{ "type": "URL", "indicator": "https://com.apple.mobile.storage", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://com.apple.mobile.storage", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 2810756774, "indicator": "https://com.apple.mobile.storage", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 5, "pulses": [ { "id": "69e9cd25393e970647c8678e", "name": "[Jane\u2019s Apple iPhone 12 is claimed dead] Credit by ravescoutllc [clone]", "description": "", "modified": "2026-05-24T03:39:11.660000", "created": "2026-04-23T07:41:25.872000", "tags": [ "idle", "deferred", "important", "unknown", "dock", "uisupport", "freezer", "fgsupport", "audio", "driverkit", "runner", "critical", "s0x0180", "s0x01a1", "s0x01a4", "c0x03", "s0x0401", "s0x0402", "s0x0507", "s0x0524", "s0x052a", "s0x060b", "networkappid", "user uid", "prsna pid", "ppid f", "mem pri", "ni vsz", "rss wchan", "tt stat", "started time", "command root", "memgraph", "path to", "dump file", "csstore viewer", "night shift", "status", "daystarthour", "daystartminute", "nightstarthour", "version", "sunsetsunrise", "mach virtual", "memory", "devdisk1s1", "privatevar", "calls", "number", "file defrag", "metadata", "write", "object cache", "fx defrag", "vnopallocate", "vnopblktooff", "vnopblockmap", "meta", "stats", "ckkstlkshare", "cliquestatusin", "sha256", "autounlock", "home", "backstop", "passwords", "applepay", "manatee", "wifi", "a w0", "device", "shared ipad", "appleaopinput", "code0", "userinfo", "fpck", "completed", "current network", "ipv6", "awdl", "security", "legacy wifi", "ipv4", "count", "interval", "timestamp name", "open", "nonpsc", "active", "not associated", "noop", "interface", "scan results", "duration result", "description", "congested wifi", "channel", "current channel", "ht40", "networks", "i en0", "paired", "connected", "status power", "mac address", "f5 discoverable", "scanning", "onetouch tb1x", "address", "airport sync", "airport network", "rave scout", "salman", "scout iphone", "guest agrp", "guest mdat", "items", "begin", "begin wifi", "end wifi", "collect", "dump", "end corecapture", "logs", "begin device", "end device", "method", "supported", "status mac", "op mode", "bssid", "tx rate", "mbps security", "phy mode", "mcs index", "guard period", "errors summary", "report guard", "scan psf", "period ranges", "aw errors", "summary", "ap stats", "ap status", "period", "status primary", "wwan", "disabled awdl", "status ipv6", "mode", "off awdl", "auto", "discovery", "disabled", "could", "cfnetwork", "dns server", "ping lan", "resolve dns", "ping wan", "rbentitlements", "osservice", "background", "invalidate", "xpcservice", "rbstagattribute", "rbassertion", "transientstate", "7529", "8030", "keepalive", "4372", "5760", "8181", "10058", "lockscreen", "test", "trace", "9872", "ckavmediaobject", "iiolaunchinfo", "ckmediaobject", "mxvolumelimiton", "swqwerty", "swemoji", "height", "width", "name", "pixelformattype", "index", "isobase", "sensorheight", "sensorwidth", "aemaxgain", "sensorcropwidth", "formats", "flash", "default filters", "candidate", "enforcing size", "limit", "mb on", "added", "done enforcing", "size limit", "file", "filters", "max size", "duplicate file", "file past", "beginswith", "endswith", "longhang", "excresource", "analytics", "predicate", "predicate not", "matches", "not self", "contains", "e5a2a", "ca156", "dc789", "b1a67", "e7e17", "e2175", "c63d2", "c453c", "cd7d4", "e0fe6", "plist", "dict", "integer", "doctype", "public", "appledtd plist", "ckperboottasks", "array", "ckstartuptime", "optimizestorage", "recorder", "player", "editor", "citymd", "manager", "student", "cleaner", "booster", "smart", "languages", "applelocale" ], "references": [ "jetsam_priority.txt", "tailspin-info.txt", "ps.txt", "oslog_archive_error.log", "README.txt", "night-shift.log", "vm_stat.txt", "mount.txt", "apfs_stats.txt", "ckksctl_status.txt", "ioreg_task_failures.txt", "transparency-sysdiagnose_stderr.txt", "fileproviderctl_task_failures.txt", "spindump_stderr.txt", "taskinfo_stderr.txt", "rmdinspect_stderr.txt", "ModelCatalog_task_failures.txt", "afktool_stderr.txt", "jetsam_priority_stderr.txt", "microstackshots_errors.txt", "AppleTypeCRetimerLogs_task_failures.txt", "ioreg_stderr.txt", "spindump_nosym_errors.txt", "codecctl_stderr.txt", "srsupporttool_stderr.txt", "fileproviderctl_stderr.txt", "suggest_tool_stderr.txt", "mobilewifitool.txt", "com.apple.wifi.syncable-networks.legacy.plist", "diagnostics-configuration.txt", "wifi_scan_cache.txt", "wifi_datapath-PRE.txt", "3bars.txt", "diagnostics-environment.txt", "arp.txt", "netstat-POST.txt", "bluetooth_status.txt", "security.txt", "debug-log.txt", "wifi_status.txt", "netstat-PRE.txt", "leaky_ap_stats.txt", "wifi_datapath-POST.txt", "wifi_logarchive.log", "com.apple.wifi.recent-networks.json", "network_status.txt", "com.apple.wifi.syncable-networks.plist", "ifconfig.txt", "awdl_status.txt", "wifi_scan.txt", "diagnostics-connectivity.txt", "BASEBAND_TS_TRIGGER.log", "Accounts.log", "CoreCapture.log", "appinstallation.log", "FindMyDevice.log", "AlishaLogs.log", "atcrtcomm.log", "Accessibility.log", "CMCaptureTailspins.log", "NanoPreferencesSync.log", "MCUCoreDumps.log", "AppSupport.log", "RecentHangTracerTailspins.log", "DataMigration.log", "BatteryUIPlist.log", "BatteryHealth.log", "UARPEndpointPacketCaptures.log", "time-sensitive-stackshot.log", "OTAUpdateLogs.log", "MobileKeybagLogs.log", "cts.log", "SensorKit.log", "CacheDeleteHistory.log", "CloudKitBookmarks.log", "MobileBackup.log", "AccessibilityPrefs.log", "WatchConnectivity.log", "Frametracer.log", "LogStreamFilter.log", "Panics.log", "OSEligibility.log", "process_proxied_device_logs.log", "Harmony.log", "CalendarPreferences.log", "Sentry.log", "MediaserverdBlockageTailspins.log", "MobileStoreDemo.log", "coremediacapture-afdebug.log", "CoreCaptureBT.log", "crashes_and_spins.log", "StoreServices.log", "itunesstored.log", "brctl.log", "CommandAndControl.log", "NanoRegistry.log", "DarwinInit.log", "MobileLockdown.log", "ProactiveInputPredictions.log", "tailspin-save-ts-collection.log", "SiriAnalytics.log", "usermanagerd_logs.log", "GenerativeExperiences.log", "Contacts.log", "astro.log", "stackshots.log", "NetworkRelay.log", "Siri.log", "MatchTailspins.log", "SpaceAttributionTelemetry.log", "olddsc.log", "ondemandd.log", "ACLogs.log", "SocialLayerPlist.log", "BridgeActivation.log", "SleepCycler.log", "OTA.log", "unnamed_tasks.log", "fsck.log", "tailspin-info-ts.log", "AVConference.log", "MCState.log", "RunningBoard.log", "ATVUpdateLog.log", "AirPodPowerMetrics.log", "MailErrorConditions.log", "hidfw-crashlogs.log", "CoreLocation.log", "SiriTextToSpeech.log", "AUDeveloperSettings.log", "Preferences.log", "ForceResetTailspins.log", "UnifiedAsset.log", "MapsSyncJournal.log", "Burnin.log", "MSU.log", "BluetoothAccessory.log", "VideoProcessing.log", "HIDCrashlogs.log", "Proximity.log", "BridgeActivation 2.log", "MobileAssetHistory.log", "Resource_Exhaustion.log", "avconferenced-embedded.log", "watchdog.log", "LaunchServices.log", "powerlogs.log", "MobileInstallation.log", "SUInfo.log", "spindump-meta-collection.log", "LivabilityApp.log", "syslog.log", "BatteryIntelligence.log", "keyboard_cache.log", "Splat_Versioning.log", "CompanionSync.log", "Personalization.log", "Buddy.log", "TetheredRestore.log", "BTPHY.log", "MemoryExceptions.log", "BluetoothCoreDump.log", "copySpringBoardStateDump.log", "diagnostic_summary.log", "SplunkHistory.log", "ThermalLogs.log", "Mobile_Demo.log", "BridgeReporting.log", "TimezoneDB.log", "AppConduit.log", "microstackshots.log", "SystemVersion.log", "watchdogd_ddts.log", "NSURLSession_logs.log", "MobileActivation.log", "tailspin-history.log", "MobileSlideShow.log", "AFK.log", "MobileSlideShowPrivateData.log", "demod.log", "HangTracerTailspins.log", "Networking.log", "AGXMTLCompilerCrash.log", "ASPSnapshots.log", "BatteryBDC.log", "Trial.log", "ProtectedCloudStorage.log", "MobileObliteration.log", "HCI.log", "UARP_Packet_Capture.log", "launchdLogs.log", "coreaudio_reporting.log", "WiFi.log", "FDR.log", "WindowServerHangs.log", "HomePodSetUp.log", "Recoverylogd.log", "parsecd.log", "diagnose-errors.log", "defaults-com.apple.bird.txt", "defaults-com.apple.iclouddrive.features.txt", "brctl-container-list.txt", "AppleLanguages_Global.txt", "com.apple.avfoundation_CurrentUser.txt", "subscribedAssets_CurrentUser.txt", "com.apple.coreaudio_CurrentUser.txt", "Accessibility_Preferences.txt", "com.apple.MobileAsset_Global.txt", "ScreenTimeEnabled_CurrentUser.txt", "UIPreferredContentSizeCategoryName_CurrentUser.txt", "AppleLocale_CurrentUser.txt", "AppleLocale_Global.txt", "com.apple.coremedia_CurrentUser.txt", "Keyboard_Preferences.txt", "AppleLanguages_CurrentUser.txt", "com.apple.camera_CurrentUser.txt", "CaptureSourceInfo_CurrentUser.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "67068646eec25524c2446ece", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 98, "FileHash-SHA1": 12, "URL": 69, "domain": 29, "hostname": 68, "FileHash-MD5": 11, "email": 1, "BitcoinAddress": 2, "IPv4": 2 }, "indicator_count": 292, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67f5555b6ce863d998e83e26", "name": "macOS Threat Infrastructure Leveraging Remote Agents via remotewd.com and rtmsprod.net", "description": "This pulse identifies an actively observed macOS-focused remote access infrastructure abusing trusted native Apple agents (ARDAgent.app, SSMenuAgent.app) and communicating with a distributed network of C2-like endpoints under domains such as remotewd.com, idsremoteurlconnectionagent.app, and rtmsprod.net.\n\nThe infrastructure is composed of dynamically generated subdomains \u2014 many in the form of device-.remotewd.com \u2014 indicative of automated deployment, system tracking, or per-host remote access configurations.\n\nAdditional indicators include HTTP/S URLs pointing directly to embedded binary paths within macOS agents, suggesting possible delivery vectors, staging, or persistence techniques.\n\nThis campaign shows signs of structured, programmatic targeting and is highly likely to be pre-operational infrastructure for wide-scale surveillance or access operations. All listed indicators should be considered high-risk. If observed in your environment, initiate a full forensic and IR process immediately.", "modified": "2025-05-11T19:03:59.885000", "created": "2025-04-08T16:56:59.641000", "tags": [ "generated from", "do not", "edit uri", "urls", "edit", "rewriteengine", "rewritecond", "rewriterule", "r301", "xml2encalias", "beralloct", "berbvarrayadd", "berbvarrayfree", "berbvdup", "berbvecadd", "berbvecfree", "berbvfree", "berdump", "berdup", "berdupbv", "laerrordomain", "laerrornoncekey", "lamechanismtree", "lacontext", "ladomainstate", "laenvironment", "lanotification", "laprivatekey", "lapublickey", "laright", "apple swift", "o librarylevel", "combine import", "foundation", "swift import", "mcpeerid", "mcsession", "property", "copyright", "protocol", "class", "bonjour", "ascii lowercase", "abc company", "section", "bonjour txt", "note", "ui element", "utf8 encoding", "nscopying", "nsdictionary", "nsstring", "mcextern", "attribute", "mcextern extern", "mcexternweak", "nsenum", "nsinteger", "mcerrorcode", "mcerrorunknown", "mcerrortimedout", "peer", "example", "bonjour apis", "stop", "tags", "session", "nsprogress", "nserror", "nsurl", "nsarray", "create", "nsuinteger", "notifies", "mcsession api", "interface", "dbictrace", "dbivporth", "dbictracelevel", "dbdtffoo", "dbihseterrchar", "dbicstate", "dbictraceflags", "provides macros", "dbi release", "only", "sqlsuccess", "odbc", "sqlok", "tim bunce", "england", "sql cli", "sql datatype", "sqlguid", "sqlwlongvarchar", "main", "beware", "sv sth", "sv dbh", "impsth", "impdbh", "sv keysv", "sv params", "sv attr", "sv attribs", "sv drh", "void", "fri jul", "mixed", "dbixsrevision", "plsvundef", "license", "spagain", "perlioprintf", "dbiclogpio", "putback", "ireland", "gnu general", "super", "magic", "dbicflags", "dbis", "svrv", "null", "imp2com", "dbicactivekids", "dbicfiadestroy", "sv h", "dbicdbistate", "code", "copy", "refer", "trace", "error", "unknown", "hookopcheckh", "startexternc", "hookopcheckcb", "userdata", "endexternc", "isinternalbuild", "kickmcxdforuid", "loadappkit", "ardconfig", "authenticator", "dsauthenticator", "dsnode", "dsrecord", "group", "hostconfig", "apfsvolumelock", "apfsvolumerole", "aoskgetosinfo", "aoskgetuserinfo", "aosaddappleid", "aosdisablepcs", "aosenablepcs", "aoslog", "aoslogforce", "aosrelaycookie", "didfailcallback", "kaosaccountkey", "kapcsbundle", "kapcspath", "kjsonextension", "apcsbucketid", "apcsreports", "apconfiguration", "apversiondata", "apversionhelper", "systemvolumesvm", "name size", "identifier", "gb disk0s3", "devdisk3", "apfs container", "scheme", "physical store", "macintosh hd", "apfs snapshot", "preboot", "refs address", "size wired", "name", "version", "uuid", "linked against", "renderer", "helper", "chrome helper", "contains", "cloud ui", "macintosh", "khtml", "gecko", "ui helper", "plugin", "service", "good", "battery power", "apfs encryption", "jumpcloud go", "chrome web", "store", "privacy badger", "flowcrypt", "encrypt gmail", "simple", "google", "b2b phone", "number", "apollo", "future", "exccrash", "sigkill", "code signature", "invalid", "sigabrt", "protonvpn", "excguard", "excbreakpoint", "sigtrap", "excbadaccess", "appl", "english", "adobe crash", "adobe", "acrobat dcadobe", "processor", "uninstaller", "assistant", "install", "cloud", "dock", "calendar", "music", "terminal", "tips", "installer", "updater", "proton", "tools", "stub", "python", "clock", "powershell", "team", "rave scout", "cookies", "public folder", "key cert", "sign", "crl sign", "root ca", "authority", "public primary", "global root", "verisign", "academic", "premium", "adaptive", "interactive", "background", "standard", "launchd sandbox", "s mdworker", "agent", "command line", "progress", "yubico", "macos13action", "disableoverride", "disableairdrop", "denyactivation", "enable", "loginwindowtext", "jumpcloud", "autoupdate", "loggingoption", "enablefirewall", "arm64e", "apple m2", "mac142", "kjqqtw7pqt", "daemon", "server", "open directory", "user", "account", "kerberos admin", "kerberos change", "device daemon", "network", "desktop", "screensaver", "bridge", "aesxtsarm", "aesecbarm", "sha512vngarmhw", "sha384vngarmhw", "sha256vngarm", "sha1vngarm", "darwin kernel", "wed mar", "wkarraycreate", "wkbooleancreate", "wkcontextcreate", "wkdatacreate", "wkdatagettypeid", "wkdoublecreate", "wkframecopyurl", "wkgettypeid", "wkimagecreate", "wkpagecandelete", "webview", "notice", "this software", "including", "but not", "limited to", "redistribution", "is provided", "by apple", "direct", "damage", "apiavailable", "webkit", "nsswiftname", "document", "a block", "as is", "hasinclude", "wkdownload", "abstract", "wkerrorcode", "wkerrorunknown", "discussion", "bool", "whether", "wkcontentworld", "wkwebview", "javascript", "nsunavailable", "vaargs", "nsswiftasync", "wkswiftasync", "wkcookiepolicy", "wkswiftuiactor", "nshttpcookie", "targetosiphone", "wknavigation", "decides", "boolean value", "apideprecated", "methodkind", "wkerrordomain", "wkscriptmessage", "promise", "fulfill", "const", "url scheme", "mark", "wkuserscript", "targetosvision", "param", "wkframeinfo", "targetosios", "pass", "window", "mime type", "link", "nsimage", "returns", "nsset", "checks", "matches", "a boolean", "defaults", "wkwebextension", "cgsize", "uiimage", "apis", "nsdate", "wkcontentmode", "wkextern", "possible", "cgfloat", "media", "cgrect", "apiunavailable", "framework", "nsswiftuiactor", "targetoswatch", "confirms", "apple upgrade", "nsstring user", "nsobject", "provider", "apple", "password", "uicontrol", "nscontrol", "asuseragerange", "check", "opaque user", "apple id", "initiate", "asauthorization", "operation", "state", "nserrorenum", "nsdata", "relying party", "asapiavailable", "perform", "realm", "http response", "authorization", "http", "oauth", "saml", "a byte", "nsdata userid", "relying", "a string", "nsdata readdata", "bool didwrite", "a cose", "nsdata first", "nsdata second", "nsstring name", "bool appid", "targetosxr", "nsstring appid", "bluetooth", "mdm profile", "nsurl url", "returns yes", "a state", "a json", "web token", "private seckeys", "enables", "keychain", "asswiftsendable", "cose algorithm", "ecdsa", "sha256", "cose curve", "p256", "nullable", "bool success", "remove", "call", "complete", "initializes", "time code", "extensions", "asextern extern", "asextern", "nsswiftsendable", "prepare", "list", "nsextension", "attempt", "nsstring label", "creates", "nsstring code", "a key", "webauthn", "nssecurecoding", "input", "output", "initialize", "nsinteger rank", "json", "inputs", "hash", "nsstring origin", "settings app", "extension", "https urls", "safari", "cancel", "nsuuid uuid", "r uftpexu", "nsmutabledata", "vnsdate", "mprcjy", "postfix", "domain", "canonical", "tables", "ldap", "post", "replace user", "address", "wietse venema", "bugs", "mail", "aliases", "postfix version", "restrict", "sample", "person", "basic system", "general", "reject empty", "postfix smtp", "ipv6 host", "reject", "reply", "access", "prior", "hold", "info", "mail delivery", "charset", "system", "report", "postfix dsn", "mail returned", "this", "generic", "smtp", "isp mail", "mime", "headerchecks", "readme files", "filters while", "posix", "empty", "body", "write", "date", "smtp server", "specify", "mx host", "unix password", "user unknown", "pathbin", "postfix queue", "unix", "cyrus", "path", "uucp", "shell", "local", "program", "agreement", "contributor", "recipient", "contribution", "the program", "corporation", "contributors", "product x", "as expressly", "arch", "arch x8664", "pipe wall", "wimplicit", "ranlib", "warn", "switch", "start", "systype", "outlook", "postfix master", "begin", "server admin", "mail backend", "modern smtp", "iana", "many", "postfix pipe", "recent cyrus", "amos gouaux", "old example", "or even", "lutz jaenicke", "technology", "cottbus", "germany", "openssl package", "openssl project", "europe", "remember that", "use of", "file", "update", "usrsbin", "file format", "no group", "daemondirectory", "deliver mail", "transport", "description", "result format", "virtual", "virtual alias", "redirect mail", "relocated", "matches user", "synopsis", "lastname", "firstname", "apple computer", "tcpip", "supported", "quantum", "facility", "level", "level info", "broadcast", "ignore", "rules", "sender", "automounter map", "use directory", "get home", "home autohome", "true", "t option", "mount", "force", "environment", "automountdenv", "promptcommand", "shellsessiondir", "histfile", "histfilesize", "myvar", "histtimeformat", "arrange", "bashrematch", "tell", "ps1h", "make bash", "s checkwinsize", "etcbashrc", "termprogram", "inpck", "nnnbaud", "berkeley", "parity", "pc entry", "pass8", "parenb istrip", "fixed speed", "entry", "clocal mode", "maxhistsize", "promptmode", "verbose end", "etcirbrcloaded", "default", "setup", "history file", "kernel", "readline", "jabber", "group database", "dovecot", "postfix scsd", "networkd", "searchpaths", "freebsd", "tmpdir", "fcodes", "prunepaths", "vartmp", "prunedirs", "filesystems", "nroff", "manpath", "uncomment", "manpager", "whatispager", "manlocale", "every", "manpath optman", "maybe", "troff", "status mailfrom", "returnpath via", "pidfile", "flags", "bcgjnuwz", "bin usrsbin", "sbin", "default pf", "care", "audio", "user database", "unix copy", "gate daemon", "bashno", "r etcbashrc", "rfc1323", "m1460", "macos x", "signature", "linux", "opera", "xp sp1", "windows sp1", "nmap syn", "m265", "synack", "mind", "macos", "warp", "ipv6", "internet", "icmp", "cisco", "monitoring", "argus", "chaos", "rsvp", "encapsulation", "aris", "isis", "netbootmount", "netbootshadow", "computername", "localonly", "localnetbootdir", "netboot", "define", "purpose", "networkonly", "waiting", "networkup", "term", "devnull", "common setup", "configure", "set