
UUID	81c1bd56-2918-432e-83c0-7c02565d5fce
Fingerprint	3d832a936de72fad
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 11, 2025, 9 a.m.
Added to db	March 11, 2025, 6:20 p.m.
Last updated	March 20, 2025, 2:43 p.m.
Headline	New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects
Title	New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects \| Microsoft Security Blog
Detected Hints/Tags/Attributes	108/4/50

Source URLs

	Redirection	Url
Details	Source	https://www.microsoft.com/en-us/security/blog/2025/03/11/new-xcsset-malware-adds-new-obfuscation-persistence-techniques-to-infect-xcode-projects/

URL Provider

Details	Provider	Source level domain
Details	microsoft.com	www.microsoft.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	338	✔	Microsoft Security Blog	https://www.microsoft.com/security/blog/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	3	bulknames.ru
Details	Domain	2	com.apple.launchservices.secure
Details	Domain	400	com.apple
Details	Domain	5	reminders.app
Details	Domain	14	finder.app
Details	Domain	2	xcsset.sc
Details	Domain	2	xcsset.se
Details	Domain	2	xcsset.st
Details	Domain	2	xccset.se
Details	Domain	2	xccset.sg
Details	Domain	2	xccset.si
Details	Domain	2	xccset.sj
Details	Domain	2	xccset.sk
Details	Domain	2	xccset.sh
Details	Domain	2	xccset.sd
Details	Domain	3	castlenet.ru
Details	Domain	3	chaoping.ru
Details	Domain	3	devapple.ru
Details	Domain	3	gigacells.ru
Details	Domain	3	gizmodoc.ru
Details	Domain	3	trixmate.ru
Details	Domain	3	itoyads.ru
Details	Domain	3	rigglejoy.ru
Details	Domain	3	rutornet.ru
Details	Domain	3	sigmate.ru
Details	Domain	3	vivatads.ru
Details	Domain	3	figmasol.ru
Details	Domain	2	simulatortrampoline.app
Details	Domain	24	terminal.app
Details	Domain	146	aka.ms
Details	Domain	490	asp.net
Details	File	147	info.pl
Details	File	2	secure.pl
Details	File	38	prefs.js
Details	File	104	manifest.json
Details	File	36	out.txt
Details	File	134	test.txt
Details	sha256	3	d338dc9a75a14753f57399815b5d996a1c5e65aa4eb203222d8c85fb3d74b02f
Details	sha256	3	56670f51f94080f1ae45f2a433767f210f290835bf582e1a2e1876f1028832de
Details	sha256	3	f67e2a27f0d1a4667b065ab05f884ff881eb7627e9d458f97f2204647b339c6e
Details	sha256	3	25d226d5cb0c74ed5b1b85f12d53a4c2de2147ff464b2a35db03987015b11e24
Details	sha256	3	c2a7970216576a6b8f74528ffcfa51aa2b72b7f3e4237d97715b1b5ba80b25ca
Details	sha256	3	8cec3c106659709017bb253becf68296c7bf13e76fa92b4450c281003d225645
Details	sha256	3	ea90c72e67f1c9a9231732119576a7dcb29471f7da428866187d4326e78097f2
Details	sha256	3	ff83f53a383ba3f1d6b002006adf16a7f0b3263185d56cb70104889874d67c5d
Details	sha256	3	cc37a01d3351b3c166f04aec6f52849e909b0b9c8d55095d730c660691b1ba66
Details	Microsoft Threat Actor Naming Taxonomy (Groups in development)	20	Storm-2372
Details	Url	2	https://bulknames.ru/a.
Details	Url	2	https://bulknames.ru/a
Details	Url	44	https://aka.ms/threatintelblog.