Pulse Detail — Threat Intelligence

PULSE NAME

Self-Proclaimed Meeting Software Vortax Spreads Infostealers, Unveils Expansive Network of Malicious macOS Applications

WHITE AlienVault 2024-06-20 Modified: 2024-07-20

IOCs

HIGH VOLUME

While monitoring data in Recorded Future Malware Intelligence, Insikt Group identified purported virtual meeting software called Vortax that, upon download and installation, delivers three information stealers (“infostealers”) in cross-platform attacks — Rhadamanthys, Stealc, and, most notably, Atomic macOS Stealer (AMOS) — in an extensive campaign aimed at cryptocurrency theft.

c2 MacOS

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1444 T1041

MALWARE FAMILIES

Rhadamanthys Atomic macOS Stealc AMOS

Indicators of Compromise (56)

All FileHash-SHA256 domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA256	05219c02d66daad246eab2abccc35384c34f17ce1daa2fee21cf0bfee88e31b2	—	2024-06-20
FileHash-SHA256	4b35a3872589f44c43469cf73c54b525506f6cc894598d109c5f931923c6eba9	—	2024-06-20
FileHash-SHA256	5a441a59fe273161ff82cbe2a7fbddd21386481ad03cc1782b5b41b6b839c245	—	2024-06-20
FileHash-SHA256	5d45cc81a22e6ba596b12db4baec5b20ccbe9ce52f8258fa5690da0e5ef2a982	—	2024-06-20
FileHash-SHA256	5d6075e33a168dfa44492dbec5462c6142399b708ec0d038e3e1869141e6b378	—	2024-06-20
FileHash-SHA256	7225d5fde4daa4552daf67a0ac2f6d7ec0e768536c5377ee3e7beaa04603a6f5	—	2024-06-20
FileHash-SHA256	73c099168755acbc793675a5e64ca719f909cd1943db5757af96b2c1c79ae6d8	—	2024-06-20
FileHash-SHA256	750baf928763a60343f8d48e45c4a4ca8da1243add410821b51484242571d089	—	2024-06-20
FileHash-SHA256	7f6f85e1ae4186edc9bf821943893b183a6a9252b0899d682c1899201dffc496	—	2024-06-20
FileHash-SHA256	856979042a3c1f61050cc08e8f11856dc714ec16969bd0fc562fd47c9e6c8e4c	—	2024-06-20
FileHash-SHA256	8e6176eaea919bae5b75000244474d8310a7b8d59806fca133d78f5343839d76	—	2024-06-20
FileHash-SHA256	8fb5de2498e48338825253f9d165986403661003393278d93cb35f5f9a1549dc	—	2024-06-20
FileHash-SHA256	922afb7de0159e7b435290868c51f33c59e0990ec964f77de9201534e4232117	—	2024-06-20
FileHash-SHA256	93463142e354b05bbac20b9e9498ee5f8c9ea2488151ee6870189baab0b7e2ff	—	2024-06-20
FileHash-SHA256	9f676511cb9b35e2916ebf79aec6b4aa6514f8bf640ea2fe786d16a7ed8dab7b	—	2024-06-20
FileHash-SHA256	b1817f23b4b0b09cd7db9e90eac166ddf0de9d22aaf69f17308da43854604d9e	—	2024-06-20
FileHash-SHA256	bde29a5215e685805f00fee5f03de3478f8214195ecf93fb81562bcd6122149d	—	2024-06-20
FileHash-SHA256	be7e5707e5e399aedcfb2800d7039ff050500be3bafd217ca9200abed8bef03f	—	2024-06-20
FileHash-SHA256	c34f8b6a299dd867a8d00b4fc50d91d9fdde4aa36f7c2a444aab4601dd4238e1	—	2024-06-20
FileHash-SHA256	dee705f4a513081afe9ab682b832068ac558ad3145038e57edc8109ab0e80769	—	2024-06-20
FileHash-SHA256	eb74c9dd0a0e3ea3cb31338c55e9e630fdee964a7b5967efcdfa8daa26a0f129	—	2024-06-20
FileHash-SHA256	f3176e0859ba92049dcd57685c1b5f49b97183ff49fcc79f2ce4ad2b31d2d843	—	2024-06-20
FileHash-SHA256	f9785743539fdfb2199b53be57f86d5dba5c0cd3dfad1130de1532f92e0c7c4f	—	2024-06-20
domain	123mllhasbrasil.com	—	2024-06-20
domain	aidigibrain.com	—	2024-06-20
domain	assetsreserve.com	—	2024-06-20
domain	betbhaibetting.com	—	2024-06-20
domain	casino-legrand.info	—	2024-06-20
domain	cheapcleanprotein.com	—	2024-06-20
domain	crosscertify.com	—	2024-06-20
domain	crosstacks.com	—	2024-06-20
domain	deskpaypal.com	—	2024-06-20
domain	ebolight.com	—	2024-06-20
domain	eliteneatproductshop.com	—	2024-06-20
domain	faruvinnovations.com	—	2024-06-20
domain	garagemfinity.com	—	2024-06-20
domain	hobbyplanners.com	—	2024-06-20
domain	indianahomerates.com	—	2024-06-20
domain	institutoangelabatista.com	—	2024-06-20
domain	iuddy.com	—	2024-06-20
domain	marylandhomerates.com	—	2024-06-20
domain	msjessd.com	—	2024-06-20
domain	nongduangmarket.com	—	2024-06-20
domain	novatercaagilidade.com	—	2024-06-20
domain	pegamente.com	—	2024-06-20
domain	piloje.com	—	2024-06-20
domain	plumbonwater.com	—	2024-06-20
domain	repairleatherla.com	—	2024-06-20
domain	shinudating.com	—	2024-06-20
domain	showpiecekennelmating.com	—	2024-06-20
domain	tripleplay-arg1.com	—	2024-06-20
domain	vortax.io	—	2024-06-20
domain	vortax.org	—	2024-06-20
domain	vortax.space	—	2024-06-20
domain	weworkhappy.com	—	2024-06-20
domain	xhaxo.com	—	2024-06-20

References (1)

↗ https://go.recordedfuture.com/hubfs/reports/cta-2024-0617.pdf