command", "dns hostname", "dns query", "see also", "kame", "sunnet manager", "rpcsrc", "netlicense", "ftpd", "bindash binksh", "binsh bintcsh", "jumpcloud ldap", "smb2", "security", "workgroup", "standalone", "samba server", "enforce", "smb3", "example share", "improper use", "ctrlc", "none", "fax reception", "hardwired", "0007", "must", "visudo", "blocksize", "charset lang", "language lcall", "lines columns", "lscolors", "sshauthsock", "orion", "setup user", "home", "zdotdir", "delete", "beep", "vendor", "kf10", "kf11", "kf12", "kf13", "backspace", "insert", "resume", "termsessionid", "savehist", "sharehistory", "h do", "volume", "de l", "l uuid", "m tra", "n est", "suuid", "prfen", "fusion", "syst", "look", "executant", "alla", "over", "test", "overie", "zapis", "rapid", "disco usa", "de macos", "nie s", "i denne", "adgjmpsvx", "diskgthis disk", "01k8x j", "34disk", "levy kytt", "dict", "array", "plist", "apple root", "code signing", "inode64r", "xofkoxzh", "integer", "doctype", "brain", "abcd", "ogwo", "boaw", "cobwa", "uhawavauatsh", "ip bitmap", "foewdc", "could", "ip block", "funcs", "cogwo", "trash", "double", "hunt", "affa", "carr", "crypto", "docwbac", "q1b0", "q1 0", "h h5", "docwbag", "slice", "format", "zero", "alfa", "hera", "lelei", "hehe", "hisp", "fail", "katy", "zakk", "eodwcbgao", "hhk8di", "alma", "topo", "open", "huhk", "piper", "hehx", "eh ui", "h20hph", "hif h", "hmhhihqhyla hq", "r11b0", "target", "uus10u", "hifh", "loghookfailed", "loghook", "hell", "q1b 0", "f duh", "aqw1", "1160" ], "references": [ "index.html.en", "bind.html", "caching.html", "BUILDING", "configuring.html", "content-negotiation.html", "custom-error.html", "convenience.map", "LDAP.tbd", "lber.h", "ldap.h", "LocalAuthentication.tbd", "arm64e-apple-macos.swiftinterface", "x86_64-apple-ios-macabi.swiftinterface", "arm64e-apple-ios-macabi.swiftinterface", "x86_64-apple-macos.swiftinterface", "MultipeerConnectivity.tbd", "module.modulemap", "MCNearbyServiceAdvertiser.h", "MCPeerID.h", "MCError.h", "MCNearbyServiceBrowser.h", "MCAdvertiserAssistant.h", "MultipeerConnectivity.apinotes", "MultipeerConnectivity.h", "MCSession.h", "MCBrowserViewController.h", "dbivport.h", "dbi_sql.h", "dbd_xsh.h", "dbixs_rev.h", "Driver_xst.h", "DBIXS.h", "hook_op_check.h", "Admin.tbd", "AirPlayReceiver.tbd", "apfs_boot_mount.tbd", "AOSKit.tbd", "APConfigurationSystem.tbd", "AppleFirmwareUpdate.tbd", "launchdaemons.txt", "preboot_archive_errors.log", "mounts.txt", "launchagents.txt", "disk_structure.txt", "user_launchagents.txt", "security_status.txt", "kexts.txt", "process_list.txt", "battery.csv", "diskEncryption.csv", "chromeExtensions.csv", "crashes.csv", "interfaceAddrs.csv", "kernel.csv", "interfaceDetails.csv", "etcHosts.csv", "applications.csv", "mounts.csv", "sharedFolders.csv", "certificates.csv", "sharingPreferences.csv", "launchD.csv", "usbDevices.csv", "managedPolicies.csv", "systemInfo.csv", "users.csv", "sipConfig.csv", "systemControls.csv", "canonical", "aliases", "custom_header_checks", "access", "bounce.cf.default", "generic", "header_checks", "main.cf.default", "LICENSE", "makedefs.out", "main.cf", "master.cf.default", "main.cf.proto", "master.cf.proto", "master.cf", "TLS_LICENSE", "postfix-files", "transport", "virtual", "relocated", "afpovertcp.cfg", "asl.conf", "auto_home", "auto_master", "autofs.conf", "bashrc_Apple_Terminal", "com.apple.screensharing.agent.launchd", "bashrc", "command_args.json", "csh.cshrc", "csh.login", "find.codes", "csh.logout", "ftpusers", "gettytab", "irbrc", "kern_loader.conf", "group", "locate.rc", "man.conf", "mail.rc", "manpaths", "networks", "nfs.conf", "newsyslog.conf", "ntp_opendirectory.conf", "ntp.conf", "notify.conf", "paths", "pf.conf", "passwd", "profile", "pf.os", "protocols", "rc.netboot", "rc.common", "rmtab", "resolv.conf", "rtadvd.conf", "rpc", "shells", "smb.conf", "sudo_lecture", "ttys", "syslog.conf", "xtab", "sudoers", "zprofile", "zshrc", "zshrc_Apple_Terminal", "CodeResources", "version.plist", "Info.plist" ], "public": 1, "adversary": "DragonForce Malaysia Hacker Group", "targeted_countries": [], "malware_families": [ { "id": "Lastname", "display_name": "Lastname", "target": null }, { "id": "Firstname", "display_name": "Firstname", "target": null } ], "attack_ids": [ { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 66, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ilyailya", "id": "298851", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4449, "domain": 3847, "URL": 14263, "FileHash-SHA256": 2356, "FileHash-MD5": 223, "FileHash-SHA1": 523, "email": 223, "CVE": 40, "CIDR": 12, "SSLCertFingerprint": 302 }, "indicator_count": 26238, "is_author": false, "is_subscribing": null, "subscriber_count": 37, "modified_text": "385 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67068646eec25524c2446ece", "name": "Jane\u2019s Apple iPhone 12 is claimed dead", "description": "", "modified": "2024-11-08T13:04:19.590000", "created": "2024-10-09T13:33:58.463000", "tags": [ "idle", "deferred", "important", "unknown", "dock", "uisupport", "freezer", "fgsupport", "audio", "driverkit", "runner", "critical", "s0x0180", "s0x01a1", "s0x01a4", "c0x03", "s0x0401", "s0x0402", "s0x0507", "s0x0524", "s0x052a", "s0x060b", "networkappid", "user uid", "prsna pid", "ppid f", "mem pri", "ni vsz", "rss wchan", "tt stat", "started time", "command root", "memgraph", "path to", "dump file", "csstore viewer", "night shift", "status", "daystarthour", "daystartminute", "nightstarthour", "version", "sunsetsunrise", "mach virtual", "memory", "devdisk1s1", "privatevar", "calls", "number", "file defrag", "metadata", "write", "object cache", "fx defrag", "vnopallocate", "vnopblktooff", "vnopblockmap", "meta", "stats", "ckkstlkshare", "cliquestatusin", "sha256", "autounlock", "home", "backstop", "passwords", "applepay", "manatee", "wifi", "a w0", "device", "shared ipad", "appleaopinput", "code0", "userinfo", "fpck", "completed", "current network", "ipv6", "awdl", "security", "legacy wifi", "ipv4", "count", "interval", "timestamp name", "open", "nonpsc", "active", "not associated", "noop", "interface", "scan results", "duration result", "description", "congested wifi", "channel", "current channel", "ht40", "networks", "i en0", "paired", "connected", "status power", "mac address", "f5 discoverable", "scanning", "onetouch tb1x", "address", "airport sync", "airport network", "rave scout", "salman", "scout iphone", "guest agrp", "guest mdat", "items", "begin", "begin wifi", "end wifi", "collect", "dump", "end corecapture", "logs", "begin device", "end device", "method", "supported", "status mac", "op mode", "bssid", "tx rate", "mbps security", "phy mode", "mcs index", "guard period", "errors summary", "report guard", "scan psf", "period ranges", "aw errors", "summary", "ap stats", "ap status", "period", "status primary", "wwan", "disabled awdl", "status ipv6", "mode", "off awdl", "auto", "discovery", "disabled", "could", "cfnetwork", "dns server", "ping lan", "resolve dns", "ping wan", "rbentitlements", "osservice", "background", "invalidate", "xpcservice", "rbstagattribute", "rbassertion", "transientstate", "7529", "8030", "keepalive", "4372", "5760", "8181", "10058", "lockscreen", "test", "trace", "9872", "ckavmediaobject", "iiolaunchinfo", "ckmediaobject", "mxvolumelimiton", "swqwerty", "swemoji", "height", "width", "name", "pixelformattype", "index", "isobase", "sensorheight", "sensorwidth", "aemaxgain", "sensorcropwidth", "formats", "flash", "default filters", "candidate", "enforcing size", "limit", "mb on", "added", "done enforcing", "size limit", "file", "filters", "max size", "duplicate file", "file past", "beginswith", "endswith", "longhang", "excresource", "analytics", "predicate", "predicate not", "matches", "not self", "contains", "e5a2a", "ca156", "dc789", "b1a67", "e7e17", "e2175", "c63d2", "c453c", "cd7d4", "e0fe6", "plist", "dict", "integer", "doctype", "public", "appledtd plist", "ckperboottasks", "array", "ckstartuptime", "optimizestorage", "recorder", "player", "editor", "citymd", "manager", "student", "cleaner", "booster", "smart", "languages", "applelocale" ], "references": [ "jetsam_priority.txt", "tailspin-info.txt", "ps.txt", "oslog_archive_error.log", "README.txt", "night-shift.log", "vm_stat.txt", "mount.txt", "apfs_stats.txt", "ckksctl_status.txt", "ioreg_task_failures.txt", "transparency-sysdiagnose_stderr.txt", "fileproviderctl_task_failures.txt", "spindump_stderr.txt", "taskinfo_stderr.txt", "rmdinspect_stderr.txt", "ModelCatalog_task_failures.txt", "afktool_stderr.txt", "jetsam_priority_stderr.txt", "microstackshots_errors.txt", "AppleTypeCRetimerLogs_task_failures.txt", "ioreg_stderr.txt", "spindump_nosym_errors.txt", "codecctl_stderr.txt", "srsupporttool_stderr.txt", "fileproviderctl_stderr.txt", "suggest_tool_stderr.txt", "mobilewifitool.txt", "com.apple.wifi.syncable-networks.legacy.plist", "diagnostics-configuration.txt", "wifi_scan_cache.txt", "wifi_datapath-PRE.txt", "3bars.txt", "diagnostics-environment.txt", "arp.txt", "netstat-POST.txt", "bluetooth_status.txt", "security.txt", "debug-log.txt", "wifi_status.txt", "netstat-PRE.txt", "leaky_ap_stats.txt", "wifi_datapath-POST.txt", "wifi_logarchive.log", "com.apple.wifi.recent-networks.json", "network_status.txt", "com.apple.wifi.syncable-networks.plist", "ifconfig.txt", "awdl_status.txt", "wifi_scan.txt", "diagnostics-connectivity.txt", "BASEBAND_TS_TRIGGER.log", "Accounts.log", "CoreCapture.log", "appinstallation.log", "FindMyDevice.log", "AlishaLogs.log", "atcrtcomm.log", "Accessibility.log", "CMCaptureTailspins.log", "NanoPreferencesSync.log", "MCUCoreDumps.log", "AppSupport.log", "RecentHangTracerTailspins.log", "DataMigration.log", "BatteryUIPlist.log", "BatteryHealth.log", "UARPEndpointPacketCaptures.log", "time-sensitive-stackshot.log", "OTAUpdateLogs.log", "MobileKeybagLogs.log", "cts.log", "SensorKit.log", "CacheDeleteHistory.log", "CloudKitBookmarks.log", "MobileBackup.log", "AccessibilityPrefs.log", "WatchConnectivity.log", "Frametracer.log", "LogStreamFilter.log", "Panics.log", "OSEligibility.log", "process_proxied_device_logs.log", "Harmony.log", "CalendarPreferences.log", "Sentry.log", "MediaserverdBlockageTailspins.log", "MobileStoreDemo.log", "coremediacapture-afdebug.log", "CoreCaptureBT.log", "crashes_and_spins.log", "StoreServices.log", "itunesstored.log", "brctl.log", "CommandAndControl.log", "NanoRegistry.log", "DarwinInit.log", "MobileLockdown.log", "ProactiveInputPredictions.log", "tailspin-save-ts-collection.log", "SiriAnalytics.log", "usermanagerd_logs.log", "GenerativeExperiences.log", "Contacts.log", "astro.log", "stackshots.log", "NetworkRelay.log", "Siri.log", "MatchTailspins.log", "SpaceAttributionTelemetry.log", "olddsc.log", "ondemandd.log", "ACLogs.log", "SocialLayerPlist.log", "BridgeActivation.log", "SleepCycler.log", "OTA.log", "unnamed_tasks.log", "fsck.log", "tailspin-info-ts.log", "AVConference.log", "MCState.log", "RunningBoard.log", "ATVUpdateLog.log", "AirPodPowerMetrics.log", "MailErrorConditions.log", "hidfw-crashlogs.log", "CoreLocation.log", "SiriTextToSpeech.log", "AUDeveloperSettings.log", "Preferences.log", "ForceResetTailspins.log", "UnifiedAsset.log", "MapsSyncJournal.log", "Burnin.log", "MSU.log", "BluetoothAccessory.log", "VideoProcessing.log", "HIDCrashlogs.log", "Proximity.log", "BridgeActivation 2.log", "MobileAssetHistory.log", "Resource_Exhaustion.log", "avconferenced-embedded.log", "watchdog.log", "LaunchServices.log", "powerlogs.log", "MobileInstallation.log", "SUInfo.log", "spindump-meta-collection.log", "LivabilityApp.log", "syslog.log", "BatteryIntelligence.log", "keyboard_cache.log", "Splat_Versioning.log", "CompanionSync.log", "Personalization.log", "Buddy.log", "TetheredRestore.log", "BTPHY.log", "MemoryExceptions.log", "BluetoothCoreDump.log", "copySpringBoardStateDump.log", "diagnostic_summary.log", "SplunkHistory.log", "ThermalLogs.log", "Mobile_Demo.log", "BridgeReporting.log", "TimezoneDB.log", "AppConduit.log", "microstackshots.log", "SystemVersion.log", "watchdogd_ddts.log", "NSURLSession_logs.log", "MobileActivation.log", "tailspin-history.log", "MobileSlideShow.log", "AFK.log", "MobileSlideShowPrivateData.log", "demod.log", "HangTracerTailspins.log", "Networking.log", "AGXMTLCompilerCrash.log", "ASPSnapshots.log", "BatteryBDC.log", "Trial.log", "ProtectedCloudStorage.log", "MobileObliteration.log", "HCI.log", "UARP_Packet_Capture.log", "launchdLogs.log", "coreaudio_reporting.log", "WiFi.log", "FDR.log", "WindowServerHangs.log", "HomePodSetUp.log", "Recoverylogd.log", "parsecd.log", "diagnose-errors.log", "defaults-com.apple.bird.txt", "defaults-com.apple.iclouddrive.features.txt", "brctl-container-list.txt", "AppleLanguages_Global.txt", "com.apple.avfoundation_CurrentUser.txt", "subscribedAssets_CurrentUser.txt", "com.apple.coreaudio_CurrentUser.txt", "Accessibility_Preferences.txt", "com.apple.MobileAsset_Global.txt", "ScreenTimeEnabled_CurrentUser.txt", "UIPreferredContentSizeCategoryName_CurrentUser.txt", "AppleLocale_CurrentUser.txt", "AppleLocale_Global.txt", "com.apple.coremedia_CurrentUser.txt", "Keyboard_Preferences.txt", "AppleLanguages_CurrentUser.txt", "com.apple.camera_CurrentUser.txt", "CaptureSourceInfo_CurrentUser.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ravescoutllc.", "id": "288912", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 86, "FileHash-SHA1": 2, "URL": 65, "domain": 13, "hostname": 49, "FileHash-MD5": 3, "email": 1 }, "indicator_count": 219, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "570 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66fae0cea9dbd082c30e30ea", "name": "The Jane Syndrome Files: Espionage-Grade Apple iPhone Infiltration", "description": "Here is a full list of details about Apple's latest operating system (OS) and the services it offers: DNS poisonings, network insecurities, malware, malicious script injections.", "modified": "2024-10-30T16:01:07.364000", "created": "2024-09-30T17:33:02.318000", "tags": [ "disabled awdl", "awdl", "status ipv6", "mode", "off awdl", "auto", "discovery", "disabled", "status power", "mac address", "f5 discoverable", "scanning", "current network", "wifi", "security", "wpa2 personal", "legacy", "ipv6", "count", "interval", "timestamp name", "open", "begin", "d71ff", "status", "begin wifi", "collect", "end wifi", "logs", "dump", "end corecapture", "cache", "stats", "cfnetwork", "could", "could ping", "dns server", "duration result", "description", "reach apple", "ping lan", "resolve dns", "number", "guard period", "errors summary", "report guard", "scan psf", "period ranges", "aw errors", "summary", "ap stats", "ap status", "period", "i en0", "airport sync", "airport network", "rave scout", "salman", "scout iphone", "guest agrp", "guest mdat", "items", "status primary", "ipv4", "interface", "nonpsc", "active", "address", "method", "supported", "status mac", "ssid", "bssid", "rssi", "tx rate", "mbps security", "congested wifi", "channel", "current channel", "ht40", "networks", "ht40 network", "wifi cc", "mcastaesccm", "mcasttkip", "fiosd8f6r", "jparadise", "bradstevens", "hazelnuthut", "karen dave", "fios", "brookleyroad", "mobile", "gator", "mach virtual", "memory", "never", "command", "execution time", "timeout", "max rss", "o user", "o ppid", "usrbintaskinfo", "a registry", "ioservice", "state", "executing task", "cpu time", "child process", "cpuwall", "cputimeout", "task container", "handshake", "tmpoutputdir", "executing", "phase", "locker", "atomic", "error", "companion", "savage", "demo", "trigger", "caller", "autounlock", "macbook air", "leaflifetime", "evaluationtime", "afterctflagday", "anchorsource", "validstatus", "numberscts", "mmcs", "unknown", "lmdc", "fssnapshot", "fpck", "fpsnapshot", "fpckrunreason", "iphone", "version", "product type", "os build", "appleinternal", "cpuarchitecture", "chipid", "hwmodel", "d53gap", "hassep", "ap1i", "ap1p", "ap1v", "b0ti", "d1pt", "iq0b", "iq1b", "mbse", "adce", "aopc", "bupt", "chcc", "chif", "upof", "waps", "warp", "wass", "default filters", "size limit", "mb on", "done enforcing", "file", "candidate", "filters", "enforcing size", "limit", "added", "predicate not", "file past", "beginswith", "endswith", "excresource", "analytics", "predicate", "not self", "contains", "max size", "matches", "osvalueobject", "ioport", "ioregistryentry", "iopower", "ioaccessory", "iousb", "iodevicetree", "root", "class", "wcfb", "gtd0x0 dtb", "rfrs", "adfh", "adhf", "vbwr", "vbrr", "cfdwc", "cfdrc", "dlwd", "gcrd", "gccan1 gcmust0", "gccan0 gcmust0", "erase quantile", "bad blocks", "max band", "eol erase", "user partition", "indpoolfree", "key1242", "timestamp", "weightedra", "qmax0", "cyclecount", "timeathighsoc", "chargingvoltage", "bhserviceflags", "04430", "familycode", "vacvoltagelimit", "53685452100", "53685452811", "1284430", "53685452411", "04410", "11524410", "53685452401", "1284410", "10244410", "11534410", "11524430", "10244430", "11534430", "53685451811", "53685451911", "chemid", "algochemid", "eeee", "designcapacity", "presentdod0", "currentcapacity", "ischarging", "temperature", "amperage", "instantamperage", "voltage", "stateofcharge", "chargeaccum", "chargingstate", "inflowstate", "chargelimit", "checkpoint", "decisionmaker", "modeofoperation", "af96b", "begin bluetooth", "b590b", "e97d3", "e1306", "certificate", "start", "status code", "sameorigin body", "xsannwhh5zixhy", "debug", "sun sep", "thu sep", "notice", "fri sep", "unbrick", "dcrt reissue", "commcenter fri", "sat sep", "commcenter sun", "data", "plist", "dict", "post useragent", "dcrt", "body", "doctype", "public", "pkitruststore", "download", "autolocker", "autojob", "data container", "installing", "ls save", "ls operation", "customer", "lsinstalltype", "miinstaller", "staging", "update", "consumed", "missingvalue", "raptor certs", "full service", "pinged configd", "cachedata", "cacheextra", "gmt4", "boot session", "bonjour", "f0fs24 cf0", "xml version", "appledtd plist", "adapter", "sen097", "wairport97", "t3gpp u8721", "u960 u8747", "bae69693u8719", "c2cb", "f1f49791page", "c4 e8", "page", "xethernet97", "sen1u8260", "u8721 u8719", "u8805 a5u8706", "a5u8706 u8721", "u8719 u960", "u8800 c6d8u8734", "b1u8804 u8805", "u8747 aabau937", "u64258 u8800", "u8747 u8776", "u64257 u64258", "u305 u8710", "u63743", "u8260", "u8805 u8706", "u731 u711", "u731", "u733", "time", "time secs", "uuid", "osversion", "lqmlogging", "su ms", "nb nrs", "na cm", "ex tf", "ffp mret", "highband", "ghz sep", "noise 88", "capture", "interfacelogs", "disabledatapath", "role lowlatency", "enabledatapath", "tx submission", "queue sep", "disablesync", "txsubq sep", "datapath", "printdatapath", "txsub disable", "txsub enable", "awdl prox", "awdl interface", "appleolyhal", "iopcidevice", "iopcidevice sep", "appleolyhallog", "pktsec", "mbitssec", "txreported", "u0 m0", "rxmacst", "monitor0 vif", "ff input", "pmopen", "rssi 100", "flushed", "rssi threshold", "service", "p2p concurrency", "allowed", "multicast", "unicast", "p2p interface", "off configured", "host edge", "awdl0", "awdl state", "configured", "d12c2680", "monitor18 vif", "transition", "wait", "device sleep", "device wake", "device active", "pending", "pnd0", "exit", "int state", "tx power", "cap config", "device tree", "ps params", "dtim", "motion profile", "womp disabled", "region info", "lla prefer", "prefer", "moving", "logic", "config", "wlcgetbssinfo", "queue", "check que", "wd scheduled1", "curr", "configure wd", "history", "wlcsetlrl", "wlcgetcountry", "debuggable", "eventbitfield", "fwid 01b0ec0e2e", "d53gap build", "device serial", "file name", "wme acm", "frequestiotx", "busytags", "peer", "u409224", "u527236 m103198", "monitor2827", "totaldropped0", "queue status", "totalflushed0", "tx completion", "rx completion", "fault report", "logging rx", "join mgr", "backpl", "85 85", "fl2 rt601", "bsside2", "rssi avg", "41 48", "44 42", "46 48", "43 42", "io80211 scan", "updated", "mpdus", "chanspec", "roam