Tearing Apart the Undetected (OSX)Coldroot RAT
Tags
country: Singapore
attack-pattern: Data Model Applescript - T1059.002 Credentials - T1589.001 Keychain - T1634.001 Keychain - T1555.001 Keychain - T1579 Keylogging - T1056.001 Keylogging - T1417.001 Launch Daemon - T1543.004 Launchctl - T1569.001 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Applescript - T1155 Keychain - T1142 Launch Daemon - T1160 Launchctl - T1152
Show in Graph
Common Information
Type Value
UUID fd29ab63-de65-4d12-93cd-63e37b1acff0
Fingerprint b4289d852da7129f
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 17, 2018, midnight
Added to db Aug. 12, 2023, 2:29 a.m.
Last updated Nov. 17, 2024, 6:49 p.m.
Headline UNKNOWN
Title Tearing Apart the Undetected (OSX)Coldroot RAT
Detected Hints/Tags/Attributes 74/2/18
Source URLs
Redirection Url
Details Redirection https://objective-see.com/blog/blog_0x2A.html
Details Source https://objective-see.org/blog/blog_0x2A.html
URL Provider
Details Provider Source level domain
Details objective-see.com objective-see.com
Details objective-see.org objective-see.org
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 186 Objective-See's Blog https://objective-see.org/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1 
csgohack.app
Details Domain 1 
com.apple.audio.driver2.app
Details Domain 2 
com.apple.audio.driver.app
Details Domain 359 
com.apple
Details Domain 1 
ispacked.py
Details Domain 2 
com.apple.audio
Details Domain 2 
idrix.fr
Details Domain 4 
runme.sh
Details Email 2 
mounir@idrix.fr
Details File 24 
tcc.db
Details File 1 
freekeylogger.dmg
Details File 1 
'tcc.db
Details File 1 
ispacked.py
Details File 2 
adobe_logs.log
Details File 2 
driver.pl
Details sha256 2 
c20980d3971923a0795662420063528a43dd533d07565eb4639ee8c0ccb77fdf
Details IPv4 2 
45.77.49.118
Details IPv4 1441 
127.0.0.1