ioc[.]one - OSINT Cyber Threat Intelligence Database

Sofacy’s ‘Komplex’ OS X Trojan

Tags

country:	Netherlands Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Launchctl - T1569.001 Launchd - T1053.004 Malware - T1587.001 Malware - T1588.001 Office Test - T1137.002 Phishing - T1660 Phishing - T1566 Tool - T1588.002 Launchctl - T1152

Show in Graph

Common Information

Type	Value
UUID	c11fe427-bc76-4a65-94a5-6535f6a3544b
Fingerprint	249b090b25bf0101
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 26, 2016, 8 a.m.
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Sofacy’s ‘Komplex’ OS X Trojan
Title	Sofacy’s ‘Komplex’ OS X Trojan
Detected Hints/Tags/Attributes	75/3/27

Source URLs

	Redirection	Url
Details	Source	http://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/
Details	Source	https://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/
Details	Source	https://unit42.paloaltonetworks.com/unit42-sofacys-komplex-os-x-trojan/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com
Details	paloaltonetworks.com	researchcenter.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	Domain	3	2025.app
Details	Domain	11	preview.app
Details	Domain	359	com.apple
Details	Domain	33	start.sh
Details	Domain	111	www.apple.com
Details	Domain	454	www.google.com
Details	Domain	1	appleupdate.org
Details	Domain	1	apple-iclouds.net
Details	Domain	1	itunes-helper.net
Details	Domain	707	google.com
Details	File	3	roskosmos_2015-2025.pdf
Details	File	1	2025.pdf
Details	File	6	updates.pl
Details	sha256	1	2a06f142d87bd9b66621a30088683d6fcec019ba5cc9e5793e54f8d920ab0134
Details	sha256	1	c1b8fc00d815e777e39f34a520342d1942ebd29695c9453951a988c61875bcd7
Details	sha256	1	cffa1d9fc336a1ad89af90443b15c98b71e679aeb03b3a68a5e9c3e7ecabc3d4
Details	sha256	1	96a19a90caa41406b632a2046f3a39b5579fbf730aca2357f84bf23f2cbc1fd3
Details	sha256	1	227b7fe495ad9951aebf0aae3c317c1ac526cdd255953f111341b0b11be3bbc5
Details	sha256	1	1f22e8f489abff004a3c47210a9642798e1c53efc9d6f333a1072af4b11d71ef
Details	sha256	1	d494e9f885ad2d6a2686424843142ddc680bb5485414023976b4d15e3b6be800
Details	sha256	2	638e7ca68643d4b01432f0ecaaa0495b805cc3cccc17a753b0fa511d94a22bdd
Details	sha256	2	da43d39c749c121e99bba00ce809ca63794df3f704e7ad4077094abde4cf2a73
Details	sha256	1	45a93e4b9ae5bece0d53a3a9a83186b8975953344d4dfb340e9de0015a247c54
Details	IPv4	1	185.10.58.170
Details	Threat Actor Identifier - APT	783	APT28
Details	Url	73	http://www.apple.com/dtds/propertylist-1.0.dtd
Details	Url	54	http://www.google.com