ioc[.]one - OSINT Cyber Threat Intelligence Database

Mac Malware Steals Cryptocurrency Exchanges’ Cookies

Tags

country:	Japan
attack-pattern:	Data Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Private Keys - T1552.004 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Web Cookies - T1606.001 Connection Proxy - T1090 Private Keys - T1145

Show in Graph

Common Information

Type	Value
UUID	ad7297b6-493d-4a33-9769-e15074956289
Fingerprint	80b58d13078f35cb
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 31, 2019, 2 p.m.
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 18, 2024, 1:24 p.m.
Headline	Mac Malware Steals Cryptocurrency Exchanges’ Cookies
Title	Mac Malware Steals Cryptocurrency Exchanges’ Cookies
Detected Hints/Tags/Attributes	55/2/23

Source URLs

	Redirection	Url
Details	Source	https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	victims.it
Details	Domain	1	mac.by
Details	Domain	4132	github.com
Details	Domain	14	www.blockchain.com
Details	Domain	2	harmlesslittlecode.py
Details	Domain	2	koto-pool.work
Details	Domain	3	ptpb.pw
Details	Domain	4	uploadminer.sh
Details	Domain	359	com.apple
Details	File	2	harmlesslittlecode.py
Details	File	2	rig2.pl
Details	File	4	proxy.ini
Details	File	4	tialize.pl
Details	sha256	1	c65e65207f6f9f8df05e02c893de5b3c04825ac67bec391f0b212f4f33a31e80
Details	sha256	1	485c2301409a238affc713305dc1a465afa9a33696d58e8a84e881a552b82b06
Details	sha256	1	27ccebdda20264b93a37103f3076f6678c3446a2c2bfd8a73111dbc8c7eeeb71
Details	sha256	1	91b3f5e5d3b4e669a49d9c4fc044d0025cabb8ebb08f8d1839b887156ae0d6dd
Details	sha256	1	cdb2fb9c8e84f0140824403ec32a2431fb357cd0f184c1790152834cc3ad3c1b
Details	sha256	1	ede858683267c61e710e367993f5e589fcb4b4b57b09d023a67ea63084c54a05
Details	IPv4	4	46.226.108.171
Details	Url	1	https://github.com/kennell/curldrop
Details	Url	1	https://ptpb.pw/oazg.
Details	Url	1	https://ptpb.pw/oazg