← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
MacOS Malware Outbreaks 2019: The Second 6 Months
WHITE Lazarus Group AlienVault 2019-12-18 Modified: 2019-12-18
9
IOCs
LOW VOLUME
Earlier this year, SentinelOne did a roundup of the first 6 months of MacOS malware in 2019, noting that there had been quite an uptick in outbreaks, from a return of OSX.Dok and Lazarus to new cryptominers, a fake WhatsApp trojan and the rapid development of a macOS bug which allowed remotely-hosted attacker code to execute on a local machine without warning from Gatekeeper. So what have attackers been up to since then, and what new tricks and tips do defenders need to be aware of? Let’s take a look at macOS malware from July to December, 2019.
JMTTraderUnionCryptoTraderLazarus Group
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
OSX.GMERA OSX.BundleMeUp.B Backdoor.MacOS.APPLEJEUS.A OSX/NukeSped MacOS:Gmera-C OSX.Dok
Indicators of Compromise (9)
All domain FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
domain beastgoc.com 2019-12-18
domain indagator.club 2019-12-18
domain crabbedly.club 2019-12-18
domain craypot.live 2019-12-18
FileHash-SHA256 3dd5a87482f46e88fc8a8f849f21768646af987100fd38c1a0bcc2a6a8a5a073 2019-12-18
FileHash-SHA256 d91c233b2f1177357387c29d92bd3f29fab7b90760e59a893a0f447ef2cb4715 2019-12-18
FileHash-SHA256 d2eaeca25dd996e4f34984a0acdc4c2a1dfa3bacf2594802ad20150d52d23d68 2019-12-18
FileHash-SHA256 2ab58b7ce583402bf4cbc90bee643ba5f9503461f91574845264d4f7e3ccb390 2019-12-18
FileHash-SHA256 4d6078fc1ea6d3cd65c3ceabf65961689c5bc2d81f18c55b859211a60c141806 2019-12-18
References (1)
↗ https://www.sentinelone.com/blog/macos-malware-outbreaks-2019-the-second-6-months/