ioc[.]one - OSINT Cyber Threat Intelligence Database

Mac cryptocurrency trading application rebranded, bundled with malware | WeLiveSecurity

Tags

cmtmf-attack-pattern:

attack-pattern:

Model Software Discovery - T1418 Bash History - T1552.003 Code Signing - T1553.002 Command-Line Interface - T1605 Commonly Used Port - T1436 Credentials - T1589.001 Data From Local System - T1533 Domains - T1583.001 Domains - T1584.001 Exfiltration Over Alternative Protocol - T1639 File And Directory Discovery - T1420 Ip Addresses - T1590.005 Javascript - T1059.007 Launch Agent - T1543.001 Launchctl - T1569.001 Launchd - T1053.004 Malware - T1587.001 Malware - T1588.001 System Information Discovery - T1426 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Software Discovery - T1518 Steal Web Session Cookie - T1539 Virtualization/Sandbox Evasion - T1497 Virtualization/Sandbox Evasion - T1633 Bash History - T1139 Code Signing - T1116 Command-Line Interface - T1059 Commonly Used Port - T1043 Data From Local System - T1005 Exfiltration Over Alternative Protocol - T1048 File And Directory Discovery - T1083 Launch Agent - T1159 Launchctl - T1152 Network Sniffing - T1040 Screen Capture - T1113 System Information Discovery - T1082 Uncommonly Used Port - T1065 User Execution - T1204 Command-Line Interface Commonly Used Port Network Sniffing Screen Capture User Execution

Show in Graph

Common Information

Type	Value
UUID	ae6ef1a8-8b74-42de-bd2f-e78fc1ab1f88
Fingerprint	9f16cc8a25332ea9
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 16, 2020, 11:30 a.m.
Added to db	Sept. 11, 2022, 12:31 p.m.
Last updated	Nov. 17, 2024, 11:36 p.m.
Headline	Mac cryptocurrency trading application rebranded, bundled with malware
Title	Mac cryptocurrency trading application rebranded, bundled with malware \| WeLiveSecurity
Detected Hints/Tags/Attributes	95/2/76

Source URLs

	Redirection	Url
Details	Source	https://www.welivesecurity.com/2020/07/16/mac-cryptocurrency-trading-application-rebranded-bundled-malware/

URL Provider

Details	Provider	Source level domain
Details	welivesecurity.com	www.welivesecurity.com

Attributes

Details	Type	#Events	Value
Details	Domain	39	run.sh
Details	Domain	33	ipecho.net
Details	Domain	1	stepbystepby.com
Details	Domain	359	com.apple
Details	Domain	1	licatrade.com
Details	Domain	1175	gmail.com
Details	Domain	1	repbaerray.pw
Details	Domain	1	macstockfolio.com
Details	Domain	1	latinumtrade.com
Details	Domain	1	trezarus.com
Details	Domain	1	trezarus.net
Details	Domain	1	cointrazer.com
Details	Domain	1	apperdenta.com
Details	Domain	1	narudina.com
Details	Domain	1	nagsrsdfsudinasa.com
Details	Domain	1	cupatrade.com
Details	Domain	1	creditfinelor.com
Details	Domain	1	maccatreck.com
Details	Domain	123	ipinfo.io
Details	Domain	1	support-sp.apple.com
Details	Domain	34	file.io
Details	Domain	1	licatrade.zip
Details	Domain	1	licatrade.app
Details	Domain	2	agent.ba
Details	Domain	1	cointrazer.zip
Details	Domain	1	cointrazer.app
Details	Domain	1	nytyntrun.sh
Details	Domain	1	agent.az
Details	Domain	1	stockfolio.zip
Details	Domain	5	stockfolio.app
Details	Domain	1	fil.sh
Details	Email	1	levistor777@gmail.com
Details	File	13	link.php
Details	File	28	apple.sys
Details	File	3	tem.pl
Details	File	7	screen.jpg
Details	File	1	h.zip
Details	File	1	licatrade.zip
Details	File	1	cointrazer.zip
Details	File	1	stockfolio.zip
Details	File	6	upd.pl
Details	sha1	1	2ac42d9a11b67e8af7b610aa59aadcf1bd5ede3b
Details	sha1	1	560071ef47fe5417fff62cb5c0e33b0757d197fa
Details	sha1	1	4c688493958cc7cccfcb246e706184dd7e2049ce
Details	sha1	1	9c0d839d1f3da0577a123531e5b4503587d62229
Details	sha1	1	da1fda04d4149ebf93756bcef758eb860d0791b0
Details	sha1	1	f6cd98a16e8cc2dd3ca1592d9911489bb20d1380
Details	sha1	1	575a43504f79297cbfa900b55c12dc83c2819b46
Details	sha1	1	b8f19b02f9218a8dd803da1f8650195833057e2c
Details	sha1	1	af65b1a945b517c4d8baaa706aa19237f036f023
Details	sha1	1	e5d2c7fb4a64eaf444728e5c61f576ff178c5ebf
Details	sha1	1	1bc8ea284f9ce5f5f68c68531a410bcc1ce54a55
Details	sha1	1	bdbd92bff8e349452b07e5f1d2883678658404a3
Details	IPv4	2	193.37.212.97
Details	IPv4	1	85.209.88.123
Details	IPv4	1	85.217.171.87
Details	IPv4	1	193.37.214.7
Details	MITRE ATT&CK Techniques	420	T1204
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	2	T1159
Details	MITRE ATT&CK Techniques	14	T1116
Details	MITRE ATT&CK Techniques	2	T1139
Details	MITRE ATT&CK Techniques	99	T1539
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	238	T1497
Details	MITRE ATT&CK Techniques	42	T1040
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	185	T1518
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	219	T1113
Details	MITRE ATT&CK Techniques	60	T1043
Details	MITRE ATT&CK Techniques	26	T1065
Details	MITRE ATT&CK Techniques	92	T1048
Details	Url	1	http://stepbystepby.com/link.php?
Details	Url	1	https://support-sp.apple.com/sp/product?cc=
Details	Url	3	https://file.io