candidate", "logtransition", "cache channels", "scan home", "infra", "filesystem size", "avail capacity", "devdisk1s1", "dev devdisk1s6", "devdisk1s3", "calls", "file defrag", "metadata", "write", "object cache", "read", "fx defrag", "vnopallocate", "vnopblktooff", "meta", "user pid", "cpu stat", "pri stime", "utime command", "ppid f", "mem pri", "ni vsz", "rss wchan", "started time", "wd scheduled0", "e666293574", "monitor38 vif", "u2642957", "u4321860 m8433", "monitor9744", "b7c5a", "fl2 rt3505", "43 43", "bssid00", "lightphoneii", "43 44", "44 44", "rx data", "f4e0wf", "session", "cached", "access", "integer not", "null default", "null", "text not", "from", "text unique", "where", "order by", "not null", "bool not", "expected t", "nsdata", "unique", "integer primary", "array", "hard", "u63743 fceae8" ], "references": [ "awdl_status.txt", "arp.txt", "bluetooth_status.txt", "com.apple.wifi.syncable-networks.legacy.plist", "com.apple.wifi.syncable-networks.plist", "diagnostics-configuration.txt", "debug-log.txt", "diagnostics-connectivity.txt", "com.apple.wifi.recent-networks.json", "ifconfig.txt", "leaky_ap_stats.txt", "netstat-POST.txt", "mobilewifitool.txt", "security.txt", "netstat-PRE.txt", "network_status.txt", "wifi_datapath-PRE.txt", "wifi_scan_cache.txt", "wifi_logarchive.log", "wifi_datapath-POST.txt", "wifi_status.txt", "diagnostics-environment.txt", "wifi_scan.txt", "vm_stat.txt", "transparency.log", "tzDataVersion.log", "tailspin-info.txt", "taskSummary.csv", "sysdiagnose.log", "security-sysdiagnose.txt", "fileproviderctl_check.log", "hpmDiagnose.txt", "fileproviderctl.log", "hidutil.plist", "remotectl_dumpstate.txt", "smcDiagnose.txt", "BridgeReporting.log", "BridgeActivation.log", "AppConduit.log", "appinstallation.log", "AlishaLogs.log", "ASPSnapshots.log", "AppSupport.log", "astro.log", "AUDeveloperSettings.log", "ATVUpdateLog.log", "AVConference.log", "atcrtcomm.log", "BatteryBDC.log", "avconferenced-embedded.log", "BatteryIntelligence.log", "BluetoothAccessory.log", "BluetoothCoreDump.log", "BatteryHealth.log", "BatteryUIPlist.log", "brctl.log", "BASEBAND_TS_TRIGGER.log", "BTPHY.log", "Burnin.log", "Buddy.log", "CacheDeleteHistory.log", "CalendarPreferences.log", "CMCaptureTailspins.log", "CompanionSync.log", "CommandAndControl.log", "Contacts.log", "coreaudio_reporting.log", "CoreCapture.log", "copySpringBoardStateDump.log", "CoreLocation.log", "CoreCaptureBT.log", "crashes_and_spins.log", "cts.log", "coremediacapture-afdebug.log", "DarwinInit.log", "demod.log", "DataMigration.log", "FDR.log", "diagnostic_summary.log", "ForceResetTailspins.log", "Frametracer.log", "fsck.log", "FindMyDevice.log", "HangTracerTailspins.log", "GenerativeExperiences.log", "Harmony.log", "HIDCrashlogs.log", "HCI.log", "HomePodSetUp.log", "hidfw-crashlogs.log", "itunesstored.log", "LivabilityApp.log", "keyboard_cache.log", "LaunchServices.log", "MailErrorConditions.log", "MapsSyncJournal.log", "MatchTailspins.log", "MCState.log", "MCUCoreDumps.log", "MediaserverdBlockageTailspins.log", "MemoryExceptions.log", "MobileActivation.log", "microstackshots.log", "LogStreamFilter.log", "Mobile_Demo.log", "MobileInstallation.log", "MobileBackup.log", "MobileKeybagLogs.log", "MobileAssetHistory.log", "launchdLogs.log", "MobileSlideShow.log", "MobileLockdown.log", "MobileObliteration.log", "MobileSlideShowPrivateData.log", "MSU.log", "MobileStoreDemo.log", "NanoPreferencesSync.log", "NanoRegistry.log", "NSURLSession_logs.log", "Networking.log", "NetworkRelay.log", "ondemandd.log", "olddsc.log", "OTA.log", "OSEligibility.log", "OTAUpdateLogs.log", "Panics.log", "Personalization.log", "parsecd.log", "powerlogs.log", "process_proxied_device_logs.log", "ProactiveInputPredictions.log", "Preferences.log", "Proximity.log", "ProtectedCloudStorage.log", "RecentHangTracerTailspins.log", "RunningBoard.log", "Recoverylogd.log", "Resource_Exhaustion.log", "SensorKit.log", "SiriTextToSpeech.log", "Sentry.log", "Siri.log", "SiriAnalytics.log", "SleepCycler.log", "SocialLayerPlist.log", "spindump-meta-collection.log", "SplunkHistory.log", "stackshots.log", "SUInfo.log", "StoreServices.log", "SystemVersion.log", "Splat_Versioning.log", "syslog.log", "tailspin-history.log", "ThermalLogs.log", "tailspin-info-ts.log", "Trial.log", "UARP_Packet_Capture.log", "TetheredRestore.log", "UnifiedAsset.log", "time-sensitive-stackshot.log", "TimezoneDB.log", "unnamed_tasks.log", "UARPEndpointPacketCaptures.log", "SpaceAttributionTelemetry.log", "usermanagerd_logs.log", "VideoProcessing.log", "watchdog.log", "WindowServerHangs.log", "WiFi.log", "watchdogd_ddts.log", "asptool_snapshot_timesensitive.log", "asptool_snapshot.log", "acLog.plist", "atcrtcomm.txt", "BDC_Daily_version2.6_2024-08-29_00:19:16.csv", "BDC_Daily_version2.8_2024-09-22_16:06:26.csv", "BDC_Daily_version2.8_2024-09-13_17:49:14.csv", "BDC_Daily_version2.6_2024-09-04_12:00:11.csv", "BDC_Daily_version2.8_2024-09-21_13:45:08.csv", "BDC_OBC_version2.6_2024-08-29_00:19:14.csv", "BDC_OBC_version2.6_2024-09-13_16:25:59.csv", "BDC_OBC_version2.8_2024-09-18_23:12:12.csv", "BDC_OBC_version2.8_2024-09-14_00:28:48.csv", "BDC_OBC_version2.8_2024-09-13_23:35:57.csv", "BDC_OBC_version2.8_2024-09-14_13:32:02.csv", "BDC_OBC_version2.8_2024-09-29_15:16:41.csv", "BDC_Once_version2.6_2024-08-29_00:19:16.csv", "BDC_Once_version2.8_2024-09-13_17:49:16.csv", "BDC_SBC_version2.6_2024-09-02_20:27:16.csv", "BDC_SBC_version2.6_2024-08-29_00:19:16.csv", "BDC_SBC_version2.6_2024-09-03_11:48:00.csv", "BDC_SBC_version2.6_2024-09-11_00:27:57.csv", "BDC_SBC_version2.6_2024-09-04_13:21:06.csv", "BDC_SBC_version2.6_2024-09-04_12:00:11.csv", "BDC_SBC_version2.6_2024-09-03_00:11:37.csv", "BDC_SBC_version2.6_2024-09-13_16:26:54.csv", "BDC_SBC_version2.6_2024-09-13_16:16:55.csv", "BDC_SBC_version2.6_2024-09-08_17:52:28.csv", "BDC_SBC_version2.6_2024-09-13_02:10:48.csv", "BDC_SBC_version2.6_2024-09-12_02:07:40.csv", "BDC_SBC_version2.8_2024-09-13_17:54:28.csv", "BDC_SBC_version2.6_2024-09-13_17:07:26.csv", "BDC_SBC_version2.8_2024-09-13_17:49:18.csv", "BDC_SBC_version2.8_2024-09-14_00:28:50.csv", "BDC_SBC_version2.8_2024-09-18_03:20:38.csv", "BDC_SBC_version2.8_2024-09-18_23:12:15.csv", "BDC_SBC_version2.8_2024-09-14_13:32:04.csv", "BDC_SBC_version2.8_2024-09-21_13:45:07.csv", "BDC_SBC_version2.8_2024-09-22_05:55:57.csv", "BDC_SBC_version2.8_2024-09-23_19:56:36.csv", "BDC_SBC_version2.8_2024-09-17_01:27:03.csv", "BDC_SBC_version2.8_2024-09-23_21:27:40.csv", "BDC_SBC_version2.8_2024-09-24_19:36:33.csv", "BDC_SBC_version2.8_2024-09-14_01:16:12.csv", "BDC_SmartCharging_version2.6_2024-09-02_20:25:09.csv", "BDC_SmartCharging_version2.6_2024-08-29_00:21:46.csv", "BDC_SmartCharging_version2.6_2024-09-03_04:09:12.csv", "BDC_SmartCharging_version2.6_2024-09-03_11:48:07.csv", "BDC_SmartCharging_version2.6_2024-09-03_00:11:44.csv", "BDC_SmartCharging_version2.6_2024-09-04_12:00:20.csv", "BDC_SmartCharging_version2.6_2024-09-04_13:19:02.csv", "CacheDeletePurgeHistory.txt", "FDRDiagnosticReport.plist", "GEAvailability.log", "IOSADiagnose.log", "version", "akd_dcrt_baa_response.txt", "mobileactivationd.log.0", "akd_dcrt_baa_request.txt", "MAAutoAsset_Atomic_History_00.log", "MAAutoAsset_Atomic_History_02.log", "MAAutoAsset_Atomic_History_01.log", "MAAutoAsset_Atomic_History_03.log", "MAAutoAsset_Atomic_History_05.log", "MAAutoAsset_Atomic_History_04.log", "MAAutoAsset_Atomic_History_09.log", "MAAutoAsset_Atomic_History.txt", "MAAutoAsset_Atomic_History_08.log", "MAAutoAsset_Error_History_00.log", "MAAutoAsset_Atomic_History_06.log", "MAAutoAsset_Error_History_02.log", "MAAutoAsset_Error_History_04.log", "MAAutoAsset_Error_History_05.log", "MAAutoAsset_Error_History_08.log", "MAAutoAsset_Error_History.txt", "MAAutoAsset_Filesystem_History_01.log", "MAAutoAsset_Error_History_06.log", "MAAutoAsset_Error_History_09.log", "MAAutoAsset_Error_History_07.log", "MAAutoAsset_Filesystem_History_03.log", "MAAutoAsset_Filesystem_History_02.log", "MAAutoAsset_Filesystem_History_04.log", "MAAutoAsset_Filesystem_History_05.log", "MAAutoAsset_Filesystem_History_08.log", "MAAutoAsset_Filesystem_History_09.log", "MAAutoAsset_Filesystem_History_06.log", "MAAutoAsset_Filesystem_History_00.log", "MAAutoAsset_Filesystem_History_07.log", "MAAutoAsset_Filesystem_History.txt", "MAAutoAsset_Locker_History_00.log", "MAAutoAsset_Locker_History_01.log", "MAAutoAsset_Locker_History_03.log", "MAAutoAsset_Locker_History_06.log", "MAAutoAsset_Locker_History_02.log", "MAAutoAsset_Locker_History_04.log", "MAAutoAsset_Locker_History_05.log", "MAAutoAsset_Locker_History_07.log", "MAAutoAsset_Scheduler_History_00.log", "MAAutoAsset_Locker_History.txt", "MAAutoAsset_Locker_History_08.log", "MAAutoAsset_Scheduler_History_03.log", "MAAutoAsset_Scheduler_History_02.log", "MAAutoAsset_Scheduler_History_04.log", "MAAutoAsset_Scheduler_History_01.log", "MAAutoAsset_Locker_History_09.log", "MAAutoAsset_Scheduler_History_07.log", "MAAutoAsset_Scheduler_History_08.log", "MAAutoAsset_Scheduler_History_05.log", "MAAutoAsset_Scheduler_History_06.log", "MAAutoAsset_Scheduler_History.txt", "MAAutoAsset_Scheduler_History_09.log", "MAAutoAsset_Secure_History_01.log", "MAAutoAsset_Secure_History_00.log", "MAAutoAsset_Secure_History_04.log", "MAAutoAsset_Secure_History_05.log", "MAAutoAsset_Secure_History_03.log", "MAAutoAsset_Secure_History_07.log", "MAAutoAsset_Secure_History_08.log", "MAAutoAsset_Secure_History_06.log", "MAAutoAsset_Secure_History_09.log", "MAAutoAsset_Stager_History_01.log", "MAAutoAsset_Stager_History_02.log", "MAAutoAsset_Stager_History_00.log", "MAAutoAsset_Secure_History.txt", "MAAutoAsset_Stager_History_03.log", "MAAutoAsset_Stager_History_05.log", "MAAutoAsset_Stager_History_07.log", "MAAutoAsset_Stager_History_04.log", "MAAutoAsset_Stager_History_08.log", "MAAutoAsset_Stager_History_06.log", "MAAutoAsset_Stager_History_09.log", "MAAutoAsset_Stager_History.txt", "mobile_installation.log.0", "mobile_installation.log.1", "mobile_installation_helper.log.0", "lockdownd.log", "SUCoreSplunkHistory.log", "model_catalog_dump.txt", "model_manager_dump.json", "com.apple.networkextension.necp.rtf", "preferences.rtf", "NetworkInterfaces.rtf", "com.apple.networkextension.rtf", "com.apple.networkextension.uuidcache.rtf", "com.apple.networkextension.cache.rtf", "com.apple.networkextension.control.rtf", "Entity_2024-09-29 22:12:50.359_Blacklist.csv", "capture.rtf", "system.rtf", "[2024-09-29_22,12,45.966405]-LQMLogging-001.txt", "[2024-09-29_22,12,45.960131]-Interface_SoftAP_0-001.txt", "[2024-09-29_22,12,56.122877]-Interface_LowLatency_0-001.txt", "[2024-09-29_22,12,56.815468]-Interface_Infrastructure_0-001.txt", "[2024-09-29_22,12,56.591747]-Interface_AirLink_0-001.txt", "[2024-09-29_22,12,56.327440]-uartFirmwareLogs-001.txt", "[2024-09-29_22,12,56.457960]-AppleOLYHAL_log-001.txt", "AddFileList.txt", "ap1_AllPeersVerbose_IO80211PeerManager.txt", "awdl0_PrintState_IO80211AWDLPeerManager.txt", "awdl0_AllPeersVerbose_IO80211AWDLPeerManager.txt", "BusState.txt", "ConfigManagerState.txt", "CommanderState.txt", "CoreState.txt", "DeviceInfo.xml", "en0_AllPeersVerbose_IO80211PeerManager.txt", "en0_PrintState_IO80211PeerManager.txt", "InterfaceState_apsta.txt", "ap1_PrintState_IO80211PeerManager.txt", "FaultReportState.txt", "History.txt", "InterfaceState_prox.txt", "ivars->fChannelSwitchDictionary[0].xml", "InterfaceState_llw.txt", "JoinManagerState.txt", "ivars->fChannelSwitchDictionary[1].xml", "InterfaceState_skywalkinfra.txt", "ScanManagerState.txt", "LowLatencyRxCompRing", "MMIO_Log.txt", "SoC_Registers.xml", "LowLatencyTxCompRing", "NetManagerState.txt", "[2024-09-29_22,12,56.477273]-AppleBCMWLAN_Logs-001.txt", "disks.txt", "apfs_stats.txt", "oslog_archive_error.log", "ps_thread.txt", "971A5878D635EB8B262FF791353234.rtf", "B730B951A932F5AE2648F478FDDA81.rtf", "E7B80B551D34E4BCDBC1E47D6AB627.rtf", "2B553D16843D7B9CD7A4504A96CF2F.rtf", "594CB14E19331E8CFB5365144D46C4.rtf", "DE90FBA8603371B106DDEC727E696D.rtf", "C1ACD227FD3CE992C115DD95BD2B42.rtf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ravescoutllc.", "id": "288912", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 105, "domain": 71, "hostname": 211, "URL": 125, "email": 2, "FileHash-MD5": 14, "FileHash-SHA1": 212 }, "indicator_count": 740, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "578 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66fae0d0177ccf5dfc5c1fb0", "name": "The Jane Syndrome Files: Espionage-Grade Apple iPhone Infiltration", "description": "Here is a full list of details about Apple's latest operating system (OS) and the services it offers: DNS poisonings, network insecurities, malware, malicious script injections.", "modified": "2024-10-30T16:01:07.364000", "created": "2024-09-30T17:33:04.581000", "tags": [ "disabled awdl", "awdl", "status ipv6", "mode", "off awdl", "auto", "discovery", "disabled", "status power", "mac address", "f5 discoverable", "scanning", "current network", "wifi", "security", "wpa2 personal", "legacy", "ipv6", "count", "interval", "timestamp name", "open", "begin", "d71ff", "status", "begin wifi", "collect", "end wifi", "logs", "dump", "end corecapture", "cache", "stats", "cfnetwork", "could", "could ping", "dns server", "duration result", "description", "reach apple", "ping lan", "resolve dns", "number", "guard period", "errors summary", "report guard", "scan psf", "period ranges", "aw errors", "summary", "ap stats", "ap status", "period", "i en0", "airport sync", "airport network", "rave scout", "salman", "scout iphone", "guest agrp", "guest mdat", "items", "status primary", "ipv4", "interface", "nonpsc", "active", "address", "method", "supported", "status mac", "ssid", "bssid", "rssi", "tx rate", "mbps security", "congested wifi", "channel", "current channel", "ht40", "networks", "ht40 network", "wifi cc", "mcastaesccm", "mcasttkip", "fiosd8f6r", "jparadise", "bradstevens", "hazelnuthut", "karen dave", "fios", "brookleyroad", "mobile", "gator", "mach virtual", "memory", "never", "command", "execution time", "timeout", "max rss", "o user", "o ppid", "usrbintaskinfo", "a registry", "ioservice", "state", "executing task", "cpu time", "child process", "cpuwall", "cputimeout", "task container", "handshake", "tmpoutputdir", "executing", "phase", "locker", "atomic", "error", "companion", "savage", "demo", "trigger", "caller", "autounlock", "macbook air", "leaflifetime", "evaluationtime", "afterctflagday", "anchorsource", "validstatus", "numberscts", "mmcs", "unknown", "lmdc", "fssnapshot", "fpck", "fpsnapshot", "fpckrunreason", "iphone", "version", "product type", "os build", "appleinternal", "cpuarchitecture", "chipid", "hwmodel", "d53gap", "hassep", "ap1i", "ap1p", "ap1v", "b0ti", "d1pt", "iq0b", "iq1b", "mbse", "adce", "aopc", "bupt", "chcc", "chif", "upof", "waps", "warp", "wass", "default filters", "size limit", "mb on", "done enforcing", "file", "candidate", "filters", "enforcing size", "limit", "added", "predicate not", "file past", "beginswith", "endswith", "excresource", "analytics", "predicate", "not self", "contains", "max size", "matches", "osvalueobject", "ioport", "ioregistryentry", "iopower", "ioaccessory", "iousb", "iodevicetree", "root", "class", "wcfb", "gtd0x0 dtb", "rfrs", "adfh", "adhf", "vbwr", "vbrr", "cfdwc", "cfdrc", "dlwd", "gcrd", "gccan1 gcmust0", "gccan0 gcmust0", "erase quantile", "bad blocks", "max band", "eol erase", "user partition", "indpoolfree", "key1242", "timestamp", "weightedra", "qmax0", "cyclecount", "timeathighsoc", "chargingvoltage", "bhserviceflags", "04430", "familycode", "vacvoltagelimit", "53685452100", "53685452811", "1284430", "53685452411", "04410", "11524410", "53685452401", "1284410", "10244410", "11534410", "11524430", "10244430", "11534430", "53685451811", "53685451911", "chemid", "algochemid", "eeee", "designcapacity", "presentdod0", "currentcapacity", "ischarging", "temperature", "amperage", "instantamperage", "voltage", "stateofcharge", "chargeaccum", "chargingstate", "inflowstate", "chargelimit", "checkpoint", "decisionmaker", "modeofoperation", "af96b", "begin bluetooth", "b590b", "e97d3", "e1306", "certificate", "start", "status code", "sameorigin body", "xsannwhh5zixhy", "debug", "sun sep", "thu sep", "notice", "fri sep", "unbrick", "dcrt reissue", "commcenter fri", "sat sep", "commcenter sun", "data", "plist", "dict", "post useragent", "dcrt", "body", "doctype", "public", "pkitruststore", "download", "autolocker", "autojob", "data container", "installing", "ls save", "ls operation", "customer", "lsinstalltype", "miinstaller", "staging", "update", "consumed", "missingvalue", "raptor certs", "full service", "pinged configd", "cachedata", "cacheextra", "gmt4", "boot session", "bonjour", "f0fs24 cf0", "xml version", "appledtd plist", "adapter", "sen097", "wairport97", "t3gpp u8721", "u960 u8747", "bae69693u8719", "c2cb", "f1f49791page", "c4 e8", "page", "xethernet97", "sen1u8260", "u8721 u8719", "u8805 a5u8706", "a5u8706 u8721", "u8719 u960", "u8800 c6d8u8734", "b1u8804 u8805", "u8747 aabau937", "u64258 u8800", "u8747 u8776", "u64257 u64258", "u305 u8710", "u63743", "u8260", "u8805 u8706", "u731 u711", "u731", "u733", "time", "time secs", "uuid", "osversion", "lqmlogging", "su ms", "nb nrs", "na cm", "ex tf", "ffp mret", "highband", "ghz sep", "noise 88", "capture", "interfacelogs", "disabledatapath", "role lowlatency", "enabledatapath", "tx submission", "queue sep", "disablesync", "txsubq sep", "datapath", "printdatapath", "txsub disable", "txsub enable", "awdl prox", "awdl interface", "appleolyhal", "iopcidevice", "iopcidevice sep", "appleolyhallog", "pktsec", "mbitssec", "txreported", "u0 m0", "rxmacst", "monitor0 vif", "ff input", "pmopen", "rssi 100", "flushed", "rssi threshold", "service", "p2p concurrency", "allowed", "multicast", "unicast", "p2p interface", "off configured", "host edge", "awdl0", "awdl state", "configured", "d12c2680", "monitor18 vif", "transition", "wait", "device sleep", "device wake", "device active", "pending", "pnd0", "exit", "int state", "tx power", "cap config", "device tree", "ps params", "dtim", "motion profile", "womp disabled", "region info", "lla prefer", "prefer", "moving", "logic", "config", "wlcgetbssinfo", "queue", "check que", "wd scheduled1", "curr", "configure wd", "history", "wlcsetlrl", "wlcgetcountry", "debuggable", "eventbitfield", "fwid 01b0ec0e2e", "d53gap build", "device serial", "file name", "wme acm", "frequestiotx", "busytags", "peer", "u409224", "u527236 m103198", "monitor2827", "totaldropped0", "queue status", "totalflushed0", "tx completion", "rx completion", "fault report", "logging rx", "join mgr", "backpl", "85 85", "fl2 rt601", "bsside2", "rssi avg", "41 48", "44 42", "46 48", "43 42", "io80211 scan", "updated", "mpdus", "chanspec", "roam candidate", "logtransition", "cache channels", "scan home", "infra", "filesystem size", "avail capacity", "devdisk1s1", "dev devdisk1s6", "devdisk1s3", "calls", "file defrag", "metadata", "write", "object cache", "read", "fx defrag", "vnopallocate", "vnopblktooff", "meta", "user pid", "cpu stat", "pri stime", "utime command", "ppid f", "mem pri", "ni vsz", "rss wchan", "started time", "wd scheduled0", "e666293574", "monitor38 vif", "u2642957", "u4321860 m8433", "monitor9744", "b7c5a", "fl2 rt3505", "43 43", "bssid00", "lightphoneii", "43 44", "44 44", "rx data", "f4e0wf", "session", "cached", "access", "integer not", "null default", "null", "text not", "from", "text unique", "where", "order by", "not null", "bool not", "expected t", "nsdata", "unique", "integer primary", "array", "hard", "u63743 fceae8" ], "references": [ "awdl_status.txt", "arp.txt", "bluetooth_status.txt", "com.apple.wifi.syncable-networks.legacy.plist", "com.apple.wifi.syncable-networks.plist", "diagnostics-configuration.txt", "debug-log.txt", "diagnostics-connectivity.txt", "com.apple.wifi.recent-networks.json", "ifconfig.txt", "leaky_ap_stats.txt", "netstat-POST.txt", "mobilewifitool.txt", "security.txt", "netstat-PRE.txt", "network_status.txt", "wifi_datapath-PRE.txt", "wifi_scan_cache.txt", "wifi_logarchive.log", "wifi_datapath-POST.txt", "wifi_status.txt", "diagnostics-environment.txt", "wifi_scan.txt", "vm_stat.txt", "transparency.log", "tzDataVersion.log", "tailspin-info.txt", "taskSummary.csv", "sysdiagnose.log", "security-sysdiagnose.txt", "fileproviderctl_check.log", "hpmDiagnose.txt", "fileproviderctl.log", "hidutil.plist", "remotectl_dumpstate.txt", "smcDiagnose.txt", "BridgeReporting.log", "BridgeActivation.log", "AppConduit.log", "appinstallation.log", "AlishaLogs.log", "ASPSnapshots.log", "AppSupport.log", "astro.log", "AUDeveloperSettings.log", "ATVUpdateLog.log", "AVConference.log", "atcrtcomm.log", "BatteryBDC.log", "avconferenced-embedded.log", "BatteryIntelligence.log", "BluetoothAccessory.log", "BluetoothCoreDump.log", "BatteryHealth.log", "BatteryUIPlist.log", "brctl.log", "BASEBAND_TS_TRIGGER.log", "BTPHY.log", "Burnin.log", "Buddy.log", "CacheDeleteHistory.log", "CalendarPreferences.log", "CMCaptureTailspins.log", "CompanionSync.log", "CommandAndControl.log", "Contacts.log", "coreaudio_reporting.log", "CoreCapture.log", "copySpringBoardStateDump.log", "CoreLocation.log", "CoreCaptureBT.log", "crashes_and_spins.log", "cts.log", "coremediacapture-afdebug.log", "DarwinInit.log", "demod.log", "DataMigration.log", "FDR.log", "diagnostic_summary.log", "ForceResetTailspins.log", "Frametracer.log", "fsck.log", "FindMyDevice.log", "HangTracerTailspins.log", "GenerativeExperiences.log", "Harmony.log", "HIDCrashlogs.log", "HCI.log", "HomePodSetUp.log", "hidfw-crashlogs.log", "itunesstored.log", "LivabilityApp.log", "keyboard_cache.log", "LaunchServices.log", "MailErrorConditions.log", "MapsSyncJournal.log", "MatchTailspins.log", "MCState.log", "MCUCoreDumps.log", "MediaserverdBlockageTailspins.log", "MemoryExceptions.log", "MobileActivation.log", "microstackshots.log", "LogStreamFilter.log", "Mobile_Demo.log", "MobileInstallation.log", "MobileBackup.log", "MobileKeybagLogs.log", "MobileAssetHistory.log", "launchdLogs.log", "MobileSlideShow.log", "MobileLockdown.log", "MobileObliteration.log", "MobileSlideShowPrivateData.log", "MSU.log", "MobileStoreDemo.log", "NanoPreferencesSync.log", "NanoRegistry.log", "NSURLSession_logs.log", "Networking.log", "NetworkRelay.log", "ondemandd.log", "olddsc.log", "OTA.log", "OSEligibility.log", "OTAUpdateLogs.log", "Panics.log", "Personalization.log", "parsecd.log", "powerlogs.log", "process_proxied_device_logs.log", "ProactiveInputPredictions.log", "Preferences.log", "Proximity.log", "ProtectedCloudStorage.log", "RecentHangTracerTailspins.log", "RunningBoard.log", "Recoverylogd.log", "Resource_Exhaustion.log", "SensorKit.log", "SiriTextToSpeech.log", "Sentry.log", "Siri.log", "SiriAnalytics.log", "SleepCycler.log", "SocialLayerPlist.log", "spindump-meta-collection.log", "SplunkHistory.log", "stackshots.log", "SUInfo.log", "StoreServices.log", "SystemVersion.log", "Splat_Versioning.log", "syslog.log", "tailspin-history.log", "ThermalLogs.log", "tailspin-info-ts.log", "Trial.log", "UARP_Packet_Capture.log", "TetheredRestore.log", "UnifiedAsset.log", "time-sensitive-stackshot.log", "TimezoneDB.log", "unnamed_tasks.log", "UARPEndpointPacketCaptures.log", "SpaceAttributionTelemetry.log", "usermanagerd_logs.log", "VideoProcessing.log", "watchdog.log", "WindowServerHangs.log", "WiFi.log", "watchdogd_ddts.log", "asptool_snapshot_timesensitive.log", "asptool_snapshot.log", "acLog.plist", "atcrtcomm.txt", "BDC_Daily_version2.6_2024-08-29_00:19:16.csv", "BDC_Daily_version2.8_2024-09-22_16:06:26.csv", "BDC_Daily_version2.8_2024-09-13_17:49:14.csv", "BDC_Daily_version2.6_2024-09-04_12:00:11.csv", "BDC_Daily_version2.8_2024-09-21_13:45:08.csv", "BDC_OBC_version2.6_2024-08-29_00:19:14.csv", "BDC_OBC_version2.6_2024-09-13_16:25:59.csv", "BDC_OBC_version2.8_2024-09-18_23:12:12.csv", "BDC_OBC_version2.8_2024-09-14_00:28:48.csv", "BDC_OBC_version2.8_2024-09-13_23:35:57.csv", "BDC_OBC_version2.8_2024-09-14_13:32:02.csv", "BDC_OBC_version2.8_2024-09-29_15:16:41.csv", "BDC_Once_version2.6_2024-08-29_00:19:16.csv", "BDC_Once_version2.8_2024-09-13_17:49:16.csv", "BDC_SBC_version2.6_2024-09-02_20:27:16.csv", "BDC_SBC_version2.6_2024-08-29_00:19:16.csv", "BDC_SBC_version2.6_2024-09-03_11:48:00.csv", "BDC_SBC_version2.6_2024-09-11_00:27:57.csv", "BDC_SBC_version2.6_2024-09-04_13:21:06.csv", "BDC_SBC_version2.6_2024-09-04_12:00:11.csv", "BDC_SBC_version2.6_2024-09-03_00:11:37.csv", "BDC_SBC_version2.6_2024-09-13_16:26:54.csv", "BDC_SBC_version2.6_2024-09-13_16:16:55.csv", "BDC_SBC_version2.6_2024-09-08_17:52:28.csv", "BDC_SBC_version2.6_2024-09-13_02:10:48.csv", "BDC_SBC_version2.6_2024-09-12_02:07:40.csv", "BDC_SBC_version2.8_2024-09-13_17:54:28.csv", "BDC_SBC_version2.6_2024-09-13_17:07:26.csv", "BDC_SBC_version2.8_2024-09-13_17:49:18.csv", "BDC_SBC_version2.8_2024-09-14_00:28:50.csv", "BDC_SBC_version2.8_2024-09-18_03:20:38.csv", "BDC_SBC_version2.8_2024-09-18_23:12:15.csv", "BDC_SBC_version2.8_2024-09-14_13:32:04.csv", "BDC_SBC_version2.8_2024-09-21_13:45:07.csv", "BDC_SBC_version2.8_2024-09-22_05:55:57.csv", "BDC_SBC_version2.8_2024-09-23_19:56:36.csv", "BDC_SBC_version2.8_2024-09-17_01:27:03.csv", "BDC_SBC_version2.8_2024-09-23_21:27:40.csv", "BDC_SBC_version2.8_2024-09-24_19:36:33.csv", "BDC_SBC_version2.8_2024-09-14_01:16:12.csv", "BDC_SmartCharging_version2.6_2024-09-02_20:25:09.csv", "BDC_SmartCharging_version2.6_2024-08-29_00:21:46.csv", "BDC_SmartCharging_version2.6_2024-09-03_04:09:12.csv", "BDC_SmartCharging_version2.6_2024-09-03_11:48:07.csv", "BDC_SmartCharging_version2.6_2024-09-03_00:11:44.csv", "BDC_SmartCharging_version2.6_2024-09-04_12:00:20.csv", "BDC_SmartCharging_version2.6_2024-09-04_13:19:02.csv", "CacheDeletePurgeHistory.txt", "FDRDiagnosticReport.plist", "GEAvailability.log", "IOSADiagnose.log", "version", "akd_dcrt_baa_response.txt", "mobileactivationd.log.0", "akd_dcrt_baa_request.txt", "MAAutoAsset_Atomic_History_00.log", "MAAutoAsset_Atomic_History_02.log", "MAAutoAsset_Atomic_History_01.log", "MAAutoAsset_Atomic_History_03.log", "MAAutoAsset_Atomic_History_05.log", "MAAutoAsset_Atomic_History_04.log", "MAAutoAsset_Atomic_History_09.log", "MAAutoAsset_Atomic_History.txt", "MAAutoAsset_Atomic_History_08.log", "MAAutoAsset_Error_History_00.log", "MAAutoAsset_Atomic_History_06.log", "MAAutoAsset_Error_History_02.log", "MAAutoAsset_Error_History_04.log", "MAAutoAsset_Error_History_05.log", "MAAutoAsset_Error_History_08.log", "MAAutoAsset_Error_History.txt", "MAAutoAsset_Filesystem_History_01.log", "MAAutoAsset_Error_History_06.log", "MAAutoAsset_Error_History_09.log", "MAAutoAsset_Error_History_07.log", "MAAutoAsset_Filesystem_History_03.log", "MAAutoAsset_Filesystem_History_02.log", "MAAutoAsset_Filesystem_History_04.log", "MAAutoAsset_Filesystem_History_05.log", "MAAutoAsset_Filesystem_History_08.log", "MAAutoAsset_Filesystem_History_09.log", "MAAutoAsset_Filesystem_History_06.log", "MAAutoAsset_Filesystem_History_00.log", "MAAutoAsset_Filesystem_History_07.log", "MAAutoAsset_Filesystem_History.txt", "MAAutoAsset_Locker_History_00.log", "MAAutoAsset_Locker_History_01.log", "MAAutoAsset_Locker_History_03.log", "MAAutoAsset_Locker_History_06.log", "MAAutoAsset_Locker_History_02.log", "MAAutoAsset_Locker_History_04.log", "MAAutoAsset_Locker_History_05.log", "MAAutoAsset_Locker_History_07.log", "MAAutoAsset_Scheduler_History_00.log", "MAAutoAsset_Locker_History.txt", "MAAutoAsset_Locker_History_08.log", "MAAutoAsset_Scheduler_History_03.log", "MAAutoAsset_Scheduler_History_02.log", "MAAutoAsset_Scheduler_History_04.log", "MAAutoAsset_Scheduler_History_01.log", "MAAutoAsset_Locker_History_09.log", "MAAutoAsset_Scheduler_History_07.log", "MAAutoAsset_Scheduler_History_08.log", "MAAutoAsset_Scheduler_History_05.log", "MAAutoAsset_Scheduler_History_06.log", "MAAutoAsset_Scheduler_History.txt", "MAAutoAsset_Scheduler_History_09.log", "MAAutoAsset_Secure_History_01.log", "MAAutoAsset_Secure_History_00.log", "MAAutoAsset_Secure_History_04.log", "MAAutoAsset_Secure_History_05.log", "MAAutoAsset_Secure_History_03.log", "MAAutoAsset_Secure_History_07.log", "MAAutoAsset_Secure_History_08.log", "MAAutoAsset_Secure_History_06.log", "MAAutoAsset_Secure_History_09.log", "MAAutoAsset_Stager_History_01.log", "MAAutoAsset_Stager_History_02.log", "MAAutoAsset_Stager_History_00.log", "MAAutoAsset_Secure_History.txt", "MAAutoAsset_Stager_History_03.log", "MAAutoAsset_Stager_History_05.log", "MAAutoAsset_Stager_History_07.log", "MAAutoAsset_Stager_History_04.log", "MAAutoAsset_Stager_History_08.log", "MAAutoAsset_Stager_History_06.log", "MAAutoAsset_Stager_History_09.log", "MAAutoAsset_Stager_History.txt", "mobile_installation.log.0", "mobile_installation.log.1", "mobile_installation_helper.log.0", "lockdownd.log", "SUCoreSplunkHistory.log", "model_catalog_dump.txt", "model_manager_dump.json", "com.apple.networkextension.necp.rtf", "preferences.rtf", "NetworkInterfaces.rtf", "com.apple.networkextension.rtf", "com.apple.networkextension.uuidcache.rtf", "com.apple.networkextension.cache.rtf", "com.apple.networkextension.control.rtf", "Entity_2024-09-29 22:12:50.359_Blacklist.csv", "capture.rtf", "system.rtf", "[2024-09-29_22,12,45.966405]-LQMLogging-001.txt", "[2024-09-29_22,12,45.960131]-Interface_SoftAP_0-001.txt", "[2024-09-29_22,12,56.122877]-Interface_LowLatency_0-001.txt", "[2024-09-29_22,12,56.815468]-Interface_Infrastructure_0-001.txt", "[2024-09-29_22,12,56.591747]-Interface_AirLink_0-001.txt", "[2024-09-29_22,12,56.327440]-uartFirmwareLogs-001.txt", "[2024-09-29_22,12,56.457960]-AppleOLYHAL_log-001.txt", "AddFileList.txt", "ap1_AllPeersVerbose_IO80211PeerManager.txt", "awdl0_PrintState_IO80211AWDLPeerManager.txt", "awdl0_AllPeersVerbose_IO80211AWDLPeerManager.txt", "BusState.txt", "ConfigManagerState.txt", "CommanderState.txt", "CoreState.txt", "DeviceInfo.xml", "en0_AllPeersVerbose_IO80211PeerManager.txt", "en0_PrintState_IO80211PeerManager.txt", "InterfaceState_apsta.txt", "ap1_PrintState_IO80211PeerManager.txt", "FaultReportState.txt", "History.txt", "InterfaceState_prox.txt", "ivars->fChannelSwitchDictionary[0].xml", "InterfaceState_llw.txt", "JoinManagerState.txt", "ivars->fChannelSwitchDictionary[1].xml", "InterfaceState_skywalkinfra.txt", "ScanManagerState.txt", "LowLatencyRxCompRing", "MMIO_Log.txt", "SoC_Registers.xml", "LowLatencyTxCompRing", "NetManagerState.txt", "[2024-09-29_22,12,56.477273]-AppleBCMWLAN_Logs-001.txt", "disks.txt", "apfs_stats.txt", "oslog_archive_error.log", "ps_thread.txt", "971A5878D635EB8B262FF791353234.rtf", "B730B951A932F5AE2648F478FDDA81.rtf", "E7B80B551D34E4BCDBC1E47D6AB627.rtf", "2B553D16843D7B9CD7A4504A96CF2F.rtf", "594CB14E19331E8CFB5365144D46C4.rtf", "DE90FBA8603371B106DDEC727E696D.rtf", "C1ACD227FD3CE992C115DD95BD2B42.rtf" ], "public": 1, "adversary": "DragonForce Malaysia Hacker Group", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "", "display_name": "", "target": null } ], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1088", "name": "Bypass User Account Control", "display_name": "T1088 - Bypass User Account Control" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1546.004", "name": "Unix Shell Configuration Modification", "display_name": "T1546.004 - Unix Shell Configuration Modification" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1213", "name": "Data from Information Repositories", "display_name": "T1213 - Data from Information Repositories" }, { "id": "T1070.002", "name": "Clear Linux or Mac System Logs", "display_name": "T1070.002 - Clear Linux or Mac System Logs" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1445", "name": "Abuse of iOS Enterprise App Signing Key", "display_name": "T1445 - Abuse of iOS Enterprise App Signing Key" }, { "id": "T1001.003", "name": "Protocol Impersonation", "display_name": "T1001.003 - Protocol Impersonation" }, { "id": "T1404", "name": "Exploit OS Vulnerability", "display_name": "T1404 - Exploit OS Vulnerability" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ravescoutllc.", "id": "288912", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 105, "domain": 70, "hostname": 211, "URL": 125, "email": 2, "FileHash-MD5": 14, "FileHash-SHA1": 212 }, "indicator_count": 739, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "578 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "olddsc.log", "BDC_SBC_version2.6_2024-09-04_12:00:11.csv", "subscribedAssets_CurrentUser.txt", "BDC_OBC_version2.8_2024-09-29_15:16:41.csv", "ps_thread.txt", "certificates.csv", "MAAutoAsset_Atomic_History_05.log", "spindump_stderr.txt", "MAAutoAsset_Stager_History_09.log", "README.txt", "MCBrowserViewController.h", "Preferences.log", "Driver_xst.h", "BDC_SBC_version2.6_2024-09-13_16:16:55.csv", "BDC_SBC_version2.8_2024-09-18_23:12:15.csv", "content-negotiation.html", "gettytab", "ap1_PrintState_IO80211PeerManager.txt", "x86_64-apple-macos.swiftinterface", "MSU.log", "mobilewifitool.txt", "APConfigurationSystem.tbd", "index.html.en", "DBIXS.h", "asptool_snapshot.log", "brctl-container-list.txt", "ATVUpdateLog.log", "MAAutoAsset_Locker_History_03.log", "Harmony.log", "srsupporttool_stderr.txt", "demod.log", "[2024-09-29_22,12,56.457960]-AppleOLYHAL_log-001.txt", "version.plist", "BridgeReporting.log", "com.apple.networkextension.rtf", "Siri.log", "sharingPreferences.csv", "IOSADiagnose.log", "MCError.h", "BDC_SBC_version2.6_2024-09-11_00:27:57.csv", "NanoRegistry.log", "AppleLanguages_CurrentUser.txt", "mounts.csv", "MemoryExceptions.log", "Trial.log", "LICENSE", "com.apple.wifi.recent-networks.json", "MMIO_Log.txt", "suggest_tool_stderr.txt", "BASEBAND_TS_TRIGGER.log", "hidutil.plist", "bashrc_Apple_Terminal", "UARPEndpointPacketCaptures.log", "Networking.log", "MAAutoAsset_Stager_History.txt", "canonical", "transparency.log", "protocols", "mounts.txt", "ASPSnapshots.log", "launchdLogs.log", "MobileActivation.log", "hidfw-crashlogs.log", "MailErrorConditions.log", "BTPHY.log", "usermanagerd_logs.log", "appinstallation.log", "MCState.log", "resolv.conf", "diagnostics-configuration.txt", "MAAutoAsset_Scheduler_History_07.log", "watchdog.log", "Personalization.log", "MAAutoAsset_Stager_History_06.log", "AFK.log", "DataMigration.log", "CacheDeleteHistory.log", "wifi_scan_cache.txt", "LogStreamFilter.log", "MAAutoAsset_Atomic_History_00.log", "LivabilityApp.log", "sudoers", "BDC_SBC_version2.8_2024-09-14_13:32:04.csv", "syslog.conf", "en0_PrintState_IO80211PeerManager.txt", "MAAutoAsset_Stager_History_05.log", "InterfaceState_skywalkinfra.txt", "ScanManagerState.txt", "arp.txt", "BatteryUIPlist.log", "MAAutoAsset_Secure_History_04.log", "BDC_SBC_version2.6_2024-08-29_00:19:16.csv", "LowLatencyRxCompRing", "TimezoneDB.log", "security.txt", "transport", "AccessibilityPrefs.log", "BDC_SmartCharging_version2.6_2024-09-02_20:25:09.csv", "MAAutoAsset_Secure_History_08.log", "paths", "BDC_SmartCharging_version2.6_2024-09-03_11:48:07.csv", "process_proxied_device_logs.log", "disk_structure.txt", "BDC_SBC_version2.6_2024-09-03_00:11:37.csv", "applications.csv", "ntp.conf", "dbi_sql.h", "jetsam_priority_stderr.txt", "MAAutoAsset_Secure_History_00.log", "xtab", "rmtab", "MAAutoAsset_Filesystem_History_09.log", "OSEligibility.log", "ldap.h", "MAAutoAsset_Scheduler_History_02.log", "ioreg_stderr.txt", "Info.plist", "MAAutoAsset_Filesystem_History_08.log", "com.apple.coreaudio_CurrentUser.txt", "MAAutoAsset_Filesystem_History_04.log", "ScreenTimeEnabled_CurrentUser.txt", "MAAutoAsset_Locker_History.txt", "csh.logout", "wifi_datapath-POST.txt", "MAAutoAsset_Error_History_07.log", "LDAP.tbd", "BDC_SBC_version2.8_2024-09-21_13:45:07.csv", "MAAutoAsset_Locker_History_05.log", "ProactiveInputPredictions.log", "MAAutoAsset_Locker_History_01.log", "BDC_OBC_version2.8_2024-09-14_13:32:02.csv", "SiriTextToSpeech.log", "sharedFolders.csv", "microstackshots_errors.txt", "apfs_stats.txt", "fileproviderctl_task_failures.txt", "spindump_nosym_errors.txt", "DeviceInfo.xml", "LowLatencyTxCompRing", "MAAutoAsset_Filesystem_History_05.log", "AppleFirmwareUpdate.tbd", "netstat-PRE.txt", "MCNearbyServiceAdvertiser.h", "BDC_Once_version2.8_2024-09-13_17:49:16.csv", "afktool_stderr.txt", "com.apple.camera_CurrentUser.txt", "mobile_installation_helper.log.0", "model_catalog_dump.txt", "WindowServerHangs.log", "BatteryBDC.log", "astro.log", "MAAutoAsset_Scheduler_History_08.log", "parsecd.log", "MAAutoAsset_Filesystem_History_02.log", "copySpringBoardStateDump.log", "Accounts.log", "SUInfo.log", "find.codes", "zprofile", "SoC_Registers.xml", "CodeResources", "WatchConnectivity.log", "InterfaceState_prox.txt", "MobileSlideShow.log", "vm_stat.txt", "en0_AllPeersVerbose_IO80211PeerManager.txt", "mail.rc", "MAAutoAsset_Secure_History_01.log", "BDC_SBC_version2.6_2024-09-02_20:27:16.csv", "man.conf", "x86_64-apple-ios-macabi.swiftinterface", "SystemVersion.log", "diskEncryption.csv", "wifi_status.txt", "FindMyDevice.log", "launchdaemons.txt", "preboot_archive_errors.log", "MAAutoAsset_Stager_History_03.log", "interfaceDetails.csv", "BDC_SBC_version2.8_2024-09-23_21:27:40.csv", "atcrtcomm.txt", "CacheDeletePurgeHistory.txt", "tailspin-info.txt", "NetworkInterfaces.rtf", "leaky_ap_stats.txt", "AUDeveloperSettings.log", "MAAutoAsset_Scheduler_History_03.log", "Admin.tbd", "awdl0_PrintState_IO80211AWDLPeerManager.txt", "ps.txt", "Sentry.log", "BDC_SBC_version2.6_2024-09-08_17:52:28.csv", "Burnin.log", "locate.rc", "oslog_archive_error.log", "AOSKit.tbd", "shells", "CoreState.txt", "crashes_and_spins.log", "UARP_Packet_Capture.log", "MAAutoAsset_Secure_History_07.log", "rc.common", "BDC_SBC_version2.8_2024-09-13_17:54:28.csv", "SUCoreSplunkHistory.log", "rpc", "codecctl_stderr.txt", "chromeExtensions.csv", "systemControls.csv", "header_checks", "ProtectedCloudStorage.log", "ThermalLogs.log", "SiriAnalytics.log", "MobileLockdown.log", "AGXMTLCompilerCrash.log", "BDC_SBC_version2.6_2024-09-03_11:48:00.csv", "[2024-09-29_22,12,56.815468]-Interface_Infrastructure_0-001.txt", "Resource_Exhaustion.log", "NSURLSession_logs.log", "SleepCycler.log", "ftpusers", "system.rtf", "ivars->fChannelSwitchDictionary[0].xml", "passwd", "com.apple.networkextension.cache.rtf", "smb.conf", "BDC_SBC_version2.6_2024-09-04_13:21:06.csv", "BDC_Daily_version2.8_2024-09-21_13:45:08.csv", "BDC_Daily_version2.8_2024-09-22_16:06:26.csv", "ForceResetTailspins.log", "CaptureSourceInfo_CurrentUser.txt", "spindump-meta-collection.log", "HIDCrashlogs.log", "master.cf.default", "MAAutoAsset_Stager_History_08.log", "rtadvd.conf", "MAAutoAsset_Stager_History_01.log", "sipConfig.csv", "HangTracerTailspins.log", "WiFi.log", "MapsSyncJournal.log", "launchD.csv", "usbDevices.csv", "generic", "BDC_OBC_version2.8_2024-09-18_23:12:12.csv", "UIPreferredContentSizeCategoryName_CurrentUser.txt", "lockdownd.log", "[2024-09-29_22,12,56.327440]-uartFirmwareLogs-001.txt", "AppSupport.log", "auto_home", "transparency-sysdiagnose_stderr.txt", "CommandAndControl.log", "AVConference.log", "SensorKit.log", "watchdogd_ddts.log", "ioreg_task_failures.txt", "BDC_SBC_version2.6_2024-09-13_16:26:54.csv", "BDC_OBC_version2.8_2024-09-14_00:28:48.csv", "csh.cshrc", "bluetooth_status.txt", "MAAutoAsset_Error_History_08.log", "MAAutoAsset_Filesystem_History_01.log", "CompanionSync.log", "MAAutoAsset_Error_History_00.log", "RecentHangTracerTailspins.log", "com.apple.networkextension.necp.rtf", "[2024-09-29_22,12,45.960131]-Interface_SoftAP_0-001.txt", "MAAutoAsset_Filesystem_History.txt", "MAAutoAsset_Error_History_04.log", "process_list.txt", "CoreCaptureBT.log", "MAAutoAsset_Filesystem_History_06.log", "971A5878D635EB8B262FF791353234.rtf", "afpovertcp.cfg", "sysdiagnose.log", "main.cf.default", "pf.os", "MultipeerConnectivity.tbd", "ifconfig.txt", "NanoPreferencesSync.log", "MAAutoAsset_Secure_History_03.log", "capture.rtf", "AirPodPowerMetrics.log", "com.apple.networkextension.uuidcache.rtf", "MCNearbyServiceBrowser.h", "wifi_logarchive.log", "BDC_SmartCharging_version2.6_2024-09-04_13:19:02.csv", "MobileObliteration.log", "HCI.log", "version", "zshrc_Apple_Terminal", "battery.csv", "OTAUpdateLogs.log", "MAAutoAsset_Locker_History_07.log", "powerlogs.log", "asl.conf", "AppConduit.log", "MAAutoAsset_Scheduler_History_01.log", "arm64e-apple-ios-macabi.swiftinterface", "dbd_xsh.h", "custom-error.html", "caching.html", "kernel.csv", "BDC_SmartCharging_version2.6_2024-08-29_00:21:46.csv", "com.apple.MobileAsset_Global.txt", "MultipeerConnectivity.apinotes", "wifi_scan.txt", "hook_op_check.h", "ap1_AllPeersVerbose_IO80211PeerManager.txt", "CloudKitBookmarks.log", "NetManagerState.txt", "microstackshots.log", "BatteryHealth.log", "AppleLanguages_Global.txt", "MAAutoAsset_Scheduler_History_00.log", "tailspin-history.log", "SpaceAttributionTelemetry.log", "Panics.log", "newsyslog.conf", "BusState.txt", "avconferenced-embedded.log", "BDC_SBC_version2.6_2024-09-13_17:07:26.csv", "C1ACD227FD3CE992C115DD95BD2B42.rtf", "[2024-09-29_22,12,56.122877]-Interface_LowLatency_0-001.txt", "managedPolicies.csv", "debug-log.txt", "brctl.log", "MobileSlideShowPrivateData.log", "DarwinInit.log", "defaults-com.apple.iclouddrive.features.txt", "BDC_OBC_version2.6_2024-09-13_16:25:59.csv", "model_manager_dump.json", "defaults-com.apple.bird.txt", "BDC_SBC_version2.8_2024-09-23_19:56:36.csv", "unnamed_tasks.log", "com.apple.avfoundation_CurrentUser.txt", "BatteryIntelligence.log", "configuring.html", "kexts.txt", "MatchTailspins.log", "mount.txt", "MAAutoAsset_Secure_History_09.log", "History.txt", "CoreLocation.log", "MAAutoAsset_Error_History_09.log", "BDC_SmartCharging_version2.6_2024-09-04_12:00:20.csv", "network_status.txt", "MAAutoAsset_Atomic_History_08.log", "MAAutoAsset_Error_History_05.log", "CoreCapture.log", "MAAutoAsset_Atomic_History_06.log", "irbrc", "MAAutoAsset_Filesystem_History_07.log", "group", "Entity_2024-09-29 