{ "type": "URL", "indicator": "https://t.co/EmutE0jCbD", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://t.co/EmutE0jCbD", "type": "url", "type_title": "URL", "validation": [ { "source": "alexa", "message": "Alexa rank: #286", "name": "Listed on Alexa" }, { "source": "akamai", "message": "Akamai rank: #331", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain t.co", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain t.co", "name": "Whitelisted domain" } ], "base_indicator": { "id": 3539725262, "indicator": "https://t.co/EmutE0jCbD", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "6305d7aa39c809c84d58846b", "name": "XCSSET Malware Update | macOS Threat Actors Prepare for Life Without Python - SentinelOne", "description": "SentinelOne is an industry-leading cybersecurity platform that delivers the security you need to prevent, detect, undo and prevent cyber-threats, and offers a range of solutions to all types of challenges.", "modified": "2022-09-23T00:00:05.122000", "created": "2022-08-24T07:47:54.231000", "tags": [ "xcsset", "threat", "mrt", "apple", "xcsset malware", "monterey", "applescripts", "github", "twitter account", "august", "frameworks", "dockutil", "april", "python", "virustotal", "compiler", "osaminer", "tencent", "vlad", "june", "malware", "protect" ], "references": [ "https://www.sentinelone.com/blog/xcsset-malware-update-macos-threat-actors-prepare-for-life-without-python/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "XCSSET", "display_name": "XCSSET", "target": null }, { "id": "Threat", "display_name": "Threat", "target": null }, { "id": "MRT", "display_name": "MRT", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1, "FileHash-MD5": 10, "FileHash-SHA1": 37, "FileHash-SHA256": 10, "domain": 7 }, "indicator_count": 65, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "1348 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6305ee45df0790b2c0ed56e6", "name": "XCSSET Malware Updates with Python 3 to Target macOS Monterey Users", "description": "The operators of the XCSSET macOS malware have upped the stakes by making iterative improvements that add support for macOS Monterey by upgrading its source code components to Python 3.\n\n\"The malware authors have changed from hiding the primary executable in a fake Xcode.app in the initial versions in 2020 to a fake Mail.app in 2021 and now to a fake Notes.app in 2022,\" SentinelOne researchers Phil Stokes and Dinesh Devadoss said in a report.", "modified": "2022-09-23T00:00:05.122000", "created": "2022-08-24T09:24:21.096000", "tags": [ "xcsset", "threat", "mrt", "apple", "xcsset malware", "monterey", "applescripts", "github", "twitter account", "august", "frameworks", "dockutil", "april", "python", "virustotal", "compiler", "osaminer", "tencent", "vlad", "june", "malware", "protect" ], "references": [ "https://www.sentinelone.com/blog/xcsset-malware-update-macos-threat-actors-prepare-for-life-without-python/", "https://thehackernews.com/2022/08/xcsset-malware-updates-with-python-3-to.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "XCSSET", "display_name": "XCSSET", "target": null }, { "id": "Threat", "display_name": "Threat", "target": null }, { "id": "MRT", "display_name": "MRT", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": "6305d7aa39c809c84d58846b", "export_count": 340, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dekaRituraj", "id": "99856", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_99856/resized/80/avatar_0e93d502b7.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1, "FileHash-MD5": 10, "FileHash-SHA1": 37, "FileHash-SHA256": 10, "domain": 7 }, "indicator_count": 65, "is_author": false, "is_subscribing": null, "subscriber_count": 434, "modified_text": "1348 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://thehackernews.com/2022/08/xcsset-malware-updates-with-python-3-to.html", "https://www.sentinelone.com/blog/xcsset-malware-update-macos-threat-actors-prepare-for-life-without-python/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Mrt", "Xcsset", "Threat" ], "industries": [], "unique_indicators": 66 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/t.co", "whois": "http://whois.domaintools.com/t.co", "domain": "t.co", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "6305d7aa39c809c84d58846b", "name": "XCSSET Malware Update | macOS Threat Actors Prepare for Life Without Python - SentinelOne", "description": "SentinelOne is an industry-leading cybersecurity platform that delivers the security you need to prevent, detect, undo and prevent cyber-threats, and offers a range of solutions to all types of challenges.", "modified": "2022-09-23T00:00:05.122000", "created": "2022-08-24T07:47:54.231000", "tags": [ "xcsset", "threat", "mrt", "apple", "xcsset malware", "monterey", "applescripts", "github", "twitter account", "august", "frameworks", "dockutil", "april", "python", "virustotal", "compiler", "osaminer", "tencent", "vlad", "june", "malware", "protect" ], "references": [ "https://www.sentinelone.com/blog/xcsset-malware-update-macos-threat-actors-prepare-for-life-without-python/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "XCSSET", "display_name": "XCSSET", "target": null }, { "id": "Threat", "display_name": "Threat", "target": null }, { "id": "MRT", "display_name": "MRT", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1, "FileHash-MD5": 10, "FileHash-SHA1": 37, "FileHash-SHA256": 10, "domain": 7 }, "indicator_count": 65, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "1348 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6305ee45df0790b2c0ed56e6", "name": "XCSSET Malware Updates with Python 3 to Target macOS Monterey Users", "description": "The operators of the XCSSET macOS malware have upped the stakes by making iterative improvements that add support for macOS Monterey by upgrading its source code components to Python 3.\n\n\"The malware authors have changed from hiding the primary executable in a fake Xcode.app in the initial versions in 2020 to a fake Mail.app in 2021 and now to a fake Notes.app in 2022,\" SentinelOne researchers Phil Stokes and Dinesh Devadoss said in a report.", "modified": "2022-09-23T00:00:05.122000", "created": "2022-08-24T09:24:21.096000", "tags": [ "xcsset", "threat", "mrt", "apple", "xcsset malware", "monterey", "applescripts", "github", "twitter account", "august", "frameworks", "dockutil", "april", "python", "virustotal", "compiler", "osaminer", "tencent", "vlad", "june", "malware", "protect" ], "references": [ "https://www.sentinelone.com/blog/xcsset-malware-update-macos-threat-actors-prepare-for-life-without-python/", "https://thehackernews.com/2022/08/xcsset-malware-updates-with-python-3-to.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "XCSSET", "display_name": "XCSSET", "target": null }, { "id": "Threat", "display_name": "Threat", "target": null }, { "id": "MRT", "display_name": "MRT", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": "6305d7aa39c809c84d58846b", "export_count": 340, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dekaRituraj", "id": "99856", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_99856/resized/80/avatar_0e93d502b7.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1, "FileHash-MD5": 10, "FileHash-SHA1": 37, "FileHash-SHA256": 10, "domain": 7 }, "indicator_count": 65, "is_author": false, "is_subscribing": null, "subscriber_count": 434, "modified_text": "1348 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://t.co/EmutE0jCbD", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://t.co/EmutE0jCbD", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780411779.5672083 }