ioc[.]one - OSINT Cyber Threat Intelligence Database

Updates on Quickly-Evolving ThiefQuest macOS Malware

Tags

country:	Bulgaria
attack-pattern:	Data Applescript - T1059.002 Domains - T1583.001 Domains - T1584.001 Keylogging - T1056.001 Keylogging - T1417.001 Launch Agent - T1543.001 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Applescript - T1155 Launch Agent - T1159

Show in Graph

Common Information

Type	Value
UUID	bc9b2aea-bc53-4204-8620-3583b7cd9296
Fingerprint	b7353b01ed768683
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 17, 2020, midnight
Added to db	Sept. 11, 2022, 12:43 p.m.
Last updated	Nov. 12, 2024, 11:37 p.m.
Headline	Updates on Quickly-Evolving ThiefQuest macOS Malware
Title	Updates on Quickly-Evolving ThiefQuest macOS Malware
Detected Hints/Tags/Attributes	83/2/36

Source URLs

	Redirection	Url
Details	Source	https://blog.trendmicro.com/trendlabs-security-intelligence/updates-on-thiefquest-the-quickly-evolving-macos-malware/
Details	Source	https://www.trendmicro.com/en_ca/research/20/g/updates-on-quickly-evolving-thiefquest-macos-malware.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com
Details	trendmicro.com	blog.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	music.app
Details	Domain	11	preview.app
Details	Domain	359	com.apple
Details	Domain	4	andrewka6.pythonanywhere.com
Details	Domain	1	lemareste.pythonanywhere.com
Details	Domain	162	localbitcoins.com
Details	Domain	10	poloniex.com
Details	Domain	13	digitalocean.com
Details	Domain	3	cloud.digitalocean.com
Details	Domain	8	hetzner.com
Details	File	1	filename.m4a
Details	File	5	filename.jpg
Details	File	6	questd.pl
Details	File	1	abtpd.pl
Details	File	5	ret.txt
Details	File	1	cfgr.txt
Details	File	10	crashpad_handler.exe
Details	File	3	p.gif
Details	File	4	pct.gif
Details	sha256	1	365a5c72f52de964b8dc134d2fc45f9c73ba045cebd9fd397b1e26fdb11bfec6
Details	sha256	1	effeeeadfdc3caf523635fcb86581a807f719fa5e322872854499f5270bc0eba
Details	sha256	1	eeac57f7ca9df9199f0346ed9097e9f5482c06214cddc162d1500d15d045b4ed
Details	sha256	2	5a024ffabefa6082031dccdb1e74a7fec9f60f257cd0b1ab0f698ba2a5baca6b
Details	sha256	1	f7efda39c80d68db168316732732d04a00fe6fb10f37d1013df1a8a4cde1f68a
Details	sha256	1	d18daea336889f5d7c8bd16a4d6358ddb315766fa21751db7d41f0839081aee2
Details	sha256	1	851dfdbffd250523c5c7ff07b29778a04ebd44400b12f23d18a6ee5a3fcfbedc
Details	sha256	1	06974e23a3bf303f75c754156f36f57b960f0df79a38407dfdef9a1c55bf8bff
Details	sha256	1	7292004b57562223fed4ee122a956a8db38349c95d4dd8853b1ebc60ef7508b1
Details	sha256	1	c5a77de3f55cacc3dc412e2325637ca7a2c36b1f4d75324be8833465fd1383d3
Details	sha256	1	e69e9dc0d343165aa0f5df942d1b48ddd0337c8a79dcdf40f3c3b490d6e96a78
Details	sha256	1	41036e1b78a122e57f2125526d673ffe3358d7323fc577703662740b3e651dcc
Details	sha256	1	92ad2b0220f6903fb5fa48ce411af44a60c06031fee3aa682bd28f3f3fde1eda
Details	sha256	1	bcdb0ca7c51e9de4cf6c5c346fd28a4ed28e692319177c8a94c86dc676ee8e48
Details	IPv4	4	167.71.237.219
Details	Url	2	http://andrewka6.pythonanywhere.com/ret.txt
Details	Url	1	http://lemareste.pythonanywhere.com/cfgr.txt