22:12:50.359_Blacklist.csv", "crashes.csv", "ttys", "ondemandd.log", "akd_dcrt_baa_response.txt", "mobile_installation.log.0", "MAAutoAsset_Atomic_History_02.log", "preferences.rtf", "time-sensitive-stackshot.log", "networks", "dbixs_rev.h", "BluetoothAccessory.log", "MAAutoAsset_Stager_History_07.log", "AppleTypeCRetimerLogs_task_failures.txt", "auto_master", "csh.login", "notify.conf", "BDC_SmartCharging_version2.6_2024-09-03_04:09:12.csv", "VideoProcessing.log", "akd_dcrt_baa_request.txt", "BridgeActivation 2.log", "MAAutoAsset_Secure_History.txt", "MCPeerID.h", "BDC_SBC_version2.6_2024-09-12_02:07:40.csv", "smcDiagnose.txt", "B730B951A932F5AE2648F478FDDA81.rtf", "convenience.map", "HomePodSetUp.log", "GEAvailability.log", "fsck.log", "etcHosts.csv", "tailspin-save-ts-collection.log", "launchagents.txt", "diagnostics-environment.txt", "MCSession.h", "main.cf", "itunesstored.log", "Recoverylogd.log", "MAAutoAsset_Error_History_06.log", "BUILDING", "MAAutoAsset_Atomic_History_09.log", "BDC_SBC_version2.8_2024-09-17_01:27:03.csv", "MAAutoAsset_Atomic_History.txt", "AppleLocale_Global.txt", "users.csv", "com.apple.wifi.syncable-networks.plist", "MAAutoAsset_Scheduler_History_05.log", "MAAutoAsset_Secure_History_05.log", "apfs_boot_mount.tbd", "AlishaLogs.log", "TetheredRestore.log", "jetsam_priority.txt", "BDC_Daily_version2.8_2024-09-13_17:49:14.csv", "remotectl_dumpstate.txt", "MAAutoAsset_Filesystem_History_00.log", "MCUCoreDumps.log", "BDC_SBC_version2.8_2024-09-22_05:55:57.csv", "Frametracer.log", "taskinfo_stderr.txt", "MCAdvertiserAssistant.h", "autofs.conf", "MAAutoAsset_Atomic_History_01.log", "rmdinspect_stderr.txt", "BDC_Once_version2.6_2024-08-29_00:19:16.csv", "taskSummary.csv", "FaultReportState.txt", "module.modulemap", "master.cf", "InterfaceState_apsta.txt", "AppleLocale_CurrentUser.txt", "2B553D16843D7B9CD7A4504A96CF2F.rtf", "UnifiedAsset.log", "awdl0_AllPeersVerbose_IO80211AWDLPeerManager.txt", "MAAutoAsset_Scheduler_History_09.log", "E7B80B551D34E4BCDBC1E47D6AB627.rtf", "Accessibility_Preferences.txt", "diagnostic_summary.log", "MAAutoAsset_Locker_History_02.log", "user_launchagents.txt", "postfix-files", "awdl_status.txt", "BridgeActivation.log", "BluetoothCoreDump.log", "MobileInstallation.log", "MAAutoAsset_Error_History_02.log", "AirPlayReceiver.tbd", "Splat_Versioning.log", "night-shift.log", "BDC_OBC_version2.8_2024-09-13_23:35:57.csv", "MAAutoAsset_Scheduler_History.txt", "fileproviderctl.log", "MAAutoAsset_Atomic_History_03.log", "MAAutoAsset_Scheduler_History_04.log", "BDC_Daily_version2.6_2024-09-04_12:00:11.csv", "fileproviderctl_stderr.txt", "CommanderState.txt", "Keyboard_Preferences.txt", "BDC_SBC_version2.8_2024-09-24_19:36:33.csv", "BDC_SBC_version2.6_2024-09-13_02:10:48.csv", "CalendarPreferences.log", "acLog.plist", "BDC_SBC_version2.8_2024-09-14_01:16:12.csv", "tailspin-info-ts.log", "BDC_Daily_version2.6_2024-08-29_00:19:16.csv", "arm64e-apple-macos.swiftinterface", "MediaserverdBlockageTailspins.log", "MAAutoAsset_Stager_History_00.log", "nfs.conf", "security-sysdiagnose.txt", "keyboard_cache.log", "main.cf.proto", "MobileStoreDemo.log", "ckksctl_status.txt", "Proximity.log", "[2024-09-29_22,12,45.966405]-LQMLogging-001.txt", "pf.conf", "MAAutoAsset_Locker_History_04.log", "ivars->fChannelSwitchDictionary[1].xml", "netstat-POST.txt", "bashrc", "OTA.log", "coreaudio_reporting.log", "DE90FBA8603371B106DDEC727E696D.rtf", "com.apple.coremedia_CurrentUser.txt", "JoinManagerState.txt", "bounce.cf.default", "asptool_snapshot_timesensitive.log", "MobileKeybagLogs.log", "MobileAssetHistory.log", "mobileactivationd.log.0", "custom_header_checks", "wifi_datapath-PRE.txt", "3bars.txt", "Accessibility.log", "hpmDiagnose.txt", "MAAutoAsset_Filesystem_History_03.log", "dbivport.h", "InterfaceState_llw.txt", "interfaceAddrs.csv", "coremediacapture-afdebug.log", "RunningBoard.log", "kern_loader.conf", "SplunkHistory.log", "FDR.log", "profile", "tzDataVersion.log", "security_status.txt", "stackshots.log", "MAAutoAsset_Locker_History_00.log", "LocalAuthentication.tbd", "MAAutoAsset_Locker_History_08.log", "SocialLayerPlist.log", "diagnostics-connectivity.txt", "MAAutoAsset_Error_History.txt", "sudo_lecture", "[2024-09-29_22,12,56.477273]-AppleBCMWLAN_Logs-001.txt", "makedefs.out", "access", "ACLogs.log", "com.apple.wifi.syncable-networks.legacy.plist", "MobileBackup.log", "MAAutoAsset_Atomic_History_04.log", "MAAutoAsset_Stager_History_02.log", "MAAutoAsset_Scheduler_History_06.log", "fileproviderctl_check.log", "MAAutoAsset_Secure_History_06.log", "atcrtcomm.log", "cts.log", "relocated", "command_args.json", "Buddy.log", "LaunchServices.log", "com.apple.screensharing.agent.launchd", "syslog.log", "BDC_OBC_version2.6_2024-08-29_00:19:14.csv", "MAAutoAsset_Locker_History_09.log", "BDC_SBC_version2.8_2024-09-18_03:20:38.csv", "bind.html", "systemInfo.csv", "NetworkRelay.log", "MAAutoAsset_Stager_History_04.log", "disks.txt", "Contacts.log", "com.apple.networkextension.control.rtf", "aliases", "[2024-09-29_22,12,56.591747]-Interface_AirLink_0-001.txt", "master.cf.proto", "BDC_SmartCharging_version2.6_2024-09-03_00:11:44.csv", "lber.h", "CMCaptureTailspins.log", "virtual", "BDC_SBC_version2.8_2024-09-13_17:49:18.csv", "rc.netboot", "mobile_installation.log.1", "BDC_SBC_version2.8_2024-09-14_00:28:50.csv", "StoreServices.log", "MultipeerConnectivity.h", "diagnose-errors.log", "ntp_opendirectory.conf", "ModelCatalog_task_failures.txt", "TLS_LICENSE", "FDRDiagnosticReport.plist", "MAAutoAsset_Locker_History_06.log", "Mobile_Demo.log", "AddFileList.txt", "zshrc", "ConfigManagerState.txt", "GenerativeExperiences.log", "manpaths", "594CB14E19331E8CFB5365144D46C4.rtf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "DragonForce Malaysia Hacker Group" ], "malware_families": [ "", "Lastname", "Firstname" ], "industries": [], "unique_indicators": 23390 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/mobile.storage", "whois": "http://whois.domaintools.com/mobile.storage", "domain": "mobile.storage", "hostname": "com.apple.mobile.storage" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 5, "pulses": [ { "id": "69e9cd25393e970647c8678e", "name": "[Jane\u2019s Apple iPhone 12 is claimed dead] Credit by ravescoutllc [clone]", "description": "", "modified": "2026-05-24T03:39:11.660000", "created": "2026-04-23T07:41:25.872000", "tags": [ "idle", "deferred", "important", "unknown", "dock", "uisupport", "freezer", "fgsupport", "audio", "driverkit", "runner", "critical", "s0x0180", "s0x01a1", "s0x01a4", "c0x03", "s0x0401", "s0x0402", "s0x0507", "s0x0524", "s0x052a", "s0x060b", "networkappid", "user uid", "prsna pid", "ppid f", "mem pri", "ni vsz", "rss wchan", "tt stat", "started time", "command root", "memgraph", "path to", "dump file", "csstore viewer", "night shift", "status", "daystarthour", "daystartminute", "nightstarthour", "version", "sunsetsunrise", "mach virtual", "memory", "devdisk1s1", "privatevar", "calls", "number", "file defrag", "metadata", "write", "object cache", "fx defrag", "vnopallocate", "vnopblktooff", "vnopblockmap", "meta", "stats", "ckkstlkshare", "cliquestatusin", "sha256", "autounlock", "home", "backstop", "passwords", "applepay", "manatee", "wifi", "a w0", "device", "shared ipad", "appleaopinput", "code0", "userinfo", "fpck", "completed", "current network", "ipv6", "awdl", "security", "legacy wifi", "ipv4", "count", "interval", "timestamp name", "open", "nonpsc", "active", "not associated", "noop", "interface", "scan results", "duration result", "description", "congested wifi", "channel", "current channel", "ht40", "networks", "i en0", "paired", "connected", "status power", "mac address", "f5 discoverable", "scanning", "onetouch tb1x", "address", "airport sync", "airport network", "rave scout", "salman", "scout iphone", "guest agrp", "guest mdat", "items", "begin", "begin wifi", "end wifi", "collect", "dump", "end corecapture", "logs", "begin device", "end device", "method", "supported", "status mac", "op mode", "bssid", "tx rate", "mbps security", "phy mode", "mcs index", "guard period", "errors summary", "report guard", "scan psf", "period ranges", "aw errors", "summary", "ap stats", "ap status", "period", "status primary", "wwan", "disabled awdl", "status ipv6", "mode", "off awdl", "auto", "discovery", "disabled", "could", "cfnetwork", "dns server", "ping lan", "resolve dns", "ping wan", "rbentitlements", "osservice", "background", "invalidate", "xpcservice", "rbstagattribute", "rbassertion", "transientstate", "7529", "8030", "keepalive", "4372", "5760", "8181", "10058", "lockscreen", "test", "trace", "9872", "ckavmediaobject", "iiolaunchinfo", "ckmediaobject", "mxvolumelimiton", "swqwerty", "swemoji", "height", "width", "name", "pixelformattype", "index", "isobase", "sensorheight", "sensorwidth", "aemaxgain", "sensorcropwidth", "formats", "flash", "default filters", "candidate", "enforcing size", "limit", "mb on", "added", "done enforcing", "size limit", "file", "filters", "max size", "duplicate file", "file past", "beginswith", "endswith", "longhang", "excresource", "analytics", "predicate", "predicate not", "matches", "not self", "contains", "e5a2a", "ca156", "dc789", "b1a67", "e7e17", "e2175", "c63d2", "c453c", "cd7d4", "e0fe6", "plist", "dict", "integer", "doctype", "public", "appledtd plist", "ckperboottasks", "array", "ckstartuptime", "optimizestorage", "recorder", "player", "editor", "citymd", "manager", "student", "cleaner", "booster", "smart", "languages", "applelocale" ], "references": [ "jetsam_priority.txt", "tailspin-info.txt", "ps.txt", "oslog_archive_error.log", "README.txt", "night-shift.log", "vm_stat.txt", "mount.txt", "apfs_stats.txt", "ckksctl_status.txt", "ioreg_task_failures.txt", "transparency-sysdiagnose_stderr.txt", "fileproviderctl_task_failures.txt", "spindump_stderr.txt", "taskinfo_stderr.txt", "rmdinspect_stderr.txt", "ModelCatalog_task_failures.txt", "afktool_stderr.txt", "jetsam_priority_stderr.txt", "microstackshots_errors.txt", "AppleTypeCRetimerLogs_task_failures.txt", "ioreg_stderr.txt", "spindump_nosym_errors.txt", "codecctl_stderr.txt", "srsupporttool_stderr.txt", "fileproviderctl_stderr.txt", "suggest_tool_stderr.txt", "mobilewifitool.txt", "com.apple.wifi.syncable-networks.legacy.plist", "diagnostics-configuration.txt", "wifi_scan_cache.txt", "wifi_datapath-PRE.txt", "3bars.txt", "diagnostics-environment.txt", "arp.txt", "netstat-POST.txt", "bluetooth_status.txt", "security.txt", "debug-log.txt", "wifi_status.txt", "netstat-PRE.txt", "leaky_ap_stats.txt", "wifi_datapath-POST.txt", "wifi_logarchive.log", "com.apple.wifi.recent-networks.json", "network_status.txt", "com.apple.wifi.syncable-networks.plist", "ifconfig.txt", "awdl_status.txt", "wifi_scan.txt", "diagnostics-connectivity.txt", "BASEBAND_TS_TRIGGER.log", "Accounts.log", "CoreCapture.log", "appinstallation.log", "FindMyDevice.log", "AlishaLogs.log", "atcrtcomm.log", "Accessibility.log", "CMCaptureTailspins.log", "NanoPreferencesSync.log", "MCUCoreDumps.log", "AppSupport.log", "RecentHangTracerTailspins.log", "DataMigration.log", "BatteryUIPlist.log", "BatteryHealth.log", "UARPEndpointPacketCaptures.log", "time-sensitive-stackshot.log", "OTAUpdateLogs.log", "MobileKeybagLogs.log", "cts.log", "SensorKit.log", "CacheDeleteHistory.log", "CloudKitBookmarks.log", "MobileBackup.log", "AccessibilityPrefs.log", "WatchConnectivity.log", "Frametracer.log", "LogStreamFilter.log", "Panics.log", "OSEligibility.log", "process_proxied_device_logs.log", "Harmony.log", "CalendarPreferences.log", "Sentry.log", "MediaserverdBlockageTailspins.log", "MobileStoreDemo.log", "coremediacapture-afdebug.log", "CoreCaptureBT.log", "crashes_and_spins.log", "StoreServices.log", "itunesstored.log", "brctl.log", "CommandAndControl.log", "NanoRegistry.log", "DarwinInit.log", "MobileLockdown.log", "ProactiveInputPredictions.log", "tailspin-save-ts-collection.log", "SiriAnalytics.log", "usermanagerd_logs.log", "GenerativeExperiences.log", "Contacts.log", "astro.log", "stackshots.log", "NetworkRelay.log", "Siri.log", "MatchTailspins.log", "SpaceAttributionTelemetry.log", "olddsc.log", "ondemandd.log", "ACLogs.log", "SocialLayerPlist.log", "BridgeActivation.log", "SleepCycler.log", "OTA.log", "unnamed_tasks.log", "fsck.log", "tailspin-info-ts.log", "AVConference.log", "MCState.log", "RunningBoard.log", "ATVUpdateLog.log", "AirPodPowerMetrics.log", "MailErrorConditions.log", "hidfw-crashlogs.log", "CoreLocation.log", "SiriTextToSpeech.log", "AUDeveloperSettings.log", "Preferences.log", "ForceResetTailspins.log", "UnifiedAsset.log", "MapsSyncJournal.log", "Burnin.log", "MSU.log", "BluetoothAccessory.log", "VideoProcessing.log", "HIDCrashlogs.log", "Proximity.log", "BridgeActivation 2.log", "MobileAssetHistory.log", "Resource_Exhaustion.log", "avconferenced-embedded.log", "watchdog.log", "LaunchServices.log", "powerlogs.log", "MobileInstallation.log", "SUInfo.log", "spindump-meta-collection.log", "LivabilityApp.log", "syslog.log", "BatteryIntelligence.log", "keyboard_cache.log", "Splat_Versioning.log", "CompanionSync.log", "Personalization.log", "Buddy.log", "TetheredRestore.log", "BTPHY.log", "MemoryExceptions.log", "BluetoothCoreDump.log", "copySpringBoardStateDump.log", "diagnostic_summary.log", "SplunkHistory.log", "ThermalLogs.log", "Mobile_Demo.log", "BridgeReporting.log", "TimezoneDB.log", "AppConduit.log", "microstackshots.log", "SystemVersion.log", "watchdogd_ddts.log", "NSURLSession_logs.log", "MobileActivation.log", "tailspin-history.log", "MobileSlideShow.log", "AFK.log", "MobileSlideShowPrivateData.log", "demod.log", "HangTracerTailspins.log", "Networking.log", "AGXMTLCompilerCrash.log", "ASPSnapshots.log", "BatteryBDC.log", "Trial.log", "ProtectedCloudStorage.log", "MobileObliteration.log", "HCI.log", "UARP_Packet_Capture.log", "launchdLogs.log", "coreaudio_reporting.log", "WiFi.log", "FDR.log", "WindowServerHangs.log", "HomePodSetUp.log", "Recoverylogd.log", "parsecd.log", "diagnose-errors.log", "defaults-com.apple.bird.txt", "defaults-com.apple.iclouddrive.features.txt", "brctl-container-list.txt", "AppleLanguages_Global.txt", "com.apple.avfoundation_CurrentUser.txt", "subscribedAssets_CurrentUser.txt", "com.apple.coreaudio_CurrentUser.txt", "Accessibility_Preferences.txt", "com.apple.MobileAsset_Global.txt", "ScreenTimeEnabled_CurrentUser.txt", "UIPreferredContentSizeCategoryName_CurrentUser.txt", "AppleLocale_CurrentUser.txt", "AppleLocale_Global.txt", "com.apple.coremedia_CurrentUser.txt", "Keyboard_Preferences.txt", "AppleLanguages_CurrentUser.txt", "com.apple.camera_CurrentUser.txt", "CaptureSourceInfo_CurrentUser.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "67068646eec25524c2446ece", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 98, "FileHash-SHA1": 12, "URL": 69, "domain": 29, "hostname": 68, "FileHash-MD5": 11, "email": 1, "BitcoinAddress": 2, "IPv4": 2 }, "indicator_count": 292, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67f5555b6ce863d998e83e26", "name": "macOS Threat Infrastructure Leveraging Remote Agents via remotewd.com and rtmsprod.net", "description": "This pulse identifies an actively observed macOS-focused remote access infrastructure abusing trusted native Apple agents (ARDAgent.app, SSMenuAgent.app) and communicating with a distributed network of C2-like endpoints under domains such as remotewd.com, idsremoteurlconnectionagent.app, and rtmsprod.net.\n\nThe infrastructure is composed of dynamically generated subdomains \u2014 many in the form of device-.remotewd.com \u2014 indicative of automated deployment, system tracking, or per-host remote access configurations.\n\nAdditional indicators include HTTP/S URLs pointing directly to embedded binary paths within macOS agents, suggesting possible delivery vectors, staging, or persistence techniques.