← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Uptycs + Trend Micro | MacStealer macOS infostealer
WHITE porter_rockwell 2023-04-06 Modified: 2023-05-06
59
IOCs
HIGH VOLUME
The full text of the report on the latest Mac malware outbreak, published on Wednesday, 1 January 2017, at 19:00 GMT. £1.5m.. (€2.3m) https://www.trendmicro.com/en_us/research/23/c/mac-malware-macstealer-spreads-as-fake-p2-e-apps.html https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware
trojanspymacstealermalwareendpointscyber crimenetworkarticlesnewsreportscyber threatstrend microdiscordtwitternuitkatelegramfiguremac malwarefake p2efindpythonindonesiasmallalliancedownloadlauncherfacebookcybercrimecontactmacosuptycs threatzip filetelegram botuptycsclickmacho filesystemuptycs edrparallax ratcatalina
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
MacStealer TrojanSpy macOS
Indicators of Compromise (59)
All URL domain hostname FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
URL http://185.241.208.138:3000 2023-04-06
URL http://impulseflow.com/im 2023-04-06
URL http://ox.com/s/dl/43yd3of 2023-04-06
URL http://tures.io/download/L 2023-04-06
domain almv.dm 2023-04-06
domain cracked23.site 2023-04-06
domain impulseflow.com 2023-04-06
domain ncher.dm 2023-04-06
domain play-impulseflow.com 2023-04-06
domain tures.io 2023-04-06
domain worldofcreatures.io 2023-04-06
hostname mac.cracked23.site 2023-04-06
FileHash-MD5 0dcf52a9567644912f24ff230f2cb39f MD5 of 1153fca0b395b3f219a6ec7ecfc33f522e7b8fc6676ecb1e40d1827f43ad22be 2023-04-06
FileHash-MD5 2478e0b0eb6a77f06826549244f66643 MD5 of f14dd83e60b8ca6d52e667ed85adafa9b849df33e428b005b05b7c6732de526a 2023-04-06
FileHash-MD5 4b9c69fb12988796f94b9bffeaddbb6d MD5 of e51416f12f8c60e7593bef8b9fc55e04990aa047ad7e8abc22b511e7eb7586f6 2023-04-06
FileHash-MD5 4c23ad4a7a4d1c4516644387bf4c9e2e MD5 of 5031aa79912fb23bcbe2209e015974fccb4b9e9334a9e8801833f07bd3a5ccfc 2023-04-06
FileHash-MD5 4ca55bbcfdbd546e5420c8fd0f4c05c2 MD5 of 2abc380ad22c47db0035df1f0e6e00a7fabcb5d4afd913e2474478ea11ea6a63 2023-04-06
FileHash-MD5 6e68c484407af4924a1207cf16548728 MD5 of 61f3cd0a7c8191745080aa7b2e0695c3a57327f1f226d9fc7a4be3cee14a2375 2023-04-06
FileHash-MD5 99b23ab618527277b2108e0bc06e7edd MD5 of acef9f3f215335462e2e2e4bacbe6c52e48e764e7174fe46966e29902f6a1890 2023-04-06
FileHash-MD5 b434c5e84b34eb8215c62b614e60ee67 MD5 of 821ecdae151ed78eb4792d40a7787127927900a763f3249b31f37d7b67b5e1e5 2023-04-06
FileHash-MD5 e791dc847dc65df4ff9f10a793968202 MD5 of 9b17aee4c8a5c6e069fbb123578410c0a7f44b438a4c988be2b65ab4296cff5e 2023-04-06
FileHash-SHA1 4e3ccb34f8d1b9f536b47707a6b65a9aea78bf7e SHA1 of 2abc380ad22c47db0035df1f0e6e00a7fabcb5d4afd913e2474478ea11ea6a63 2023-04-06
FileHash-SHA1 66e152894a0ffa6e68ceb1a316f9d557c6580c95 SHA1 of 5031aa79912fb23bcbe2209e015974fccb4b9e9334a9e8801833f07bd3a5ccfc 2023-04-06
FileHash-SHA1 6f2c2bc491a0434ebbd712d90f571b688d552860 SHA1 of 1153fca0b395b3f219a6ec7ecfc33f522e7b8fc6676ecb1e40d1827f43ad22be 2023-04-06
FileHash-SHA1 81200436f70520748ff86bfdd9d3e5af333d00c6 SHA1 of 821ecdae151ed78eb4792d40a7787127927900a763f3249b31f37d7b67b5e1e5 2023-04-06
