ioc[.]one - OSINT Cyber Threat Intelligence Database

New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor - SentinelLabs

Tags

cmtmf-attack-pattern:	Application Layer Protocol Masquerading
country:	China Japan United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Applescript - T1059.002 Application Layer Protocol - T1437 Create Or Modify System Process - T1543 Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 File And Directory Discovery - T1420 Gui Input Capture - T1056.002 Gui Input Capture - T1417.002 Hidden Files And Directories - T1564.001 Hide Artifacts - T1628 Hide Artifacts - T1564 Ingress Tool Transfer - T1544 Input Capture - T1417 Keylogging - T1056.001 Keylogging - T1417.001 Launch Agent - T1543.001 Launchctl - T1569.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Process Discovery - T1424 Screen Capture - T1513 Software - T1592.002 Web Protocols - T1071.001 Web Protocols - T1437.001 Whois - T1596.002 Applescript - T1155 Standard Application Layer Protocol - T1071 Data Encoding - T1132 File And Directory Discovery - T1083 Hidden Files And Directories - T1158 Remote File Copy - T1105 Input Capture - T1056 Launch Agent - T1159 Launchctl - T1152 Masquerading - T1036 Process Discovery - T1057 Screen Capture - T1113 Third-Party Software - T1072 Masquerading Screen Capture

Show in Graph

Common Information

Type	Value
UUID	fe84ab38-5fd6-4de6-8725-aca6588b666d
Fingerprint	a48cf9994d6517ce
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 18, 2021, midnight
Added to db	Sept. 11, 2022, 12:35 p.m.
Last updated	Nov. 16, 2024, 8:07 p.m.
Headline	New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor
Title	New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor - SentinelLabs
Detected Hints/Tags/Attributes	86/4/55

Source URLs

	Redirection	Url
Details	Source	https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/

URL Provider

Details	Provider	Source level domain
Details	sentinelone.com	labs.sentinelone.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	cralev.me
Details	Domain	1	www.suppro.co
Details	Domain	1	www.liveupdate.cc
Details	Domain	1	www.appmarket.co
Details	Domain	1	www.recentnews.cc
Details	Domain	1	www.truckrental.cc
Details	Domain	1	www.everestnote.com
Details	Domain	1	www.alinbox.co
Details	Domain	1	suppro.co
Details	Domain	359	com.apple
Details	Domain	1	www.cralev.me
Details	Domain	1	www.elemark.co
Details	Domain	1	tabbarinteraction.zip
Details	File	61	search.php
Details	File	56	update.php
Details	File	7	details.php
Details	File	64	list.php
Details	File	1	product_detail.php
Details	File	2	usagestatistics.pl
Details	File	2	checkupdate.pl
Details	File	1	tabbarinteraction.zip
Details	sha1	3	556a2174398890e3d628aec0163a42a7b7fb8ffd
Details	sha1	1	0ae9d61185f793c6d53e560e91265583675abeb6
Details	sha1	1	4d1006610a4fe903b6b9fdb41cff7fc88b3a580c
Details	sha1	1	d65334d6c829955947f0ceb2258581c59cfd7dab
Details	sha256	1	6d93a714dd008746569c0fbd00fadccbd5f15eef06b200a4e831df0dc8f3d05b
Details	sha256	1	cdad080d2caa5ca75b658ad102987338b15c7430c6f51792304ef06281a7e134
Details	sha256	1	6a1f7edf41ac2d52e3d0442b825bbdaf404199ed8b45b33ecd52a58acc12087a
Details	sha256	1	1cfa154d0145c1fe059ffe61e7b295c16bbc0e0b0e707e7ad0b5f76c7d6b66d2
Details	IPv4	1	193.34.167.111
Details	IPv4	1	193.34.167.205
Details	IPv4	1	193.34.166.127
Details	MITRE ATT&CK Techniques	444	T1071
Details	MITRE ATT&CK Techniques	122	T1543
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	107	T1564
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	152	T1056
Details	MITRE ATT&CK Techniques	433	T1057
Details	Url	1	https://www.suppro.co/category/search.php?ts=%
Details	Url	1	https://www.liveupdate.cc/preview/update.php?ts=%
Details	Url	1	https://www.appmarket.co/category/search.php?ts=%
Details	Url	1	https://www.recentnews.cc/latest/details.php?ts=%
Details	Url	1	https://www.truckrental.cc/order/search.php?ts=%
Details	Url	1	https://www.everestnote.com/sheet/list.php?ts=%
Details	Url	1	https://www.alinbox.co/product/product_detail.php?ts=%
Details	Url	1	https://www.liveupdate.cc/preview/update.php
Details	Url	1	https://www.appmarket.co/category/search.php
Details	Url	1	https://www.recentnews.cc/latest/details.php
Details	Url	1	https://www.truckrental.cc/order/search.php
Details	Url	1	https://www.everestnote.com/sheet/list.php
Details	Url	1	https://www.alinbox.co/product/product_detail.php
Details	Url	1	https://www.suppro.co/category/search.php
Details	Url	1	https://www.elemark.co/product/list.php