\n\nThis campaign shows signs of structured, programmatic targeting and is highly likely to be pre-operational infrastructure for wide-scale surveillance or access operations. All listed indicators should be considered high-risk. If observed in your environment, initiate a full forensic and IR process immediately.", "modified": "2025-05-11T19:03:59.885000", "created": "2025-04-08T16:56:59.641000", "tags": [ "generated from", "do not", "edit uri", "urls", "edit", "rewriteengine", "rewritecond", "rewriterule", "r301", "xml2encalias", "beralloct", "berbvarrayadd", "berbvarrayfree", "berbvdup", "berbvecadd", "berbvecfree", "berbvfree", "berdump", "berdup", "berdupbv", "laerrordomain", "laerrornoncekey", "lamechanismtree", "lacontext", "ladomainstate", "laenvironment", "lanotification", "laprivatekey", "lapublickey", "laright", "apple swift", "o librarylevel", "combine import", "foundation", "swift import", "mcpeerid", "mcsession", "property", "copyright", "protocol", "class", "bonjour", "ascii lowercase", "abc company", "section", "bonjour txt", "note", "ui element", "utf8 encoding", "nscopying", "nsdictionary", "nsstring", "mcextern", "attribute", "mcextern extern", "mcexternweak", "nsenum", "nsinteger", "mcerrorcode", "mcerrorunknown", "mcerrortimedout", "peer", "example", "bonjour apis", "stop", "tags", "session", "nsprogress", "nserror", "nsurl", "nsarray", "create", "nsuinteger", "notifies", "mcsession api", "interface", "dbictrace", "dbivporth", "dbictracelevel", "dbdtffoo", "dbihseterrchar", "dbicstate", "dbictraceflags", "provides macros", "dbi release", "only", "sqlsuccess", "odbc", "sqlok", "tim bunce", "england", "sql cli", "sql datatype", "sqlguid", "sqlwlongvarchar", "main", "beware", "sv sth", "sv dbh", "impsth", "impdbh", "sv keysv", "sv params", "sv attr", "sv attribs", "sv drh", "void", "fri jul", "mixed", "dbixsrevision", "plsvundef", "license", "spagain", "perlioprintf", "dbiclogpio", "putback", "ireland", "gnu general", "super", "magic", "dbicflags", "dbis", "svrv", "null", "imp2com", "dbicactivekids", "dbicfiadestroy", "sv h", "dbicdbistate", "code", "copy", "refer", "trace", "error", "unknown", "hookopcheckh", "startexternc", "hookopcheckcb", "userdata", "endexternc", "isinternalbuild", "kickmcxdforuid", "loadappkit", "ardconfig", "authenticator", "dsauthenticator", "dsnode", "dsrecord", "group", "hostconfig", "apfsvolumelock", "apfsvolumerole", "aoskgetosinfo", "aoskgetuserinfo", "aosaddappleid", "aosdisablepcs", "aosenablepcs", "aoslog", "aoslogforce", "aosrelaycookie", "didfailcallback", "kaosaccountkey", "kapcsbundle", "kapcspath", "kjsonextension", "apcsbucketid", "apcsreports", "apconfiguration", "apversiondata", "apversionhelper", "systemvolumesvm", "name size", "identifier", "gb disk0s3", "devdisk3", "apfs container", "scheme", "physical store", "macintosh hd", "apfs snapshot", "preboot", "refs address", "size wired", "name", "version", "uuid", "linked against", "renderer", "helper", "chrome helper", "contains", "cloud ui", "macintosh", "khtml", "gecko", "ui helper", "plugin", "service", "good", "battery power", "apfs encryption", "jumpcloud go", "chrome web", "store", "privacy badger", "flowcrypt", "encrypt gmail", "simple", "google", "b2b phone", "number", "apollo", "future", "exccrash", "sigkill", "code signature", "invalid", "sigabrt", "protonvpn", "excguard", "excbreakpoint", "sigtrap", "excbadaccess", "appl", "english", "adobe crash", "adobe", "acrobat dcadobe", "processor", "uninstaller", "assistant", "install", "cloud", "dock", "calendar", "music", "terminal", "tips", "installer", "updater", "proton", "tools", "stub", "python", "clock", "powershell", "team", "rave scout", "cookies", "public folder", "key cert", "sign", "crl sign", "root ca", "authority", "public primary", "global root", "verisign", "academic", "premium", "adaptive", "interactive", "background", "standard", "launchd sandbox", "s mdworker", "agent", "command line", "progress", "yubico", "macos13action", "disableoverride", "disableairdrop", "denyactivation", "enable", "loginwindowtext", "jumpcloud", "autoupdate", "loggingoption", "enablefirewall", "arm64e", "apple m2", "mac142", "kjqqtw7pqt", "daemon", "server", "open directory", "user", "account", "kerberos admin", "kerberos change", "device daemon", "network", "desktop", "screensaver", "bridge", "aesxtsarm", "aesecbarm", "sha512vngarmhw", "sha384vngarmhw", "sha256vngarm", "sha1vngarm", "darwin kernel", "wed mar", "wkarraycreate", "wkbooleancreate", "wkcontextcreate", "wkdatacreate", "wkdatagettypeid", "wkdoublecreate", "wkframecopyurl", "wkgettypeid", "wkimagecreate", "wkpagecandelete", "webview", "notice", "this software", "including", "but not", "limited to", "redistribution", "is provided", "by apple", "direct", "damage", "apiavailable", "webkit", "nsswiftname", "document", "a block", "as is", "hasinclude", "wkdownload", "abstract", "wkerrorcode", "wkerrorunknown", "discussion", "bool", "whether", "wkcontentworld", "wkwebview", "javascript", "nsunavailable", "vaargs", "nsswiftasync", "wkswiftasync", "wkcookiepolicy", "wkswiftuiactor", "nshttpcookie", "targetosiphone", "wknavigation", "decides", "boolean value", "apideprecated", "methodkind", "wkerrordomain", "wkscriptmessage", "promise", "fulfill", "const", "url scheme", "mark", "wkuserscript", "targetosvision", "param", "wkframeinfo", "targetosios", "pass", "window", "mime type", "link", "nsimage", "returns", "nsset", "checks", "matches", "a boolean", "defaults", "wkwebextension", "cgsize", "uiimage", "apis", "nsdate", "wkcontentmode", "wkextern", "possible", "cgfloat", "media", "cgrect", "apiunavailable", "framework", "nsswiftuiactor", "targetoswatch", "confirms", "apple upgrade", "nsstring user", "nsobject", "provider", "apple", "password", "uicontrol", "nscontrol", "asuseragerange", "check", "opaque user", "apple id", "initiate", "asauthorization", "operation", "state", "nserrorenum", "nsdata", "relying party", "asapiavailable", "perform", "realm", "http response", "authorization", "http", "oauth", "saml", "a byte", "nsdata userid", "relying", "a string", "nsdata readdata", "bool didwrite", "a cose", "nsdata first", "nsdata second", "nsstring name", "bool appid", "targetosxr", "nsstring appid", "bluetooth", "mdm profile", "nsurl url", "returns yes", "a state", "a json", "web token", "private seckeys", "enables", "keychain", "asswiftsendable", "cose algorithm", "ecdsa", "sha256", "cose curve", "p256", "nullable", "bool success", "remove", "call", "complete", "initializes", "time code", "extensions", "asextern extern", "asextern", "nsswiftsendable", "prepare", "list", "nsextension", "attempt", "nsstring label", "creates", "nsstring code", "a key", "webauthn", "nssecurecoding", "input", "output", "initialize", "nsinteger rank", "json", "inputs", "hash", "nsstring origin", "settings app", "extension", "https urls", "safari", "cancel", "nsuuid uuid", "r uftpexu", "nsmutabledata", "vnsdate", "mprcjy", "postfix", "domain", "canonical", "tables", "ldap", "post", "replace user", "address", "wietse venema", "bugs", "mail", "aliases", "postfix version", "restrict", "sample", "person", "basic system", "general", "reject empty", "postfix smtp", "ipv6 host", "reject", "reply", "access", "prior", "hold", "info", "mail delivery", "charset", "system", "report", "postfix dsn", "mail returned", "this", "generic", "smtp", "isp mail", "mime", "headerchecks", "readme files", "filters while", "posix", "empty", "body", "write", "date", "smtp server", "specify", "mx host", "unix password", "user unknown", "pathbin", "postfix queue", "unix", "cyrus", "path", "uucp", "shell", "local", "program", "agreement", "contributor", "recipient", "contribution", "the program", "corporation", "contributors", "product x", "as expressly", "arch", "arch x8664", "pipe wall", "wimplicit", "ranlib", "warn", "switch", "start", "systype", "outlook", "postfix master", "begin", "server admin", "mail backend", "modern smtp", "iana", "many", "postfix pipe", "recent cyrus", "amos gouaux", "old example", "or even", "lutz jaenicke", "technology", "cottbus", "germany", "openssl package", "openssl project", "europe", "remember that", "use of", "file", "update", "usrsbin", "file format", "no group", "daemondirectory", "deliver mail", "transport", "description", "result format", "virtual", "virtual alias", "redirect mail", "relocated", "matches user", "synopsis", "lastname", "firstname", "apple computer", "tcpip", "supported", "quantum", "facility", "level", "level info", "broadcast", "ignore", "rules", "sender", "automounter map", "use directory", "get home", "home autohome", "true", "t option", "mount", "force", "environment", "automountdenv", "promptcommand", "shellsessiondir", "histfile", "histfilesize", "myvar", "histtimeformat", "arrange", "bashrematch", "tell", "ps1h", "make bash", "s checkwinsize", "etcbashrc", "termprogram", "inpck", "nnnbaud", "berkeley", "parity", "pc entry", "pass8", "parenb istrip", "fixed speed", "entry", "clocal mode", "maxhistsize", "promptmode", "verbose end", "etcirbrcloaded", "default", "setup", "history file", "kernel", "readline", "jabber", "group database", "dovecot", "postfix scsd", "networkd", "searchpaths", "freebsd", "tmpdir", "fcodes", "prunepaths", "vartmp", "prunedirs", "filesystems", "nroff", "manpath", "uncomment", "manpager", "whatispager", "manlocale", "every", "manpath optman", "maybe", "troff", "status mailfrom", "returnpath via", "pidfile", "flags", "bcgjnuwz", "bin usrsbin", "sbin", "default pf", "care", "audio", "user database", "unix copy", "gate daemon", "bashno", "r etcbashrc", "rfc1323", "m1460", "macos x", "signature", "linux", "opera", "xp sp1", "windows sp1", "nmap syn", "m265", "synack", "mind", "macos", "warp", "ipv6", "internet", "icmp", "cisco", "monitoring", "argus", "chaos", "rsvp", "encapsulation", "aris", "isis", "netbootmount", "netbootshadow", "computername", "localonly", "localnetbootdir", "netboot", "define", "purpose", "networkonly", "waiting", "networkup", "term", "devnull", "common setup", "configure", "set command", "dns hostname", "dns query", "see also", "kame", "sunnet manager", "rpcsrc", "netlicense", "ftpd", "bindash binksh", "binsh bintcsh", "jumpcloud ldap", "smb2", "security", "workgroup", "standalone", "samba server", "enforce", "smb3", "example share", "improper use", "ctrlc", "none", "fax reception", "hardwired", "0007", "must", "visudo", "blocksize", "charset lang", "language lcall", "lines columns", "lscolors", "sshauthsock", "orion", "setup user", "home", "zdotdir", "delete", "beep", "vendor", "kf10", "kf11", "kf12", "kf13", "backspace", "insert", "resume", "termsessionid", "savehist", "sharehistory", "h do", "volume", "de l", "l uuid", "m tra", "n est", "suuid", "prfen", "fusion", "syst", "look", "executant", "alla", "over", "test", "overie", "zapis", "rapid", "disco usa", "de macos", "nie s", "i denne", "adgjmpsvx", "diskgthis disk", "01k8x j", "34disk", "levy kytt", "dict", "array", "plist", "apple root", "code signing", "inode64r", "xofkoxzh", "integer", "doctype", "brain", "abcd", "ogwo", "boaw", "cobwa", "uhawavauatsh", "ip bitmap", "foewdc", "could", "ip block", "funcs", "cogwo", "trash", "double", "hunt", "affa", "carr", "crypto", "docwbac", "q1b0", "q1 0", "h h5", "docwbag", "slice", "format", "zero", "alfa", "hera", "lelei", "hehe", "hisp", "fail", "katy", "zakk", "eodwcbgao", "hhk8di", "alma", "topo", "open", "huhk", "piper", "hehx", "eh ui", "h20hph", "hif h", "hmhhihqhyla hq", "r11b0", "target", "uus10u", "hifh", "loghookfailed", "loghook", "hell", "q1b 0", "f duh", "aqw1", "1160" ], "references": [ "index.html.en", "bind.html", "caching.html", "BUILDING", "configuring.html", "content-negotiation.html", "custom-error.html", "convenience.map", "LDAP.tbd", "lber.h", "ldap.h", "LocalAuthentication.tbd", "arm64e-apple-macos.swiftinterface", "x86_64-apple-ios-macabi.swiftinterface", "arm64e-apple-ios-macabi.swiftinterface", "x86_64-apple-macos.swiftinterface", "MultipeerConnectivity.tbd", "module.modulemap", "MCNearbyServiceAdvertiser.h", "MCPeerID.h", "MCError.h", "MCNearbyServiceBrowser.h", "MCAdvertiserAssistant.h", "MultipeerConnectivity.apinotes", "MultipeerConnectivity.h", "MCSession.h", "MCBrowserViewController.h", "dbivport.h", "dbi_sql.h", "dbd_xsh.h", "dbixs_rev.h", "Driver_xst.h", "DBIXS.h", "hook_op_check.h", "Admin.tbd", "AirPlayReceiver.tbd", "apfs_boot_mount.tbd", "AOSKit.tbd", "APConfigurationSystem.tbd", "AppleFirmwareUpdate.tbd", "launchdaemons.txt", "preboot_archive_errors.log", "mounts.txt", "launchagents.txt", "disk_structure.txt", "user_launchagents.txt", "security_status.txt", "kexts.txt", "process_list.txt", "battery.csv", "diskEncryption.csv", "chromeExtensions.csv", "crashes.csv", "interfaceAddrs.csv", "kernel.csv", "interfaceDetails.csv", "etcHosts.csv", "applications.csv", "mounts.csv", "sharedFolders.csv", "certificates.csv", "sharingPreferences.csv", "launchD.csv", "usbDevices.csv", "managedPolicies.csv", "systemInfo.csv", "users.csv", "sipConfig.csv", "systemControls.csv", "canonical", "aliases", "custom_header_checks", "access", "bounce.cf.default", "generic", "header_checks", "main.cf.default", "LICENSE", "makedefs.out", "main.cf", "master.cf.default", "main.cf.proto", "master.cf.proto", "master.cf", "TLS_LICENSE", "postfix-files", "transport", "virtual", "relocated", "afpovertcp.cfg", "asl.conf", "auto_home", "auto_master", "autofs.conf", "bashrc_Apple_Terminal", "com.apple.screensharing.agent.launchd", "bashrc", "command_args.json", "csh.cshrc", "csh.login", "find.codes", "csh.logout", "ftpusers", "gettytab", "irbrc", "kern_loader.conf", "group", "locate.rc", "man.conf", "mail.rc", "manpaths", "networks", "nfs.conf", "newsyslog.conf", "ntp_opendirectory.conf", "ntp.conf", "notify.conf", "paths", "pf.conf", "passwd", "profile", "pf.os", "protocols", "rc.netboot", "rc.common", "rmtab", "resolv.conf", "rtadvd.conf", "rpc", "shells", "smb.conf", "sudo_lecture", "ttys", "syslog.conf", "xtab", "sudoers", "zprofile", "zshrc", "zshrc_Apple_Terminal", "CodeResources", "version.plist", "Info.plist" ], "public": 1, "adversary": "DragonForce Malaysia Hacker Group", "targeted_countries": [], "malware_families": [ { "id": "Lastname", "display_name": "Lastname", "target": null }, { "id": "Firstname", "display_name": "Firstname", "target": null } ], "attack_ids": [ { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 66, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ilyailya", "id": "298851", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4449, "domain": 3847, "URL": 14263, "FileHash-SHA256": 2356, "FileHash-MD5": 223, "FileHash-SHA1": 523, "email": 223, "CVE": 40, "CIDR": 12, "SSLCertFingerprint": 302 }, "indicator_count": 26238, "is_author": false, "is_subscribing": null, "subscriber_count": 37, "modified_text": "385 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67068646eec25524c2446ece", "name": "Jane\u2019s Apple iPhone 12 is claimed dead", "description": "", "modified": "2024-11-08T13:04:19.590000", "created": "2024-10-09T13:33:58.463000", "tags": [ "idle", "deferred", "important", "unknown", "dock", "uisupport", "freezer", "fgsupport", "audio", "driverkit", "runner", "critical", "s0x0180", "s0x01a1", "s0x01a4", "c0x03", "s0x0401", "s0x0402", "s0x0507", "s0x0524", "s0x052a", "s0x060b", "networkappid", "user uid", "prsna pid", "ppid f", "mem pri", "ni vsz", "rss wchan", "tt stat", "started time", "command root", "memgraph", "path to", "dump file", "csstore viewer", "night shift", "status", "daystarthour", "daystartminute", "nightstarthour", "version", "sunsetsunrise", "mach virtual", "memory", "devdisk1s1", "privatevar", "calls", "number", "file defrag", "metadata", "write", "object cache", "fx defrag", "vnopallocate", "vnopblktooff", "vnopblockmap", "meta", "stats", "ckkstlkshare", "cliquestatusin", "sha256", "autounlock", "home", "backstop", "passwords", "applepay", "manatee", "wifi", "a w0", "device", "shared ipad", "appleaopinput", "code0", "userinfo", "fpck", "completed", "current network", "ipv6", "awdl", "security", "legacy wifi", "ipv4", "count", "interval", "timestamp name", "open", "nonpsc", "active", "not associated", "noop", "interface", "scan results", "duration result", "description", "congested wifi", "channel", "current channel", "ht40", "networks", "i en0", "paired", "connected", "status power", "mac address", "f5 discoverable", "scanning", "onetouch tb1x", "address", "airport sync", "airport network", "rave scout", "salman", "scout iphone", "guest agrp", "guest mdat", "items", "begin", "begin wifi", "end wifi", "collect", "dump", "end corecapture", "logs", "begin device", "end device", "method", "supported", "status mac", "op mode", "bssid", "tx rate", "mbps security", "phy mode", "mcs index", "guard period", "errors summary", "report guard", "scan psf", "period ranges", "aw errors", "summary", "ap stats", "ap status", "period", "status primary", "wwan", "disabled awdl", "status ipv6", "mode", "off awdl", "auto", "discovery", "disabled", "could", "cfnetwork", "dns server", "ping lan", "resolve dns", "ping wan", "rbentitlements", "osservice", "background", "invalidate", "xpcservice", "rbstagattribute", "rbassertion", "transientstate", "7529", "8030", "keepalive", "4372", "5760", "8181", "10058", "lockscreen", "test", "trace", "9872", "ckavmediaobject", "iiolaunchinfo", "ckmediaobject", "mxvolumelimiton", "swqwerty", "swemoji", "height", "width", "name", "pixelformattype", "index", "isobase", "sensorheight", "sensorwidth", "aemaxgain", "sensorcropwidth", "formats", "flash", "default filters", "candidate", "enforcing size", "limit", "mb on", "added", "done enforcing", "size limit", "file", "filters", "max size", "duplicate file", "file past", "beginswith", "endswith", "longhang", "excresource", "analytics", "predicate", "predicate not", "matches", "not self", "contains", "e5a2a", "ca156", "dc789", "b1a67", "e7e17", "e2175", "c63d2", "c453c", "cd7d4", "e0fe6", "plist", "dict", "integer", "doctype", "public", "appledtd plist", "ckperboottasks", "array", "ckstartuptime", "optimizestorage", "recorder", "player", "editor", "citymd", "manager", "student", "cleaner", "booster", "smart", "languages", "applelocale" ], "references": [ "jetsam_priority.txt", "tailspin-info.txt", "ps.txt", "oslog_archive_error.log", "README.txt", "night-shift.log", "vm_stat.txt", "mount.txt", "apfs_stats.txt", "ckksctl_status.txt", "ioreg_task_failures.txt", "transparency-sysdiagnose_stderr.txt", "fileproviderctl_task_failures.txt", "spindump_stderr.txt", "taskinfo_stderr.txt", "rmdinspect_stderr.txt", "ModelCatalog_task_failures.txt", "afktool_stderr.txt", "jetsam_priority_stderr.txt", "microstackshots_errors.txt", "AppleTypeCRetimerLogs_task_failures.txt", "ioreg_stderr.txt", "spindump_nosym_errors.txt", "codecctl_stderr.txt", "srsupporttool_stderr.txt", "fileproviderctl_stderr.txt", "suggest_tool_stderr.txt", "mobilewifitool.txt", "com.apple.wifi.syncable-networks.legacy.plist", "diagnostics-configuration.txt", "wifi_scan_cache.txt", "wifi_datapath-PRE.txt", "3bars.txt", "diagnostics-environment.txt", "arp.txt", "netstat-POST.txt", "bluetooth_status.txt", "security.txt", "debug-log.txt", "wifi_status.txt", "netstat-PRE.txt", "leaky_ap_stats.txt", "wifi_datapath-POST.txt", "wifi_logarchive.log", "com.apple.wifi.recent-networks.json", "network_status.txt", "com.apple.wifi.syncable-networks.plist", "ifconfig.txt", "awdl_status.txt", "wifi_scan.txt", "diagnostics-connectivity.txt", "BASEBAND_TS_TRIGGER.log", "Accounts.log", "CoreCapture.log", "appinstallation.log", "FindMyDevice.log", "AlishaLogs.log", "atcrtcomm.log", "Accessibility.log", "CMCaptureTailspins.log", "NanoPreferencesSync.log", "MCUCoreDumps.log", "AppSupport.log", "RecentHangTracerTailspins.log", "DataMigration.log", "BatteryUIPlist.log", "BatteryHealth.log", "UARPEndpointPacketCaptures.log", "time-sensitive-stackshot.log", "OTAUpdateLogs.log", "MobileKeybagLogs.log", "cts.log", "SensorKit.log", "CacheDeleteHistory.log", "CloudKitBookmarks.log", "MobileBackup.log", "AccessibilityPrefs.log", "WatchConnectivity.log", "Frametracer.log", "LogStreamFilter.log", "Panics.log", "OSEligibility.log", "process_proxied_device_logs.log", "Harmony.log", "CalendarPreferences.log", "Sentry.log", "MediaserverdBlockageTailspins.log", "MobileStoreDemo.log", "coremediacapture-afdebug.log", "CoreCaptureBT.log", "crashes_and_spins.log", "StoreServices.log", "itunesstored.log", "brctl.log", "CommandAndControl.log", "NanoRegistry.log", "DarwinInit.log", "MobileLockdown.log", "ProactiveInputPredictions.log", "tailspin-save-ts-collection.log", "SiriAnalytics.log", "usermanagerd_logs.log", "GenerativeExperiences.log", "Contacts.log", "astro.log", "stackshots.log", "NetworkRelay.log", "Siri.log", "MatchTailspins.log", "SpaceAttributionTelemetry.log", "olddsc.log", "ondemandd.log", "ACLogs.log", "SocialLayerPlist.log", "BridgeActivation.log", "SleepCycler.log", "OTA.log", "unnamed_tasks.log", "fsck.log", "tailspin-info-ts.log", "AVConference.log", "MCState.log", "RunningBoard.log", "ATVUpdateLog.log", "AirPodPowerMetrics.log", "MailErrorConditions.log", "hidfw-crashlogs.log", "CoreLocation.log", "SiriTextToSpeech.log", "AUDeveloperSettings.log", "Preferences.log", "ForceResetTailspins.log", "UnifiedAsset.log", "MapsSyncJournal.log", "Burnin.log", "MSU.log", "BluetoothAccessory.log", "VideoProcessing.log", "HIDCrashlogs.log", "Proximity.log", "BridgeActivation 2.log", "MobileAssetHistory.log", "Resource_Exhaustion.log", "avconferenced-embedded.log", "watchdog.log", "LaunchServices.log", "powerlogs.log", "MobileInstallation.log", "SUInfo.log", "spindump-meta-collection.log", "LivabilityApp.log", "syslog.log", "BatteryIntelligence.log", "keyboard_cache.log", "Splat_Versioning.log", "CompanionSync.log", "Personalization.log", "Buddy.log", "TetheredRestore.log", "BTPHY.log", "MemoryExceptions.log", "BluetoothCoreDump.log", "copySpringBoardStateDump.log", "diagnostic_summary.log", "SplunkHistory.log", "ThermalLogs.log", "Mobile_Demo.log", "BridgeReporting.log", "TimezoneDB.log", "AppConduit.log", "microstackshots.log", "SystemVersion.log", "watchdogd_ddts.log", "NSURLSession_logs.log", "MobileActivation.log", "tailspin-history.log", "MobileSlideShow.log", "AFK.log", "MobileSlideShowPrivateData.log", "demod.log", "HangTracerTailspins.log", "Networking.log", "AGXMTLCompilerCrash.log", "ASPSnapshots.log", "BatteryBDC.log", "Trial.log", "ProtectedCloudStorage.log", "MobileObliteration.log", "HCI.log", "UARP_Packet_Capture.log", "launchdLogs.log", "coreaudio_reporting.log", "WiFi.log", "FDR.log", "WindowServerHangs.log", "HomePodSetUp.log", "Recoverylogd.log", "parsecd.log", "diagnose-errors.log", "defaults-com.apple.bird.txt", "defaults-com.apple.iclouddrive.features.txt", "brctl-container-list.txt", "AppleLanguages_Global.txt", "com.apple.avfoundation_CurrentUser.txt", "subscribedAssets_CurrentUser.txt", "com.apple.coreaudio_CurrentUser.txt", "Accessibility_Preferences.txt", "com.apple.MobileAsset_Global.txt", "ScreenTimeEnabled_CurrentUser.txt", "UIPreferredContentSizeCategoryName_CurrentUser.txt", "AppleLocale_CurrentUser.txt", "AppleLocale_Global.txt", "com.apple.coremedia_CurrentUser.txt", "Keyboard_Preferences.txt", "AppleLanguages_CurrentUser.txt", "com.apple.camera_CurrentUser.txt", "CaptureSourceInfo_CurrentUser.