← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
iKittens: Iranian Actor Resurfaces with Malware for Mac (MacDownloader)
WHITE Cyber Security Tr1sa111 2022-07-22 Modified: 2022-08-20
12
IOCs
MEDIUM VOLUME
An Iranian state-sponsored cyber-espionage group is believed to be developing an agent that targets Apple computers and targets the human rights community, according to research published by the BBC's Iran Threats team.
macosflying kittenirankeychainszenderodmalware
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
macOS Windows ExtremeDownloader
Indicators of Compromise (12)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 f8e4cab429263406fbf11b41fd539839 MD5 of 7a9cdb9d608b88bd7afce001cb285c2bb2ae76f5027977e8635aa04bd064ffb7 2022-07-22
FileHash-SHA1 5b5a34dfc102f0c18b0b0e83c6fda431969e7957 SHA1 of 7a9cdb9d608b88bd7afce001cb285c2bb2ae76f5027977e8635aa04bd064ffb7 2022-07-22
FileHash-SHA256 52efcfe30f96a85c9c068880c20663db64f0e08346e0f3b59c2e5bbcb41ba73c 2022-07-22
FileHash-SHA256 7a9cdb9d608b88bd7afce001cb285c2bb2ae76f5027977e8635aa04bd064ffb7 2022-07-22
URL http://46.17.97.37/Servermac.php 2022-07-22
URL https://cda.io/key.asc 2022-07-22
domain npzr.ir 2022-07-22
domain officialswebsites.info 2022-07-22
domain zenderod.ir 2022-07-22
email cda@cda.io 2022-07-22
email nex@amnesty.org 2022-07-22
hostname utc.officialswebsites.info 2022-07-22
References (1)
↗ https://iranthreats.github.io/resources/macdownloader-macos-malware/