ioc[.]one - OSINT Cyber Threat Intelligence Database

I see what you did there: A look at the CloudMensis macOS spyware | WeLiveSecurity

Tags

maec-delivery-vectors:

Watering Hole

attack-pattern:

Data Archive Collected Data - T1560 Archive Collected Data - T1532 Archive Via Library - T1560.002 Asymmetric Cryptography - T1521.002 Asymmetric Cryptography - T1573.002 Bidirectional Communication - T1102.002 Bidirectional Communication - T1481.002 Create Or Modify System Process - T1543 Data From Local System - T1533 Encrypted Channel - T1521 Encrypted Channel - T1573 Exfiltration Over Web Service - T1567 Exfiltration To Cloud Storage - T1567.002 Exploits - T1587.004 Exploits - T1588.005 Input Capture - T1417 Keylogging - T1056.001 Keylogging - T1417.001 Launch Daemon - T1543.004 Launchctl - T1569.001 Launchd - T1053.004 Local Email Collection - T1114.001 Malware - T1587.001 Malware - T1588.001 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Subvert Trust Controls - T1632 Subvert Trust Controls - T1553 Symmetric Cryptography - T1521.001 Symmetric Cryptography - T1573.001 Web Service - T1481 Tool - T1588.002 Vulnerabilities - T1588.006 Data From Local System - T1005 Data From Removable Media - T1025 Email Collection - T1114 Input Capture - T1056 Launch Daemon - T1160 Launchctl - T1152 Screen Capture - T1113 Web Service - T1102 Screen Capture

Show in Graph

Common Information

Type	Value
UUID	988a422b-367a-49ea-986a-cad109b6805a
Fingerprint	c4859e712fb19ba1
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 19, 2022, 11:30 a.m.
Added to db	June 15, 2023, 10:44 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	I see what you did there: A look at the CloudMensis macOS spyware
Title	I see what you did there: A look at the CloudMensis macOS spyware \| WeLiveSecurity
Detected Hints/Tags/Attributes	95/2/22

Source URLs

	Redirection	Url
Details	Source	https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/

URL Provider

Details	Provider	Source level domain
Details	welivesecurity.com	www.welivesecurity.com

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	6		cve-2020-9934
Details	Domain	359		com.apple
Details	File	4		windowserver.pl
Details	File	1		itunesinfo29.pl
Details	File	1		itunesinfo28.pl
Details	File	1		itunesinfo.pl
Details	File	24		tcc.db
Details	sha1	3		d7bf702f56ca53140f4f03b590e9afcbc83809db
Details	sha1	3		0aa94d8df1840d734f25426926e529588502bc08
Details	sha1	3		c3e48c2a2d43c752121e55b909fc705fe4fdaef6
Details	MITRE ATT&CK Techniques	8		T1543.004
Details	MITRE ATT&CK Techniques	56		T1553
Details	MITRE ATT&CK Techniques	29		T1560.002
Details	MITRE ATT&CK Techniques	118		T1056.001
Details	MITRE ATT&CK Techniques	219		T1113
Details	MITRE ATT&CK Techniques	534		T1005
Details	MITRE ATT&CK Techniques	34		T1025
Details	MITRE ATT&CK Techniques	34		T1114.001
Details	MITRE ATT&CK Techniques	74		T1573.002
Details	MITRE ATT&CK Techniques	130		T1573.001
Details	MITRE ATT&CK Techniques	33		T1102.002
Details	MITRE ATT&CK Techniques	100		T1567.002