← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The Travels of “markopolo”: Self-Proclaimed Meeting Software Vortax Spreads Infostealers, Unveils Expansive Network of Malicious macOS Applications | Recorded Future
WHITE Armature_TIP 2025-02-22 Modified: 2025-03-24
114
IOCs
HIGH VOLUME
Recorded Future's Insikt Group has identified a widespread cyberattack campaign involving Vortax, a purported virtual meeting software, which spreads infostealers to steal information on users of macOS.
amosvortaxrecorded futureintelligenceinsikt groupstealcatomic macosstealerfuturemarkopoloinsiktmacosresearchtravelsvortax spreadsinfostealersnetworkmalicious macosdemomoskautargetjunecontact
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Recorded Future Insikt macOS
Indicators of Compromise (35 / 114 total)
All CVE domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL email hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 03661003393278d93cb35f5f9a1549dc 2025-02-22
FileHash-MD5 10a7b8d59806fca133d78f5343839d76 2025-02-22
FileHash-MD5 25a33a1830e4cdd64c0adf4943ddac1a MD5 of eb74c9dd0a0e3ea3cb31338c55e9e630fdee964a7b5967efcdfa8daa26a0f129 2025-02-22
FileHash-MD5 31ca60d3e59759fd0c0fba146e7cd0b5 MD5 of 8fb5de2498e48338825253f9d165986403661003393278d93cb35f5f9a1549dc 2025-02-22
FileHash-MD5 4b35a3872589f44c43469cf73c54b525 2025-02-22
FileHash-MD5 506f6cc894598d109c5f931923c6eba9 2025-02-22
FileHash-MD5 59e0990ec964f77de9201534e4232117 2025-02-22
FileHash-MD5 59f9e517f05a3391d1327ae4cdc7dcc0 MD5 of 7f6f85e1ae4186edc9bf821943893b183a6a9252b0899d682c1899201dffc496 2025-02-22
FileHash-MD5 5b226866bd8897be9cfc3772c2d6d7b6 MD5 of 5d45cc81a22e6ba596b12db4baec5b20ccbe9ce52f8258fa5690da0e5ef2a982 2025-02-22
FileHash-MD5 5b95e20f0f6b7ac98c66c34b6eee4b41 MD5 of 9f676511cb9b35e2916ebf79aec6b4aa6514f8bf640ea2fe786d16a7ed8dab7b 2025-02-22
FileHash-MD5 5c5c1899e6eee0e93eb3eb9efd20e3d8 MD5 of dee705f4a513081afe9ab682b832068ac558ad3145038e57edc8109ab0e80769 2025-02-22
FileHash-MD5 5d45cc81a22e6ba596b12db4baec5b20 2025-02-22
FileHash-MD5 5d6075e33a168dfa44492dbec5462c61 2025-02-22
FileHash-MD5 73c099168755acbc793675a5e64ca719 2025-02-22
FileHash-MD5 750baf928763a60343f8d48e45c4a4ca 2025-02-22
FileHash-MD5 88ed5da97f62cca4d7ad7917b747f8ad MD5 of 7225d5fde4daa4552daf67a0ac2f6d7ec0e768536c5377ee3e7beaa04603a6f5 2025-02-22
FileHash-MD5 8da1243add410821b51484242571d089 2025-02-22
FileHash-MD5 8e6176eaea919bae5b75000244474d83 2025-02-22
FileHash-MD5 8f8214195ecf93fb81562bcd6122149d 2025-02-22
FileHash-MD5 8fb5de2498e48338825253f9d1659864 2025-02-22
FileHash-MD5 922afb7de0159e7b435290868c51f33c 2025-02-22
FileHash-MD5 9e5dc9028d4a404bf3d7aa412c58cfe8 2025-02-22
FileHash-MD5 9e9793265bbd40340a00ea57643666d7 MD5 of b1817f23b4b0b09cd7db9e90eac166ddf0de9d22aaf69f17308da43854604d9e 2025-02-22
FileHash-MD5 b1817f23b4b0b09cd7db9e90eac166dd 2025-02-22
FileHash-MD5 bde29a5215e685805f00fee5f03de347 2025-02-22
FileHash-MD5 c34f8b6a299dd867a8d00b4fc50d91d9 2025-02-22
FileHash-MD5 cab622641242a6f2fcbb8a1ae2698fd2 MD5 of f3176e0859ba92049dcd57685c1b5f49b97183ff49fcc79f2ce4ad2b31d2d843 2025-02-22
FileHash-MD5 ccbe9ce52f8258fa5690da0e5ef2a982 2025-02-22
FileHash-MD5 dd005a5c5e6dbb3612f36635097db661 MD5 of 5a441a59fe273161ff82cbe2a7fbddd21386481ad03cc1782b5b41b6b839c245 2025-02-22
FileHash-MD5 ece0da23c4f3f338e05b34198d9c1afe 2025-02-22
FileHash-MD5 f0de9d22aaf69f17308da43854604d9e 2025-02-22
FileHash-MD5 f71a88cb0866480e5d8754b6a40accd9 MD5 of 73c099168755acbc793675a5e64ca719f909cd1943db5757af96b2c1c79ae6d8 2025-02-22
FileHash-MD5 f909cd1943db5757af96b2c1c79ae6d8 2025-02-22
FileHash-MD5 fdde4aa36f7c2a444aab4601dd4238e1 2025-02-22
FileHash-MD5 ff54e863815d819cf4bf7abed65ceabb MD5 of 8e6176eaea919bae5b75000244474d8310a7b8d59806fca133d78f5343839d76 2025-02-22
References (2)
↗ https://www.recordedfuture.com/the-travels-of-markopolo-self-proclaimed-meeting-software-vortax-spreads-infostealers ↗ https://go.recordedfuture.com/hubfs/reports/cta-2024-0617.pdf