Another OSX.Dok dropper found installing new backdoor | Malwarebytes Labs
Tags
cmtmf-attack-pattern: Masquerading
maec-delivery-vectors: Watering Hole
attack-pattern: Data Code Signing - T1553.002 Code Signing Certificates - T1587.002 Code Signing Certificates - T1588.003 Hardware - T1592.001 Keychain - T1634.001 Keychain - T1555.001 Keychain - T1579 Launch Agent - T1543.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Phishing - T1660 Phishing - T1566 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Code Signing - T1116 Keychain - T1142 Launch Agent - T1159 Masquerading - T1036 Masquerading
Show in Graph
Common Information
Type Value
UUID 8a9e51bd-d418-4c6c-9d1e-0e05f879c097
Fingerprint 27e42808ad3e25cb
Analysis status DONE
Considered CTI value 0
Text language
Published May 1, 2017, midnight
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 12, 2024, 11:51 a.m.
Headline Another OSX.Dok dropper found installing new backdoor
Title Another OSX.Dok dropper found installing new backdoor | Malwarebytes Labs
Detected Hints/Tags/Attributes 37/3/6
Source URLs
Redirection Url
Details Source https://blog.malwarebytes.com/threat-analysis/2017/05/another-osx-dok-dropper-found-installing-new-backdoor/
URL Provider
Details Provider Source level domain
Details malwarebytes.com blog.malwarebytes.com
Attributes
Details Type #Events CTI Value
Details Domain 2 
dokument.app
Details Domain 2 
appstore.app
Details Domain 359 
com.apple
Details File 1 
bella.db
Details File 1 
itunes.pl
Details IPv4 1 
185.68.93.74