ioc[.]one - OSINT Cyber Threat Intelligence Database

OS X Malware Samples Analyzed

Tags

country:	China
attack-pattern:	Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Login Items - T1547.015 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Browser Extensions - T1176 Login Item - T1162

Show in Graph

Common Information

Type	Value
UUID	d8f6c68c-40fb-4ee3-82a5-215b06afd7b0
Fingerprint	8e949b4f8f7e0fc3
Analysis status	DONE
Considered CTI value	1
Text language
Published	May 21, 2022, midnight
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 13, 2024, 7:20 p.m.
Headline	OS X Malware Samples Analyzed
Title	OS X Malware Samples Analyzed
Detected Hints/Tags/Attributes	60/2/52

Source URLs

	Redirection	Url
Details	Source	https://www.alienvault.com/blogs/labs-research/os-x-malware-samples-analyzed

URL Provider

Details	Provider	Source level domain
Details	alienvault.com	www.alienvault.com

Attributes

Details	Type	#Events	Value
Details	Domain	9	go.eset.com
Details	Domain	359	com.apple
Details	Domain	42	com.google
Details	Domain	55	otx.alienvault.com
Details	Domain	15	www.carbonblack.com
Details	Domain	404	www.virusbtn.com
Details	Domain	29	www.cvedetails.com
Details	Domain	79	www.f-secure.com
Details	Domain	8	kasperskycontenthub.com
Details	Domain	1	www.securemac.com
Details	Domain	3	www.thesafemac.com
Details	File	1	osx_flashback.pdf
Details	File	24	apple.log
Details	File	6	initems.pl
Details	File	2	launchport.pl
Details	File	1	softwareupdateagent.pl
Details	File	2	mailserviceagenthelper.pl
Details	File	4	appstore.pl
Details	File	2	ughelper.pl
Details	File	2	periodic-dd-mm-yy.pl
Details	File	28	apple.sys
Details	File	2	temkeychain-helper.pl
Details	File	6	google.pl
Details	File	3	ugins.pl
Details	File	3	vb2014-wardle.pdf
Details	File	1	apple-mac-os-x.html
Details	File	1	00002558.html
Details	File	43	0.pdf
Details	File	1	unit42-wirelurker.pdf
Details	Github username	1	alienvault-labs
Details	sha256	1	0710be16ba8a36712c3cac21776c8846e29897300271f09ba0a41983e370e1a0
Details	Url	1	http://go.eset.com/us/resources/white-papers/osx_flashback.pdf
Details	Url	1	https://github.com/alienvault-labs/alienvaultlabs/blob/master/malware_analysis/osx_malware/snort_kitm.rules
Details	Url	1	https://github.com/alienvault-labs/alienvaultlabs/blob/master/malware_analysis/osx_malware/snort_laoshu.rules
Details	Url	1	https://www.virustotal.com/en/file/0710be16ba8a36712c3cac21776c8846e29897300271f09ba0a41983e370e1a0/analysis
Details	Url	1	https://github.com/alienvault-labs/alienvaultlabs/blob/master/malware_analysis/osx_malware/snort_careto.rules
Details	Url	1	https://github.com/alienvault-labs/alienvaultlabs/blob/master/malware_analysis/osx_malware/snort_cointhief.rules
Details	Url	1	https://otx.alienvault.com/pulse/568da8bc4637f2624bcdc2d1
Details	Url	1	https://otx.alienvault.com/pulse/568da7e467db8c057c6fc696
Details	Url	1	https://otx.alienvault.com/pulse/568da51b67db8c057c6fc689
Details	Url	1	https://otx.alienvault.com/pulse/55d4c6dc67db8c37b0a358ea
Details	Url	1	https://otx.alienvault.com/pulse/5531bbbfb45ff53dc229c806
Details	Url	1	https://www.carbonblack.com/files/2015-the-most-prolific-year-for-os-x-malware
Details	Url	1	https://www.virusbtn.com/pdf/conference/vb2014/vb2014-wardle.pdf
Details	Url	1	http://www.cvedetails.com/product/156/apple-mac-os-x.html?vendor_id=49
Details	Url	1	https://www.f-secure.com/weblog/archives/00002558.html
Details	Url	1	https://nakedsecurity.sophos.com/2014/01/21/data-stealing-malware-targets-mac-users-in-undelivered-courier-item-attack
Details	Url	1	http://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/unveilingthemask_v1.0.pdf
Details	Url	1	http://www.securemac.com/privacyscan/new-apple-mac-trojan-called-osxcointhief-discovered
Details	Url	1	https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_us/assets/pdf/reports/unit_42/unit42-wirelurker.pdf
Details	Url	1	https://www.alienvault.com/open-threat-exchange/blog/oceanlotus-for-os-x-an-application-bundle-pretending-to-be-an-adobe-flash-update
Details	Url	1	http://www.thesafemac.com/oceanlotus-malware-attacks-china