HandBrake Hacked! OSX/Proton (re)Appears
Tags
| attack-pattern: | Launch Agent - T1543.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Launch Agent - T1159 |
Common Information
| Type | Value |
|---|---|
| UUID | c6923f19-8b72-4e59-866b-b22708df12ab |
| Fingerprint | 2759cc16357726c8 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 5, 2017, midnight |
| Added to db | Aug. 12, 2023, 2:30 a.m. |
| Last updated | Nov. 17, 2024, 5:57 p.m. |
| Headline | UNKNOWN |
| Title | HandBrake Hacked! OSX/Proton (re)Appears |
| Detected Hints/Tags/Attributes | 34/1/8 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Redirection | https://objective-see.com/blog/blog_0x1D.html |
| Details | Source | https://objective-see.org/blog/blog_0x1D.html |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 186 | ✔ | Objective-See's Blog | https://objective-see.org/rss.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 3 | handbrake.fr |
|
| Details | Domain | 4 | handbrake.app |
|
| Details | Domain | 111 | www.apple.com |
|
| Details | File | 3 | activity_agent.pl |
|
| Details | sha1 | 1 | 0935a43ca90c6c419a49e4f8f1d75e68cd70b274 |
|
| Details | sha1 | 2 | a8ea82ee767091098b0e275a80d25d3bc79e0cea |
|
| Details | Url | 73 | http://www.apple.com/dtds/propertylist-1.0.dtd |
|
| Details | Yara rule | 8 | rule Macho {
meta:
description = "private rule to match Mach-O binaries"
condition:
uint32(0) == 0xfeedface or uint32(0) == 0xcefaedfe or uint32(0) == 0xfeedfacf or uint32(0) == 0xcffaedfe or uint32(0) == 0xcafebabe or uint32(0) == 0xbebafeca
} |