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ravescoutllc.", "id": "288912", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 86, "FileHash-SHA1": 2, "URL": 65, "domain": 13, "hostname": 49, "FileHash-MD5": 3, "email": 1 }, "indicator_count": 219, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "570 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66fae0cea9dbd082c30e30ea", "name": "The Jane Syndrome Files: Espionage-Grade Apple iPhone Infiltration", "description": "Here is a full list of details about Apple's latest operating system (OS) and the services it offers: DNS poisonings, network insecurities, malware, malicious script injections.", "modified": "2024-10-30T16:01:07.364000", "created": "2024-09-30T17:33:02.318000", "tags": [ "disabled awdl", "awdl", "status ipv6", "mode", "off awdl", "auto", "discovery", "disabled", "status power", "mac address", "f5 discoverable", "scanning", "current network", "wifi", "security", "wpa2 personal", "legacy", "ipv6", "count", "interval", "timestamp name", "open", "begin", "d71ff", "status", "begin wifi", "collect", "end wifi", "logs", "dump", "end corecapture", "cache", "stats", "cfnetwork", "could", "could ping", "dns server", "duration result", "description", "reach apple", "ping lan", "resolve dns", "number", "guard period", "errors summary", "report guard", "scan psf", "period ranges", "aw errors", "summary", "ap stats", "ap status", "period", "i en0", "airport sync", "airport network", "rave scout", "salman", "scout iphone", "guest agrp", "guest mdat", "items", "status primary", "ipv4", "interface", "nonpsc", "active", "address", "method", "supported", "status mac", "ssid", "bssid", "rssi", "tx rate", "mbps security", "congested wifi", "channel", "current channel", "ht40", "networks", "ht40 network", "wifi cc", "mcastaesccm", "mcasttkip", "fiosd8f6r", "jparadise", "bradstevens", "hazelnuthut", "karen dave", "fios", "brookleyroad", "mobile", "gator", "mach virtual", "memory", "never", "command", "execution time", "timeout", "max rss", "o user", "o ppid", "usrbintaskinfo", "a registry", "ioservice", "state", "executing task", "cpu time", "child process", "cpuwall", "cputimeout", "task container", "handshake", "tmpoutputdir", "executing", "phase", "locker", "atomic", "error", "companion", "savage", "demo", "trigger", "caller", "autounlock", "macbook air", "leaflifetime", "evaluationtime", "afterctflagday", "anchorsource", "validstatus", "numberscts", "mmcs", "unknown", "lmdc", "fssnapshot", "fpck", "fpsnapshot", "fpckrunreason", "iphone", "version", "product type", "os build", "appleinternal", "cpuarchitecture", "chipid", "hwmodel", "d53gap", "hassep", "ap1i", "ap1p", "ap1v", "b0ti", "d1pt", "iq0b", "iq1b", "mbse", "adce", "aopc", "bupt", "chcc", "chif", "upof", "waps", "warp", "wass", "default filters", "size limit", "mb on", "done enforcing", "file", "candidate", "filters", "enforcing size", "limit", "added", "predicate not", "file past", "beginswith", "endswith", "excresource", "analytics", "predicate", "not self", "contains", "max size", "matches", "osvalueobject", "ioport", "ioregistryentry", "iopower", "ioaccessory", "iousb", "iodevicetree", "root", "class", "wcfb", "gtd0x0 dtb", "rfrs", "adfh", "adhf", "vbwr", "vbrr", "cfdwc", "cfdrc", "dlwd", "gcrd", "gccan1 gcmust0", "gccan0 gcmust0", "erase quantile", "bad blocks", "max band", "eol erase", "user partition", "indpoolfree", "key1242", "timestamp", "weightedra", "qmax0", "cyclecount", "timeathighsoc", "chargingvoltage", "bhserviceflags", "04430", "familycode", "vacvoltagelimit", "53685452100", "53685452811", "1284430", "53685452411", "04410", "11524410", "53685452401", "1284410", "10244410", "11534410", "11524430", "10244430", "11534430", "53685451811", "53685451911", "chemid", "algochemid", "eeee", "designcapacity", "presentdod0", "currentcapacity", "ischarging", "temperature", "amperage", "instantamperage", "voltage", "stateofcharge", "chargeaccum", "chargingstate", "inflowstate", "chargelimit", "checkpoint", "decisionmaker", "modeofoperation", "af96b", "begin bluetooth", "b590b", "e97d3", "e1306", "certificate", "start", "status code", "sameorigin body", "xsannwhh5zixhy", "debug", "sun sep", "thu sep", "notice", "fri sep", "unbrick", "dcrt reissue", "commcenter fri", "sat sep", "commcenter sun", "data", "plist", "dict", "post useragent", "dcrt", "body", "doctype", "public", "pkitruststore", "download", "autolocker", "autojob", "data container", "installing", "ls save", "ls operation", "customer", "lsinstalltype", "miinstaller", "staging", "update", "consumed", "missingvalue", "raptor certs", "full service", "pinged configd", "cachedata", "cacheextra", "gmt4", "boot session", "bonjour", "f0fs24 cf0", "xml version", "appledtd plist", "adapter", "sen097", "wairport97", "t3gpp u8721", "u960 u8747", "bae69693u8719", "c2cb", "f1f49791page", "c4 e8", "page", "xethernet97", "sen1u8260", "u8721 u8719", "u8805 a5u8706", "a5u8706 u8721", "u8719 u960", "u8800 c6d8u8734", "b1u8804 u8805", "u8747 aabau937", "u64258 u8800", "u8747 u8776", "u64257 u64258", "u305 u8710", "u63743", "u8260", "u8805 u8706", "u731 u711", "u731", "u733", "time", "time secs", "uuid", "osversion", "lqmlogging", "su ms", "nb nrs", "na cm", "ex tf", "ffp mret", "highband", "ghz sep", "noise 88", "capture", "interfacelogs", "disabledatapath", "role lowlatency", "enabledatapath", "tx submission", "queue sep", "disablesync", "txsubq sep", "datapath", "printdatapath", "txsub disable", "txsub enable", "awdl prox", "awdl interface", "appleolyhal", "iopcidevice", "iopcidevice sep", "appleolyhallog", "pktsec", "mbitssec", "txreported", "u0 m0", "rxmacst", "monitor0 vif", "ff input", "pmopen", "rssi 100", "flushed", "rssi threshold", "service", "p2p concurrency", "allowed", "multicast", "unicast", "p2p interface", "off configured", "host edge", "awdl0", "awdl state", "configured", "d12c2680", "monitor18 vif", "transition", "wait", "device sleep", "device wake", "device active", "pending", "pnd0", "exit", "int state", "tx power", "cap config", "device tree", "ps params", "dtim", "motion profile", "womp disabled", "region info", "lla prefer", "prefer", "moving", "logic", "config", "wlcgetbssinfo", "queue", "check que", "wd scheduled1", "curr", "configure wd", "history", "wlcsetlrl", "wlcgetcountry", "debuggable", "eventbitfield", "fwid 01b0ec0e2e", "d53gap build", "device serial", "file name", "wme acm", "frequestiotx", "busytags", "peer", "u409224", "u527236 m103198", "monitor2827", "totaldropped0", "queue status", "totalflushed0", "tx completion", "rx completion", "fault report", "logging rx", "join mgr", "backpl", "85 85", "fl2 rt601", "bsside2", "rssi avg", "41 48", "44 42", "46 48", "43 42", "io80211 scan", "updated", "mpdus", "chanspec", "roam candidate", "logtransition", "cache channels", "scan home", "infra", "filesystem size", "avail capacity", "devdisk1s1", "dev devdisk1s6", "devdisk1s3", "calls", "file defrag", "metadata", "write", "object cache", "read", "fx defrag", "vnopallocate", "vnopblktooff", "meta", "user pid", "cpu stat", "pri stime", "utime command", "ppid f", "mem pri", "ni vsz", "rss wchan", "started time", "wd scheduled0", "e666293574", "monitor38 vif", "u2642957", "u4321860 m8433", "monitor9744", "b7c5a", "fl2 rt3505", "43 43", "bssid00", "lightphoneii", "43 44", "44 44", "rx data", "f4e0wf", "session", "cached", "access", "integer not", "null default", "null", "text not", "from", "text unique", "where", "order by", "not null", "bool not", "expected t", "nsdata", "unique", "integer primary", "array", "hard", "u63743 fceae8" ], "references": [ "awdl_status.txt", "arp.txt", "bluetooth_status.txt", "com.apple.wifi.syncable-networks.legacy.plist", "com.apple.wifi.syncable-networks.plist", "diagnostics-configuration.txt", "debug-log.txt", "diagnostics-connectivity.txt", "com.apple.wifi.recent-networks.json", "ifconfig.txt", "leaky_ap_stats.txt", "netstat-POST.txt", "mobilewifitool.txt", "security.txt", "netstat-PRE.txt", "network_status.txt", "wifi_datapath-PRE.txt", "wifi_scan_cache.txt", "wifi_logarchive.log", "wifi_datapath-POST.txt", "wifi_status.txt", "diagnostics-environment.txt", "wifi_scan.txt", "vm_stat.txt", "transparency.log", "tzDataVersion.log", "tailspin-info.txt", "taskSummary.csv", "sysdiagnose.log", "security-sysdiagnose.txt", "fileproviderctl_check.log", "hpmDiagnose.txt", "fileproviderctl.log", "hidutil.plist", "remotectl_dumpstate.txt", "smcDiagnose.txt", "BridgeReporting.log", "BridgeActivation.log", "AppConduit.log", "appinstallation.log", "AlishaLogs.log", "ASPSnapshots.log", "AppSupport.log", "astro.log", "AUDeveloperSettings.log", "ATVUpdateLog.log", "AVConference.log", "atcrtcomm.log", "BatteryBDC.log", "avconferenced-embedded.log", "BatteryIntelligence.log", "BluetoothAccessory.log", "BluetoothCoreDump.log", "BatteryHealth.log", "BatteryUIPlist.log", "brctl.log", "BASEBAND_TS_TRIGGER.log", "BTPHY.log", "Burnin.log", "Buddy.log", "CacheDeleteHistory.log", "CalendarPreferences.log", "CMCaptureTailspins.log", "CompanionSync.log", "CommandAndControl.log", "Contacts.log", "coreaudio_reporting.log", "CoreCapture.log", "copySpringBoardStateDump.log", "CoreLocation.log", "CoreCaptureBT.log", "crashes_and_spins.log", "cts.log", "coremediacapture-afdebug.log", "DarwinInit.log", "demod.log", "DataMigration.log", "FDR.log", "diagnostic_summary.log", "ForceResetTailspins.log", "Frametracer.log", "fsck.log", "FindMyDevice.log", "HangTracerTailspins.log", "GenerativeExperiences.log", "Harmony.log", "HIDCrashlogs.log", "HCI.log", "HomePodSetUp.log", "hidfw-crashlogs.log", "itunesstored.log", "LivabilityApp.log", "keyboard_cache.log", "LaunchServices.log", "MailErrorConditions.log", "MapsSyncJournal.log", "MatchTailspins.log", "MCState.log", "MCUCoreDumps.log", "MediaserverdBlockageTailspins.log", "MemoryExceptions.log", "MobileActivation.log", "microstackshots.log", "LogStreamFilter.log", "Mobile_Demo.log", "MobileInstallation.log", "MobileBackup.log", "MobileKeybagLogs.log", "MobileAssetHistory.log", "launchdLogs.log", "MobileSlideShow.log", "MobileLockdown.log", "MobileObliteration.log", "MobileSlideShowPrivateData.log", "MSU.log", "MobileStoreDemo.log", "NanoPreferencesSync.log", "NanoRegistry.log", "NSURLSession_logs.log", "Networking.log", "NetworkRelay.log", "ondemandd.log", "olddsc.log", "OTA.log", "OSEligibility.log", "OTAUpdateLogs.log", "Panics.log", "Personalization.log", "parsecd.log", "powerlogs.log", "process_proxied_device_logs.log", "ProactiveInputPredictions.log", "Preferences.log", "Proximity.log", "ProtectedCloudStorage.log", "RecentHangTracerTailspins.log", "RunningBoard.log", "Recoverylogd.log", "Resource_Exhaustion.log", "SensorKit.log", "SiriTextToSpeech.log", "Sentry.log", "Siri.log", "SiriAnalytics.log", "SleepCycler.log", "SocialLayerPlist.log", "spindump-meta-collection.log", "SplunkHistory.log", "stackshots.log", "SUInfo.log", "StoreServices.log", "SystemVersion.log", "Splat_Versioning.log", "syslog.log", "tailspin-history.log", "ThermalLogs.log", "tailspin-info-ts.log", "Trial.log", "UARP_Packet_Capture.log", "TetheredRestore.log", "UnifiedAsset.log", "time-sensitive-stackshot.log", "TimezoneDB.log", "unnamed_tasks.log", "UARPEndpointPacketCaptures.log", "SpaceAttributionTelemetry.log", "usermanagerd_logs.log", "VideoProcessing.log", "watchdog.log", "WindowServerHangs.log", "WiFi.log", "watchdogd_ddts.log", "asptool_snapshot_timesensitive.log", "asptool_snapshot.log", "acLog.plist", "atcrtcomm.txt", "BDC_Daily_version2.6_2024-08-29_00:19:16.csv", "BDC_Daily_version2.8_2024-09-22_16:06:26.csv", "BDC_Daily_version2.8_2024-09-13_17:49:14.csv", "BDC_Daily_version2.6_2024-09-04_12:00:11.csv", "BDC_Daily_version2.8_2024-09-21_13:45:08.csv", "BDC_OBC_version2.6_2024-08-29_00:19:14.csv", "BDC_OBC_version2.6_2024-09-13_16:25:59.csv", "BDC_OBC_version2.8_2024-09-18_23:12:12.csv", "BDC_OBC_version2.8_2024-09-14_00:28:48.csv", "BDC_OBC_version2.8_2024-09-13_23:35:57.csv", "BDC_OBC_version2.8_2024-09-14_13:32:02.csv", "BDC_OBC_version2.8_2024-09-29_15:16:41.csv", "BDC_Once_version2.6_2024-08-29_00:19:16.csv", "BDC_Once_version2.8_2024-09-13_17:49:16.csv", "BDC_SBC_version2.6_2024-09-02_20:27:16.csv", "BDC_SBC_version2.6_2024-08-29_00:19:16.csv", "BDC_SBC_version2.6_2024-09-03_11:48:00.csv", "BDC_SBC_version2.6_2024-09-11_00:27:57.csv", "BDC_SBC_version2.6_2024-09-04_13:21:06.csv", "BDC_SBC_version2.6_2024-09-04_12:00:11.csv", "BDC_SBC_version2.6_2024-09-03_00:11:37.csv", "BDC_SBC_version2.6_2024-09-13_16:26:54.csv", "BDC_SBC_version2.6_2024-09-13_16:16:55.csv", "BDC_SBC_version2.6_2024-09-08_17:52:28.csv", "BDC_SBC_version2.6_2024-09-13_02:10:48.csv", "BDC_SBC_version2.6_2024-09-12_02:07:40.csv", "BDC_SBC_version2.8_2024-09-13_17:54:28.csv", "BDC_SBC_version2.6_2024-09-13_17:07:26.csv", "BDC_SBC_version2.8_2024-09-13_17:49:18.csv", "BDC_SBC_version2.8_2024-09-14_00:28:50.csv", "BDC_SBC_version2.8_2024-09-18_03:20:38.csv", "BDC_SBC_version2.8_2024-09-18_23:12:15.csv", "BDC_SBC_version2.8_2024-09-14_13:32:04.csv", "BDC_SBC_version2.8_2024-09-21_13:45:07.csv", "BDC_SBC_version2.8_2024-09-22_05:55:57.csv", "BDC_SBC_version2.8_2024-09-23_19:56:36.csv", "BDC_SBC_version2.8_2024-09-17_01:27:03.csv", "BDC_SBC_version2.8_2024-09-23_21:27:40.csv", "BDC_SBC_version2.8_2024-09-24_19:36:33.csv", "BDC_SBC_version2.8_2024-09-14_01:16:12.csv", "BDC_SmartCharging_version2.6_2024-09-02_20:25:09.csv", "BDC_SmartCharging_version2.6_2024-08-29_00:21:46.csv", "BDC_SmartCharging_version2.6_2024-09-03_04:09:12.csv", "BDC_SmartCharging_version2.6_2024-09-03_11:48:07.csv", "BDC_SmartCharging_version2.6_2024-09-03_00:11:44.csv", "BDC_SmartCharging_version2.6_2024-09-04_12:00:20.csv", "BDC_SmartCharging_version2.6_2024-09-04_13:19:02.csv", "CacheDeletePurgeHistory.txt", "FDRDiagnosticReport.plist", "GEAvailability.log", "IOSADiagnose.log", "version", "akd_dcrt_baa_response.txt", "mobileactivationd.log.0", "akd_dcrt_baa_request.txt", "MAAutoAsset_Atomic_History_00.log", "MAAutoAsset_Atomic_History_02.log", "MAAutoAsset_Atomic_History_01.log", "MAAutoAsset_Atomic_History_03.log", "MAAutoAsset_Atomic_History_05.log", "MAAutoAsset_Atomic_History_04.log", "MAAutoAsset_Atomic_History_09.log", "MAAutoAsset_Atomic_History.txt", "MAAutoAsset_Atomic_History_08.log", "MAAutoAsset_Error_History_00.log", "MAAutoAsset_Atomic_History_06.log", "MAAutoAsset_Error_History_02.log", "MAAutoAsset_Error_History_04.log", "MAAutoAsset_Error_History_05.log", "MAAutoAsset_Error_History_08.log", "MAAutoAsset_Error_History.txt", "MAAutoAsset_Filesystem_History_01.log", "MAAutoAsset_Error_History_06.log", "MAAutoAsset_Error_History_09.log", "MAAutoAsset_Error_History_07.log", "MAAutoAsset_Filesystem_History_03.log", "MAAutoAsset_Filesystem_History_02.log", "MAAutoAsset_Filesystem_History_04.log", "MAAutoAsset_Filesystem_History_05.log", "MAAutoAsset_Filesystem_History_08.log", "MAAutoAsset_Filesystem_History_09.log", "MAAutoAsset_Filesystem_History_06.log", "MAAutoAsset_Filesystem_History_00.log", "MAAutoAsset_Filesystem_History_07.log", "MAAutoAsset_Filesystem_History.txt", "MAAutoAsset_Locker_History_00.log", "MAAutoAsset_Locker_History_01.log", "MAAutoAsset_Locker_History_03.log", "MAAutoAsset_Locker_History_06.log", "MAAutoAsset_Locker_History_02.log", "MAAutoAsset_Locker_History_04.log", "MAAutoAsset_Locker_History_05.log", "MAAutoAsset_Locker_History_07.log", "MAAutoAsset_Scheduler_History_00.log", "MAAutoAsset_Locker_History.txt", "MAAutoAsset_Locker_History_08.log", "MAAutoAsset_Scheduler_History_03.log", "MAAutoAsset_Scheduler_History_02.log", "MAAutoAsset_Scheduler_History_04.log", "MAAutoAsset_Scheduler_History_01.log", "MAAutoAsset_Locker_History_09.log", "MAAutoAsset_Scheduler_History_07.log", "MAAutoAsset_Scheduler_History_08.log", "MAAutoAsset_Scheduler_History_05.log", "MAAutoAsset_Scheduler_History_06.log", "MAAutoAsset_Scheduler_History.txt", "MAAutoAsset_Scheduler_History_09.log", "MAAutoAsset_Secure_History_01.log", "MAAutoAsset_Secure_History_00.log", "MAAutoAsset_Secure_History_04.log", "MAAutoAsset_Secure_History_05.log", "MAAutoAsset_Secure_History_03.log", "MAAutoAsset_Secure_History_07.log", "MAAutoAsset_Secure_History_08.log", "MAAutoAsset_Secure_History_06.log", "MAAutoAsset_Secure_History_09.log", "MAAutoAsset_Stager_History_01.log", "MAAutoAsset_Stager_History_02.log", "MAAutoAsset_Stager_History_00.log", "MAAutoAsset_Secure_History.txt", "MAAutoAsset_Stager_History_03.log", "MAAutoAsset_Stager_History_05.log", "MAAutoAsset_Stager_History_07.log", "MAAutoAsset_Stager_History_04.log", "MAAutoAsset_Stager_History_08.log", "MAAutoAsset_Stager_History_06.log", "MAAutoAsset_Stager_History_09.log", "MAAutoAsset_Stager_History.txt", "mobile_installation.log.0", "mobile_installation.log.1", "mobile_installation_helper.log.0", "lockdownd.log", "SUCoreSplunkHistory.log", "model_catalog_dump.txt", "model_manager_dump.json", "com.apple.networkextension.necp.rtf", "preferences.rtf", "NetworkInterfaces.rtf", "com.apple.networkextension.rtf", "com.apple.networkextension.uuidcache.rtf", "com.apple.networkextension.cache.rtf", "com.apple.networkextension.control.rtf", "Entity_2024-09-29 22:12:50.359_Blacklist.csv", "capture.rtf", "system.rtf", "[2024-09-29_22,12,45.966405]-LQMLogging-001.txt", "[2024-09-29_22,12,45.960131]-Interface_SoftAP_0-001.txt", "[2024-09-29_22,12,56.122877]-Interface_LowLatency_0-001.txt", "[2024-09-29_22,12,56.815468]-Interface_Infrastructure_0-001.txt", "[2024-09-29_22,12,56.591747]-Interface_AirLink_0-001.txt", "[2024-09-29_22,12,56.327440]-uartFirmwareLogs-001.txt", "[2024-09-29_22,12,56.457960]-AppleOLYHAL_log-001.txt", "AddFileList.txt", "ap1_AllPeersVerbose_IO80211PeerManager.txt", "awdl0_PrintState_IO80211AWDLPeerManager.txt", "awdl0_AllPeersVerbose_IO80211AWDLPeerManager.txt", "BusState.txt", "ConfigManagerState.txt", "CommanderState.txt", "CoreState.txt", "DeviceInfo.xml", "en0_AllPeersVerbose_IO80211PeerManager.txt", "en0_PrintState_IO80211PeerManager.txt", "InterfaceState_apsta.txt", "ap1_PrintState_IO80211PeerManager.txt", "FaultReportState.txt", "History.txt", "InterfaceState_prox.txt", "ivars->fChannelSwitchDictionary[0].xml", "InterfaceState_llw.txt", "JoinManagerState.txt", "ivars->fChannelSwitchDictionary[1].xml", "InterfaceState_skywalkinfra.txt", "ScanManagerState.txt", "LowLatencyRxCompRing", "MMIO_Log.txt", "SoC_Registers.xml", "LowLatencyTxCompRing", "NetManagerState.txt", "[2024-09-29_22,12,56.477273]-AppleBCMWLAN_Logs-001.txt", "disks.txt", "apfs_stats.txt", "oslog_archive_error.log", "ps_thread.txt", "971A5878D635EB8B262FF791353234.rtf", "B730B951A932F5AE2648F478FDDA81.rtf", "E7B80B551D34E4BCDBC1E47D6AB627.rtf", "2B553D16843D7B9CD7A4504A96CF2F.rtf", "594CB14E19331E8CFB5365144D46C4.rtf", "DE90FBA8603371B106DDEC727E696D.rtf", "C1ACD227FD3CE992C115DD95BD2B42.rtf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ravescoutllc.", "id": "288912", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 105, "domain": 71, "hostname": 211, "URL": 125, "email": 2, "FileHash-MD5": 14, "FileHash-SHA1": 212 }, "indicator_count": 740, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "578 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66fae0d0177ccf5dfc5c1fb0", "name": "The Jane Syndrome Files: Espionage-Grade Apple iPhone