ioc[.]one - OSINT Cyber Threat Intelligence Database

XCSSET Malware Update | macOS Threat Actors Prepare for Life Without Python

Tags

cmtmf-attack-pattern:	Masquerading
country:	China
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Applescript - T1059.002 Domains - T1583.001 Domains - T1584.001 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Applescript - T1155 Masquerading - T1036 Masquerading

Show in Graph

Common Information

Type	Value
UUID	fe96084a-5dc4-451b-b5cb-be64dac0023d
Fingerprint	f9f00181add2e5ca
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 22, 2022, midnight
Added to db	Jan. 16, 2023, 3:56 p.m.
Last updated	Nov. 17, 2024, 6:53 p.m.
Headline	XCSSET Malware Update \| macOS Threat Actors Prepare for Life Without Python
Title	XCSSET Malware Update \| macOS Threat Actors Prepare for Life Without Python
Detected Hints/Tags/Attributes	56/4/61

Source URLs

	Redirection	Url
Details	Source	https://www.sentinelone.com/blog/xcsset-malware-update-macos-threat-actors-prepare-for-life-without-python/

URL Provider

Details	Provider	Source level domain
Details	sentinelone.com	www.sentinelone.com

Attributes

Details	Type	#Events	Value
Details	Domain	21	xcode.app
Details	Domain	15	mail.app
Details	Domain	9	notes.app
Details	Domain	359	com.apple
Details	Domain	1	superdocs.ru
Details	Domain	1	melindas.ru
Details	Domain	1	kinksdoc.ru
Details	Domain	1	adobefile.ru
Details	Domain	1	gurumades.ru
Details	Domain	1	appledocs.ru
Details	Domain	1	gismolow.com
Details	Domain	2	cosmodron.com
Details	Domain	42	com.google
Details	Domain	10	com.google.chrome
Details	Domain	71	transfer.sh
Details	Domain	1	notes.py
Details	File	5	apple.ai
Details	File	1	rplay.pl
Details	File	1	spx.pl
Details	File	5	google.key
Details	File	1	store.pl
Details	File	2	chrome.pl
Details	File	1	notes.py
Details	sha1	1	25f8d7ac99e00c9d69679f2d9aca5954d2609a03
Details	sha1	1	0e1b2f01441e6e6fc8a48a7871e649d3647828cd
Details	sha1	1	4c368635ecfee61a89203f3f0e84bfdd7d85073d
Details	sha1	1	2a2330b13886ffe0e4fe54f7254008490814b5fa
Details	sha1	1	fd82b821fa2c23f2b88f64179e3a7a8905c1e40b
Details	sha1	1	bde20788e2656454052aae9baf2f4d2b7c256c9d
Details	sha1	1	3f35fd8306d4a05fadd9095acacd8d5f297a112e
Details	sha1	1	3de232d0a42959b20703ebb9d9376b3ef3d3015d
Details	sha1	1	3257a1f540455444a56975e7fd9cdb6f8148b828
Details	sha1	1	2dbf06445a294b4f786501ef16ea4aabd8e1ad72
Details	sha1	1	6c0b4e3e3bac36f3228e69ab1e53884f76f6828b
Details	sha1	1	6cf1ec6af6c6102c9d4929b1a83e0a463e737255
Details	sha1	1	73918b840384e485d009632fdf1a396758d7c515
Details	sha1	1	e2de10a6b517e298cb2e7da150224dfe7e5717a7
Details	sha1	1	5e673f4c494c424ae450f2ea5c0b066f912edccb
Details	sha1	1	73d9a443933fb0c40dde3065ec77adad35a5c49a
Details	sha1	1	5b66e4b1556ad03b4bf072d061de0606eabe8603
Details	sha1	1	672837de18d0e34f8b2a77bc2646b245671c83dc
Details	sha1	1	b66dbd55ce42a61cfedd06f31725b7f56d10d548
Details	sha1	1	fb29c9daa6fdeaa945446fe7cde185d51296dc7d
Details	sha1	1	760676a2e05d25959dee1f9ffaf3042e5f2e0f31
Details	sha1	1	4ffb268475e3816b22aadfb147bd7cd2f211e3d5
Details	sha1	1	c2a90c68ad9d93139ebce981a409beae5d7de8bf
Details	sha1	1	d70f4974bd531af674c5c2da3bc3c7d1a0ac9b54
Details	sha1	1	a57b73190525a729d821b6aed6849084fc1beddd
Details	sha1	1	127b66afa20a1c42e653ee4f4b64cf1ee3ed637d
Details	sha1	1	f4099a0884d3f1bf5602c8c6ba5265b76d7f4953
Details	sha1	1	dde87aefcaf788f770e5e1229db4fe73873e1c36
Details	sha1	1	bd13d22095d377938c50088e59fa3079143cb0f2
Details	sha1	1	a1449c5fbf8cf126502bd68a8e8d657b3dcfd87a
Details	sha1	1	cbf08fae71fcd46cc852fad7502685466c40e168
Details	sha1	1	2a62d6bcac7b0c5e75f561458e934ec45c77699c
Details	sha1	1	263b243df32be6d9d9878c459d2fc6491342d547
Details	sha1	1	f3a747bf10763d7d8c1cd9ccedd1e25ee195fce3
Details	sha1	1	2a6d37160f21ec13aa6c692a3ca3374db3d35e96
Details	sha1	1	1396fdbff38b787d14b1135dcdfc367658669637
Details	sha1	1	e4b6c56faa97493dc0f0f7c4fc2196096ef66513
Details	IPv4	2	45.82.153.92