FileHash-SHA1 85d3a862d286922eba70c527c05f16e6da4caba5 SHA1 of acef9f3f215335462e2e2e4bacbe6c52e48e764e7174fe46966e29902f6a1890 2023-04-06
FileHash-SHA1 a8e9153fc23cef19c4aa225821d6f523edea303d SHA1 of f14dd83e60b8ca6d52e667ed85adafa9b849df33e428b005b05b7c6732de526a 2023-04-06
FileHash-SHA1 aee1dfd19e6b378fd5986a5a2dade8c1be1a3c00 SHA1 of 61f3cd0a7c8191745080aa7b2e0695c3a57327f1f226d9fc7a4be3cee14a2375 2023-04-06
FileHash-SHA1 e0d9612798689222d7ebaa21c9c4b49f9bd21650 SHA1 of e51416f12f8c60e7593bef8b9fc55e04990aa047ad7e8abc22b511e7eb7586f6 2023-04-06
FileHash-SHA1 e751ba1bc89ba59fa064c09b428fc5174d261f94 SHA1 of 9b17aee4c8a5c6e069fbb123578410c0a7f44b438a4c988be2b65ab4296cff5e 2023-04-06
FileHash-SHA256 1153fca0b395b3f219a6ec7ecfc33f522e7b8fc6676ecb1e40d1827f43ad22be 2023-04-06
FileHash-SHA256 2abc380ad22c47db0035df1f0e6e00a7fabcb5d4afd913e2474478ea11ea6a63 2023-04-06
FileHash-SHA256 5031aa79912fb23bcbe2209e015974fccb4b9e9334a9e8801833f07bd3a5ccfc 2023-04-06
FileHash-SHA256 61f3cd0a7c8191745080aa7b2e0695c3a57327f1f226d9fc7a4be3cee14a2375 2023-04-06
FileHash-SHA256 6a4f8b65a568a779801b72bce215036bea298e2c08ec54906bb3ebbe5c16c712 2023-04-06
FileHash-SHA256 821ecdae151ed78eb4792d40a7787127927900a763f3249b31f37d7b67b5e1e5 2023-04-06
FileHash-SHA256 9b17aee4c8a5c6e069fbb123578410c0a7f44b438a4c988be2b65ab4296cff5e 2023-04-06
FileHash-SHA256 acef9f3f215335462e2e2e4bacbe6c52e48e764e7174fe46966e29902f6a1890 2023-04-06
FileHash-SHA256 e51416f12f8c60e7593bef8b9fc55e04990aa047ad7e8abc22b511e7eb7586f6 2023-04-06
FileHash-SHA256 f14dd83e60b8ca6d52e667ed85adafa9b849df33e428b005b05b7c6732de526a 2023-04-06
FileHash-SHA1 2af323c4d425283c9a7103d8966b0f4e9311fef7 2023-04-06
FileHash-SHA1 5555494433ac846113c4377a91a35c11864c6938 2023-04-06
FileHash-SHA256 02e1d9ea3a0c16106d173b0e6349a18a9aeafacc38650e359cfe1ee2298aaa45 2023-04-06
FileHash-SHA256 15d1afca780e2ea6ffec8c4862a3401e003b5e79ce5f9076b4eea4ab599bc4ce 2023-04-06
FileHash-SHA256 5e8f37420efb738a820e70b55a6b6a669222f03e4a8a408a7d4306b3257e12ff 2023-04-06
FileHash-SHA256 7bb7b51494c60401c8535baaa30cddb1c41c436e778092f30db5260c42cc70f6 2023-04-06
FileHash-SHA256 8ea33c34647578b79dd8bb7dcf01a8ad1c79e7ada3fd61aca397ed0a2ac57276 2023-04-06
FileHash-SHA256 a575679ef003ee28b6698f40ef7874390ce3817dc5211d31ecff0b2859d6f444 2023-04-06
URL http://cryptureworld.com/ 2023-04-06
URL http://drunk-robots.com/ 2023-04-06
URL http://pearlmetaverse.io/ 2023-04-06
URL http://ryzex.io/ 2023-04-06
domain cryptureworld.com 2023-04-06
domain drunk-robots.com 2023-04-06
domain embersword.com 2023-04-06
domain mysteriangame.com 2023-04-06
domain pearlmetaverse.io 2023-04-06
domain ryzex.io 2023-04-06
domain toncap.io 2023-04-06
References (3)
↗ https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/c/mac-malware-macstealer-spreads-as-fake-p2e-apps/IOCs-mac-malware-macstealer-spreads-as-fake-p2e-apps.pdf ↗ https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware ↗ https://www.trendmicro.com/en_us/research/23/c/mac-malware-macstealer-spreads-as-fake-p2-e-apps.html