ioc[.]one - OSINT Cyber Threat Intelligence Database

APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique - SentinelLabs

Tags

country:	U.S. Virgin Islands
attack-pattern:	Data Launch Agent - T1543.001 Launch Daemon - T1543.004 Launchd - T1053.004 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Launch Agent - T1159 Launch Daemon - T1160 Plist Modification - T1150 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	ed0b4991-adef-4223-9512-fd2002efafdb
Fingerprint	8d6a188929bf5796
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 2, 2020, midnight
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique
Title	APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique - SentinelLabs
Detected Hints/Tags/Attributes	48/2/20

Source URLs

	Redirection	Url
Details	Source	https://labs.sentinelone.com/apt32-multi-stage-macos-trojan-innovates-on-crimeware-scripting-technique/

URL Provider

Details	Provider	Source level domain
Details	sentinelone.com	labs.sentinelone.com

Attributes

Details	Type	#Events	Value
Details	Domain	359	com.apple
Details	Domain	2	mihannevis.com
Details	Domain	2	mykessef.com
Details	Domain	2	idtpl.org
Details	File	2	voiceinstallerd.pl
Details	File	130	info.pl
Details	sha1	1	c2e0b35fd4f24e9e98319e10c6f2f803b01ec3f1
Details	sha1	1	9f84502cb44b82415bcf2b2564963613bdce1917
Details	sha1	1	4f6d34cf187c10d72fb3a2cd29af7e3cb25bc3aa
Details	sha1	1	3c6c754b58f4450505494f1b68104d0154d19296
Details	sha256	2	cfa3d506361920f9e1db9d8324dfbb3a9c79723e702d70c3dc8f51825c171420
Details	sha256	2	05e5ba08be06f2d0e2da294de4c559ca33c4c28534919e5f2f6fc51aed4956e3
Details	sha256	2	fd7e51e3f3240b550f0405a67e98a97d86747a8a07218e8150d2c2946141f737
Details	sha256	1	eee562155af89168a52d306f11facca999d84505df789a1d8124d8446c726bc5
Details	IPv4	1	35.100.6.1
Details	IPv4	1	35.100.6.2
Details	MITRE ATT&CK Techniques	2	T1150
Details	MITRE ATT&CK Techniques	5	T1160
Details	Threat Actor Identifier - APT	132	APT32
Details	Url	1	http://mihannevis.com/joes/nazalgeygj7b3jnyzbypyx8a/manifest.js