ioc[.]one - OSINT Cyber Threat Intelligence Database

macOS Bundlore: Mac Virus Bypassing macOS Security Features

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Applescript - T1059.002 Domains - T1583.001 Domains - T1584.001 Hidden Window - T1564.003 Ip Addresses - T1590.005 Javascript - T1059.007 Login Items - T1547.015 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Search Engines - T1593.002 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Applescript - T1155 Hidden Window - T1143 Sudo - T1169

Show in Graph

Common Information

Type	Value
UUID	b1384798-14cb-4629-8454-2f4f5d0366cd
Fingerprint	643645446d17a1a7
Analysis status	DONE
Considered CTI value	0
Text language
Published	April 17, 2019, midnight
Added to db	Sept. 26, 2022, 9:32 a.m.
Last updated	Nov. 12, 2024, 11:51 a.m.
Headline	macOS Bundlore: Mac Virus Bypassing macOS Security Features
Title	macOS Bundlore: Mac Virus Bypassing macOS Security Features
Detected Hints/Tags/Attributes	65/2/29

Source URLs

	Redirection	Url
Details	Source	https://mackeeper.com/blog/post/610-macos-bundlore-adware-analysis/

URL Provider

Details	Provider	Source level domain
Details	mackeeper.com	mackeeper.com

Attributes

Details	Type	#Events	Value
Details	Domain	79	install.sh
Details	Domain	1	otcct.beforeoctavia.site
Details	Domain	3	service.macinstallerinfo.com
Details	Domain	1	events.ponystudent.win
Details	Domain	1	service.ezsoftwareupdater.com
Details	Domain	2	events.blitzbarbara.win
Details	Domain	1	events.mycouponsmartmac.com
Details	Domain	1	auctioneer.50million.club
Details	Domain	1	tmpmmkey1552298281.pub
Details	Domain	359	com.apple
Details	Domain	1	mycouponize.com
Details	Domain	10	com.google.chrome
Details	Domain	1	cdn.macmymacupdater.com
Details	Domain	2	cdn.mycouponsmartmac.com
Details	Domain	2	cdn.myshopcouponmac.com
Details	Domain	1	events.macinstallerinfo.com
Details	Domain	1	events.ponystudent.com
Details	Domain	1	secure.mycouponsmartmac.com
Details	Domain	2	software.macsoftwareserver05.com
Details	Email	1	name]/extensions/.*@mycouponize.com.xpi
Details	File	24	tcc.db
Details	File	1	tmpmmkey1552298281.pub
Details	File	4	extensions.pl
Details	File	3	safari.pl
Details	File	17	agent.pl
Details	File	1	sandboxbroker.pl
Details	File	6	bookmarks.pl
Details	File	2	chrome.pl
Details	IPv4	1	161.47.20.33