Infiltration", "description": "Here is a full list of details about Apple's latest operating system (OS) and the services it offers: DNS poisonings, network insecurities, malware, malicious script injections.", "modified": "2024-10-30T16:01:07.364000", "created": "2024-09-30T17:33:04.581000", "tags": [ "disabled awdl", "awdl", "status ipv6", "mode", "off awdl", "auto", "discovery", "disabled", "status power", "mac address", "f5 discoverable", "scanning", "current network", "wifi", "security", "wpa2 personal", "legacy", "ipv6", "count", "interval", "timestamp name", "open", "begin", "d71ff", "status", "begin wifi", "collect", "end wifi", "logs", "dump", "end corecapture", "cache", "stats", "cfnetwork", "could", "could ping", "dns server", "duration result", "description", "reach apple", "ping lan", "resolve dns", "number", "guard period", "errors summary", "report guard", "scan psf", "period ranges", "aw errors", "summary", "ap stats", "ap status", "period", "i en0", "airport sync", "airport network", "rave scout", "salman", "scout iphone", "guest agrp", "guest mdat", "items", "status primary", "ipv4", "interface", "nonpsc", "active", "address", "method", "supported", "status mac", "ssid", "bssid", "rssi", "tx rate", "mbps security", "congested wifi", "channel", "current channel", "ht40", "networks", "ht40 network", "wifi cc", "mcastaesccm", "mcasttkip", "fiosd8f6r", "jparadise", "bradstevens", "hazelnuthut", "karen dave", "fios", "brookleyroad", "mobile", "gator", "mach virtual", "memory", "never", "command", "execution time", "timeout", "max rss", "o user", "o ppid", "usrbintaskinfo", "a registry", "ioservice", "state", "executing task", "cpu time", "child process", "cpuwall", "cputimeout", "task container", "handshake", "tmpoutputdir", "executing", "phase", "locker", "atomic", "error", "companion", "savage", "demo", "trigger", "caller", "autounlock", "macbook air", "leaflifetime", "evaluationtime", "afterctflagday", "anchorsource", "validstatus", "numberscts", "mmcs", "unknown", "lmdc", "fssnapshot", "fpck", "fpsnapshot", "fpckrunreason", "iphone", "version", "product type", "os build", "appleinternal", "cpuarchitecture", "chipid", "hwmodel", "d53gap", "hassep", "ap1i", "ap1p", "ap1v", "b0ti", "d1pt", "iq0b", "iq1b", "mbse", "adce", "aopc", "bupt", "chcc", "chif", "upof", "waps", "warp", "wass", "default filters", "size limit", "mb on", "done enforcing", "file", "candidate", "filters", "enforcing size", "limit", "added", "predicate not", "file past", "beginswith", "endswith", "excresource", "analytics", "predicate", "not self", "contains", "max size", "matches", "osvalueobject", "ioport", "ioregistryentry", "iopower", "ioaccessory", "iousb", "iodevicetree", "root", "class", "wcfb", "gtd0x0 dtb", "rfrs", "adfh", "adhf", "vbwr", "vbrr", "cfdwc", "cfdrc", "dlwd", "gcrd", "gccan1 gcmust0", "gccan0 gcmust0", "erase quantile", "bad blocks", "max band", "eol erase", "user partition", "indpoolfree", "key1242", "timestamp", "weightedra", "qmax0", "cyclecount", "timeathighsoc", "chargingvoltage", "bhserviceflags", "04430", "familycode", "vacvoltagelimit", "53685452100", "53685452811", "1284430", "53685452411", "04410", "11524410", "53685452401", "1284410", "10244410", "11534410", "11524430", "10244430", "11534430", "53685451811", "53685451911", "chemid", "algochemid", "eeee", "designcapacity", "presentdod0", "currentcapacity", "ischarging", "temperature", "amperage", "instantamperage", "voltage", "stateofcharge", "chargeaccum", "chargingstate", "inflowstate", "chargelimit", "checkpoint", "decisionmaker", "modeofoperation", "af96b", "begin bluetooth", "b590b", "e97d3", "e1306", "certificate", "start", "status code", "sameorigin body", "xsannwhh5zixhy", "debug", "sun sep", "thu sep", "notice", "fri sep", "unbrick", "dcrt reissue", "commcenter fri", "sat sep", "commcenter sun", "data", "plist", "dict", "post useragent", "dcrt", "body", "doctype", "public", "pkitruststore", "download", "autolocker", "autojob", "data container", "installing", "ls save", "ls operation", "customer", "lsinstalltype", "miinstaller", "staging", "update", "consumed", "missingvalue", "raptor certs", "full service", "pinged configd", "cachedata", "cacheextra", "gmt4", "boot session", "bonjour", "f0fs24 cf0", "xml version", "appledtd plist", "adapter", "sen097", "wairport97", "t3gpp u8721", "u960 u8747", "bae69693u8719", "c2cb", "f1f49791page", "c4 e8", "page", "xethernet97", "sen1u8260", "u8721 u8719", "u8805 a5u8706", "a5u8706 u8721", "u8719 u960", "u8800 c6d8u8734", "b1u8804 u8805", "u8747 aabau937", "u64258 u8800", "u8747 u8776", "u64257 u64258", "u305 u8710", "u63743", "u8260", "u8805 u8706", "u731 u711", "u731", "u733", "time", "time secs", "uuid", "osversion", "lqmlogging", "su ms", "nb nrs", "na cm", "ex tf", "ffp mret", "highband", "ghz sep", "noise 88", "capture", "interfacelogs", "disabledatapath", "role lowlatency", "enabledatapath", "tx submission", "queue sep", "disablesync", "txsubq sep", "datapath", "printdatapath", "txsub disable", "txsub enable", "awdl prox", "awdl interface", "appleolyhal", "iopcidevice", "iopcidevice sep", "appleolyhallog", "pktsec", "mbitssec", "txreported", "u0 m0", "rxmacst", "monitor0 vif", "ff input", "pmopen", "rssi 100", "flushed", "rssi threshold", "service", "p2p concurrency", "allowed", "multicast", "unicast", "p2p interface", "off configured", "host edge", "awdl0", "awdl state", "configured", "d12c2680", "monitor18 vif", "transition", "wait", "device sleep", "device wake", "device active", "pending", "pnd0", "exit", "int state", "tx power", "cap config", "device tree", "ps params", "dtim", "motion profile", "womp disabled", "region info", "lla prefer", "prefer", "moving", "logic", "config", "wlcgetbssinfo", "queue", "check que", "wd scheduled1", "curr", "configure wd", "history", "wlcsetlrl", "wlcgetcountry", "debuggable", "eventbitfield", "fwid 01b0ec0e2e", "d53gap build", "device serial", "file name", "wme acm", "frequestiotx", "busytags", "peer", "u409224", "u527236 m103198", "monitor2827", "totaldropped0", "queue status", "totalflushed0", "tx completion", "rx completion", "fault report", "logging rx", "join mgr", "backpl", "85 85", "fl2 rt601", "bsside2", "rssi avg", "41 48", "44 42", "46 48", "43 42", "io80211 scan", "updated", "mpdus", "chanspec", "roam candidate", "logtransition", "cache channels", "scan home", "infra", "filesystem size", "avail capacity", "devdisk1s1", "dev devdisk1s6", "devdisk1s3", "calls", "file defrag", "metadata", "write", "object cache", "read", "fx defrag", "vnopallocate", "vnopblktooff", "meta", "user pid", "cpu stat", "pri stime", "utime command", "ppid f", "mem pri", "ni vsz", "rss wchan", "started time", "wd scheduled0", "e666293574", "monitor38 vif", "u2642957", "u4321860 m8433", "monitor9744", "b7c5a", "fl2 rt3505", "43 43", "bssid00", "lightphoneii", "43 44", "44 44", "rx data", "f4e0wf", "session", "cached", "access", "integer not", "null default", "null", "text not", "from", "text unique", "where", "order by", "not null", "bool not", "expected t", "nsdata", "unique", "integer primary", "array", "hard", "u63743 fceae8" ], "references": [ "awdl_status.txt", "arp.txt", "bluetooth_status.txt", "com.apple.wifi.syncable-networks.legacy.plist", "com.apple.wifi.syncable-networks.plist", "diagnostics-configuration.txt", "debug-log.txt", "diagnostics-connectivity.txt", "com.apple.wifi.recent-networks.json", "ifconfig.txt", "leaky_ap_stats.txt", "netstat-POST.txt", "mobilewifitool.txt", "security.txt", "netstat-PRE.txt", "network_status.txt", "wifi_datapath-PRE.txt", "wifi_scan_cache.txt", "wifi_logarchive.log", "wifi_datapath-POST.txt", "wifi_status.txt", "diagnostics-environment.txt", "wifi_scan.txt", "vm_stat.txt", "transparency.log", "tzDataVersion.log", "tailspin-info.txt", "taskSummary.csv", "sysdiagnose.log", "security-sysdiagnose.txt", "fileproviderctl_check.log", "hpmDiagnose.txt", "fileproviderctl.log", "hidutil.plist", "remotectl_dumpstate.txt", "smcDiagnose.txt", "BridgeReporting.log", "BridgeActivation.log", "AppConduit.log", "appinstallation.log", "AlishaLogs.log", "ASPSnapshots.log", "AppSupport.log", "astro.log", "AUDeveloperSettings.log", "ATVUpdateLog.log", "AVConference.log", "atcrtcomm.log", "BatteryBDC.log", "avconferenced-embedded.log", "BatteryIntelligence.log", "BluetoothAccessory.log", "BluetoothCoreDump.log", "BatteryHealth.log", "BatteryUIPlist.log", "brctl.log", "BASEBAND_TS_TRIGGER.log", "BTPHY.log", "Burnin.log", "Buddy.log", "CacheDeleteHistory.log", "CalendarPreferences.log", "CMCaptureTailspins.log", "CompanionSync.log", "CommandAndControl.log", "Contacts.log", "coreaudio_reporting.log", "CoreCapture.log", "copySpringBoardStateDump.log", "CoreLocation.log", "CoreCaptureBT.log", "crashes_and_spins.log", "cts.log", "coremediacapture-afdebug.log", "DarwinInit.log", "demod.log", "DataMigration.log", "FDR.log", "diagnostic_summary.log", "ForceResetTailspins.log", "Frametracer.log", "fsck.log", "FindMyDevice.log", "HangTracerTailspins.log", "GenerativeExperiences.log", "Harmony.log", "HIDCrashlogs.log", "HCI.log", "HomePodSetUp.log", "hidfw-crashlogs.log", "itunesstored.log", "LivabilityApp.log", "keyboard_cache.log", "LaunchServices.log", "MailErrorConditions.log", "MapsSyncJournal.log", "MatchTailspins.log", "MCState.log", "MCUCoreDumps.log", "MediaserverdBlockageTailspins.log", "MemoryExceptions.log", "MobileActivation.log", "microstackshots.log", "LogStreamFilter.log", "Mobile_Demo.log", "MobileInstallation.log", "MobileBackup.log", "MobileKeybagLogs.log", "MobileAssetHistory.log", "launchdLogs.log", "MobileSlideShow.log", "MobileLockdown.log", "MobileObliteration.log", "MobileSlideShowPrivateData.log", "MSU.log", "MobileStoreDemo.log", "NanoPreferencesSync.log", "NanoRegistry.log", "NSURLSession_logs.log", "Networking.log", "NetworkRelay.log", "ondemandd.log", "olddsc.log", "OTA.log", "OSEligibility.log", "OTAUpdateLogs.log", "Panics.log", "Personalization.log", "parsecd.log", "powerlogs.log", "process_proxied_device_logs.log", "ProactiveInputPredictions.log", "Preferences.log", "Proximity.log", "ProtectedCloudStorage.log", "RecentHangTracerTailspins.log", "RunningBoard.log", "Recoverylogd.log", "Resource_Exhaustion.log", "SensorKit.log", "SiriTextToSpeech.log", "Sentry.log", "Siri.log", "SiriAnalytics.log", "SleepCycler.log", "SocialLayerPlist.log", "spindump-meta-collection.log", "SplunkHistory.log", "stackshots.log", "SUInfo.log", "StoreServices.log", "SystemVersion.log", "Splat_Versioning.log", "syslog.log", "tailspin-history.log", "ThermalLogs.log", "tailspin-info-ts.log", "Trial.log", "UARP_Packet_Capture.log", "TetheredRestore.log", "UnifiedAsset.log", "time-sensitive-stackshot.log", "TimezoneDB.log", "unnamed_tasks.log", "UARPEndpointPacketCaptures.log", "SpaceAttributionTelemetry.log", "usermanagerd_logs.log", "VideoProcessing.log", "watchdog.log", "WindowServerHangs.log", "WiFi.log", "watchdogd_ddts.log", "asptool_snapshot_timesensitive.log", "asptool_snapshot.log", "acLog.plist", "atcrtcomm.txt", "BDC_Daily_version2.6_2024-08-29_00:19:16.csv", "BDC_Daily_version2.8_2024-09-22_16:06:26.csv", "BDC_Daily_version2.8_2024-09-13_17:49:14.csv", "BDC_Daily_version2.6_2024-09-04_12:00:11.csv", "BDC_Daily_version2.8_2024-09-21_13:45:08.csv", "BDC_OBC_version2.6_2024-08-29_00:19:14.csv", "BDC_OBC_version2.6_2024-09-13_16:25:59.csv", "BDC_OBC_version2.8_2024-09-18_23:12:12.csv", "BDC_OBC_version2.8_2024-09-14_00:28:48.csv", "BDC_OBC_version2.8_2024-09-13_23:35:57.csv", "BDC_OBC_version2.8_2024-09-14_13:32:02.csv", "BDC_OBC_version2.8_2024-09-29_15:16:41.csv", "BDC_Once_version2.6_2024-08-29_00:19:16.csv", "BDC_Once_version2.8_2024-09-13_17:49:16.csv", "BDC_SBC_version2.6_2024-09-02_20:27:16.csv", "BDC_SBC_version2.6_2024-08-29_00:19:16.csv", "BDC_SBC_version2.6_2024-09-03_11:48:00.csv", "BDC_SBC_version2.6_2024-09-11_00:27:57.csv", "BDC_SBC_version2.6_2024-09-04_13:21:06.csv", "BDC_SBC_version2.6_2024-09-04_12:00:11.csv", "BDC_SBC_version2.6_2024-09-03_00:11:37.csv", "BDC_SBC_version2.6_2024-09-13_16:26:54.csv", "BDC_SBC_version2.6_2024-09-13_16:16:55.csv", "BDC_SBC_version2.6_2024-09-08_17:52:28.csv", "BDC_SBC_version2.6_2024-09-13_02:10:48.csv", "BDC_SBC_version2.6_2024-09-12_02:07:40.csv", "BDC_SBC_version2.8_2024-09-13_17:54:28.csv", "BDC_SBC_version2.6_2024-09-13_17:07:26.csv", "BDC_SBC_version2.8_2024-09-13_17:49:18.csv", "BDC_SBC_version2.8_2024-09-14_00:28:50.csv", "BDC_SBC_version2.8_2024-09-18_03:20:38.csv", "BDC_SBC_version2.8_2024-09-18_23:12:15.csv", "BDC_SBC_version2.8_2024-09-14_13:32:04.csv", "BDC_SBC_version2.8_2024-09-21_13:45:07.csv", "BDC_SBC_version2.8_2024-09-22_05:55:57.csv", "BDC_SBC_version2.8_2024-09-23_19:56:36.csv", "BDC_SBC_version2.8_2024-09-17_01:27:03.csv", "BDC_SBC_version2.8_2024-09-23_21:27:40.csv", "BDC_SBC_version2.8_2024-09-24_19:36:33.csv", "BDC_SBC_version2.8_2024-09-14_01:16:12.csv", "BDC_SmartCharging_version2.6_2024-09-02_20:25:09.csv", "BDC_SmartCharging_version2.6_2024-08-29_00:21:46.csv", "BDC_SmartCharging_version2.6_2024-09-03_04:09:12.csv", "BDC_SmartCharging_version2.6_2024-09-03_11:48:07.csv", "BDC_SmartCharging_version2.6_2024-09-03_00:11:44.csv", "BDC_SmartCharging_version2.6_2024-09-04_12:00:20.csv", "BDC_SmartCharging_version2.6_2024-09-04_13:19:02.csv", "CacheDeletePurgeHistory.txt", "FDRDiagnosticReport.plist", "GEAvailability.log", "IOSADiagnose.log", "version", "akd_dcrt_baa_response.txt", "mobileactivationd.log.0", "akd_dcrt_baa_request.txt", "MAAutoAsset_Atomic_History_00.log", "MAAutoAsset_Atomic_History_02.log", "MAAutoAsset_Atomic_History_01.log", "MAAutoAsset_Atomic_History_03.log", "MAAutoAsset_Atomic_History_05.log", "MAAutoAsset_Atomic_History_04.log", "MAAutoAsset_Atomic_History_09.log", "MAAutoAsset_Atomic_History.txt", "MAAutoAsset_Atomic_History_08.log", "MAAutoAsset_Error_History_00.log", "MAAutoAsset_Atomic_History_06.log", "MAAutoAsset_Error_History_02.log", "MAAutoAsset_Error_History_04.log", "MAAutoAsset_Error_History_05.log", "MAAutoAsset_Error_History_08.log", "MAAutoAsset_Error_History.txt", "MAAutoAsset_Filesystem_History_01.log", "MAAutoAsset_Error_History_06.log", "MAAutoAsset_Error_History_09.log", "MAAutoAsset_Error_History_07.log", "MAAutoAsset_Filesystem_History_03.log", "MAAutoAsset_Filesystem_History_02.log", "MAAutoAsset_Filesystem_History_04.log", "MAAutoAsset_Filesystem_History_05.log", "MAAutoAsset_Filesystem_History_08.log", "MAAutoAsset_Filesystem_History_09.log", "MAAutoAsset_Filesystem_History_06.log", "MAAutoAsset_Filesystem_History_00.log", "MAAutoAsset_Filesystem_History_07.log", "MAAutoAsset_Filesystem_History.txt", "MAAutoAsset_Locker_History_00.log", "MAAutoAsset_Locker_History_01.log", "MAAutoAsset_Locker_History_03.log", "MAAutoAsset_Locker_History_06.log", "MAAutoAsset_Locker_History_02.log", "MAAutoAsset_Locker_History_04.log", "MAAutoAsset_Locker_History_05.log", "MAAutoAsset_Locker_History_07.log", "MAAutoAsset_Scheduler_History_00.log", "MAAutoAsset_Locker_History.txt", "MAAutoAsset_Locker_History_08.log", "MAAutoAsset_Scheduler_History_03.log", "MAAutoAsset_Scheduler_History_02.log", "MAAutoAsset_Scheduler_History_04.log", "MAAutoAsset_Scheduler_History_01.log", "MAAutoAsset_Locker_History_09.log", "MAAutoAsset_Scheduler_History_07.log", "MAAutoAsset_Scheduler_History_08.log", "MAAutoAsset_Scheduler_History_05.log", "MAAutoAsset_Scheduler_History_06.log", "MAAutoAsset_Scheduler_History.txt", "MAAutoAsset_Scheduler_History_09.log", "MAAutoAsset_Secure_History_01.log", "MAAutoAsset_Secure_History_00.log", "MAAutoAsset_Secure_History_04.log", "MAAutoAsset_Secure_History_05.log", "MAAutoAsset_Secure_History_03.log", "MAAutoAsset_Secure_History_07.log", "MAAutoAsset_Secure_History_08.log", "MAAutoAsset_Secure_History_06.log", "MAAutoAsset_Secure_History_09.log", "MAAutoAsset_Stager_History_01.log", "MAAutoAsset_Stager_History_02.log", "MAAutoAsset_Stager_History_00.log", "MAAutoAsset_Secure_History.txt", "MAAutoAsset_Stager_History_03.log", "MAAutoAsset_Stager_History_05.log", "MAAutoAsset_Stager_History_07.log", "MAAutoAsset_Stager_History_04.log", "MAAutoAsset_Stager_History_08.log", "MAAutoAsset_Stager_History_06.log", "MAAutoAsset_Stager_History_09.log", "MAAutoAsset_Stager_History.txt", "mobile_installation.log.0", "mobile_installation.log.1", "mobile_installation_helper.log.0", "lockdownd.log", "SUCoreSplunkHistory.log", "model_catalog_dump.txt", "model_manager_dump.json", "com.apple.networkextension.necp.rtf", "preferences.rtf", "NetworkInterfaces.rtf", "com.apple.networkextension.rtf", "com.apple.networkextension.uuidcache.rtf", "com.apple.networkextension.cache.rtf", "com.apple.networkextension.control.rtf", "Entity_2024-09-29 22:12:50.359_Blacklist.csv", "capture.rtf", "system.rtf", "[2024-09-29_22,12,45.966405]-LQMLogging-001.txt", "[2024-09-29_22,12,45.960131]-Interface_SoftAP_0-001.txt", "[2024-09-29_22,12,56.122877]-Interface_LowLatency_0-001.txt", "[2024-09-29_22,12,56.815468]-Interface_Infrastructure_0-001.txt", "[2024-09-29_22,12,56.591747]-Interface_AirLink_0-001.txt", "[2024-09-29_22,12,56.327440]-uartFirmwareLogs-001.txt", "[2024-09-29_22,12,56.457960]-AppleOLYHAL_log-001.txt", "AddFileList.txt", "ap1_AllPeersVerbose_IO80211PeerManager.txt", "awdl0_PrintState_IO80211AWDLPeerManager.txt", "awdl0_AllPeersVerbose_IO80211AWDLPeerManager.txt", "BusState.txt", "ConfigManagerState.txt", "CommanderState.txt", "CoreState.txt", "DeviceInfo.xml", "en0_AllPeersVerbose_IO80211PeerManager.txt", "en0_PrintState_IO80211PeerManager.txt", "InterfaceState_apsta.txt", "ap1_PrintState_IO80211PeerManager.txt", "FaultReportState.txt", "History.txt", "InterfaceState_prox.txt", "ivars->fChannelSwitchDictionary[0].xml", "InterfaceState_llw.txt", "JoinManagerState.txt", "ivars->fChannelSwitchDictionary[1].xml", "InterfaceState_skywalkinfra.txt", "ScanManagerState.txt", "LowLatencyRxCompRing", "MMIO_Log.txt", "SoC_Registers.xml", "LowLatencyTxCompRing", "NetManagerState.txt", "[2024-09-29_22,12,56.477273]-AppleBCMWLAN_Logs-001.txt", "disks.txt", "apfs_stats.txt", "oslog_archive_error.log", "ps_thread.txt", "971A5878D635EB8B262FF791353234.rtf", "B730B951A932F5AE2648F478FDDA81.rtf", "E7B80B551D34E4BCDBC1E47D6AB627.rtf", "2B553D16843D7B9CD7A4504A96CF2F.rtf", "594CB14E19331E8CFB5365144D46C4.rtf", "DE90FBA8603371B106DDEC727E696D.rtf", "C1ACD227FD3CE992C115DD95BD2B42.rtf" ], "public": 1, "adversary": "DragonForce Malaysia Hacker Group", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "", "display_name": "", "target": null } ], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1088", "name": "Bypass User Account Control", "display_name": "T1088 - Bypass User Account Control" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1546.004", "name": "Unix Shell Configuration Modification", "display_name": "T1546.004 - Unix Shell Configuration Modification" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1213", "name": "Data from Information Repositories", "display_name": "T1213 - Data from Information Repositories" }, { "id": "T1070.002", "name": "Clear Linux or Mac System Logs", "display_name": "T1070.002 - Clear Linux or Mac System Logs" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1445", "name": "Abuse of iOS Enterprise App Signing Key", "display_name": "T1445 - Abuse of iOS Enterprise App Signing Key" }, { "id": "T1001.003", "name": "Protocol Impersonation", "display_name": "T1001.003 - Protocol Impersonation" }, { "id": "T1404", "name": "Exploit OS Vulnerability", "display_name": "T1404 - Exploit OS Vulnerability" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ravescoutllc.", "id": "288912", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 105, "domain": 70, "hostname": 211, "URL": 125, "email": 2, "FileHash-MD5": 14, "FileHash-SHA1": 212 }, "indicator_count": 739, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "578 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://com.apple.mobile.storage", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://com.apple.mobile.storage", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780325295.682043 }