← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The Travels of “markopolo”: Self-Proclaimed Meeting Software Vortax Spreads Infostealers, Unveils Expansive Network of Malicious macOS Applications | Recorded Future
WHITE Armature_TIP 2025-02-22 Modified: 2025-03-24
114
IOCs
HIGH VOLUME
Recorded Future's Insikt Group has identified a widespread cyberattack campaign involving Vortax, a purported virtual meeting software, which spreads infostealers to steal information on users of macOS.
amosvortaxrecorded futureintelligenceinsikt groupstealcatomic macosstealerfuturemarkopoloinsiktmacosresearchtravelsvortax spreadsinfostealersnetworkmalicious macosdemomoskautargetjunecontact
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Recorded Future Insikt macOS
Indicators of Compromise (12 / 114 total)
All CVE domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL email hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 1b18927fc7c6bc63a05bf2de679a67560a91ca55 SHA1 of eb74c9dd0a0e3ea3cb31338c55e9e630fdee964a7b5967efcdfa8daa26a0f129 2025-02-22
FileHash-SHA1 36feeb39b4683bc2837d1d3e1ac59e55d02aa5da SHA1 of 5a441a59fe273161ff82cbe2a7fbddd21386481ad03cc1782b5b41b6b839c245 2025-02-22
FileHash-SHA1 399f17a0cdb9a514cb50199f93a67aec9c98f685 SHA1 of 73c099168755acbc793675a5e64ca719f909cd1943db5757af96b2c1c79ae6d8 2025-02-22
FileHash-SHA1 4b6cff351898c62fb02736aa8f12988ee061497f SHA1 of 8e6176eaea919bae5b75000244474d8310a7b8d59806fca133d78f5343839d76 2025-02-22
FileHash-SHA1 53eef26caf355c25ed11494277168be19ea44ba8 SHA1 of 7225d5fde4daa4552daf67a0ac2f6d7ec0e768536c5377ee3e7beaa04603a6f5 2025-02-22
FileHash-SHA1 872c08fb2b659e1375826ee6a6fe62c3352f881f SHA1 of 8fb5de2498e48338825253f9d165986403661003393278d93cb35f5f9a1549dc 2025-02-22
FileHash-SHA1 9d56b54643706787c16f0cae4e9e565c1e1a49ec SHA1 of f3176e0859ba92049dcd57685c1b5f49b97183ff49fcc79f2ce4ad2b31d2d843 2025-02-22
FileHash-SHA1 cb544080eebd6cb61299aaf342e226f5f9323002 SHA1 of b1817f23b4b0b09cd7db9e90eac166ddf0de9d22aaf69f17308da43854604d9e 2025-02-22
FileHash-SHA1 ce27e809f4a2364e9232577c611622bcd0e8e502 SHA1 of 9f676511cb9b35e2916ebf79aec6b4aa6514f8bf640ea2fe786d16a7ed8dab7b 2025-02-22
FileHash-SHA1 d38478e50b41dc2e23501a681f700754889bd075 SHA1 of dee705f4a513081afe9ab682b832068ac558ad3145038e57edc8109ab0e80769 2025-02-22
FileHash-SHA1 d5e996a9d664f72f63b9a1e0dccc5a232a246214 SHA1 of 5d45cc81a22e6ba596b12db4baec5b20ccbe9ce52f8258fa5690da0e5ef2a982 2025-02-22
FileHash-SHA1 f0b3073061f837d1c24ba216d1e503bcc224b48c SHA1 of 7f6f85e1ae4186edc9bf821943893b183a6a9252b0899d682c1899201dffc496 2025-02-22
References (2)
↗ https://www.recordedfuture.com/the-travels-of-markopolo-self-proclaimed-meeting-software-vortax-spreads-infostealers ↗ https://go.recordedfuture.com/hubfs/reports/cta-2024-0617.pdf