otx.alienvault.com
Open in
urlscan Pro
13.224.193.120
Public Scan
URL:
https://otx.alienvault.com/pulse/6142fd26e097d46325c36660?source=email_notification
Submission: On September 16 via api from DE — Scanned from DE
Submission: On September 16 via api from DE — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
× On Friday, September 10th, 2021 at 5pm US/Central time, OTX will be undergoing an internal migration. It is not expected that there will be any downtime, but all such migrations come with some risk. If you see any unexpected behavior, please report it to otx-support@alienvault.com. Screenshots and error messages, if available, would be very useful to diagnose problems. * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (157888) Suggest Edit Clone Embed Download Report Spam OSX.ZURU: TROJANIZED APPS SPREAD MALWARE, VIA SPONSORED SEARCH RESULTS * Created 52 minutes ago by AlienVault * Public * TLP: White An attack on Apple’s operating system, which spread malware via sponsored search results, has been uncovered by security researcher Zhi, who was working with Objective-See, a group of independent researchers. Reference: https://objective-see.com/blog/blog_0x66.html Tags: cobalt strike, macos, iterm2, baidu, Fake App Malware Families: Mac , Cobalt Strike , iTerm2 , macOS Att&ck IDs: T1027 - Obfuscated Files or Information , T1055 - Process Injection , T1106 - Native API , T1036 - Masquerading , T1140 - Deobfuscate/Decode Files or Information , T1553 - Subvert Trust Controls , T1204 - User Execution Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (10) * Related Pulses (4) * Comments (0) * History (0) FileHash-SHA1 (5)Hostname (1)IPv4 (2)Domain (2) TYPES OF INDICATORS Hong Kong (2) THREAT INFRASTRUCTURE Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses domainkaidingle.comSep 16, 2021, 8:15:34 AM1 hostnameapps.mzstatics.comSep 16, 2021, 8:15:34 AM0 domainiterm2.netSep 16, 2021, 8:15:34 AM1 IPv447.75.96.198Sep 16, 2021, 8:15:34 AM3 IPv447.75.123.111Sep 16, 2021, 8:15:34 AM0 FileHash-SHA1a2651c95ed756d07fd204785072c951376010bd8Sep 16, 2021, 8:15:34 AM0 FileHash-SHA172ecd873c07b1f96b01bd461d091547f9dbcb2b7Sep 16, 2021, 8:15:34 AM0 FileHash-SHA125d288d95fe89ac82b17f5ba490df30356ad14b8Sep 16, 2021, 8:15:34 AM0 FileHash-SHA120acde856a043194595ed88ef7ae0b79191394f9Sep 16, 2021, 8:15:34 AM0 FileHash-SHA1184509b63ac25f3214e1bed52e9c4aa512a0fd9eSep 16, 2021, 8:15:34 AM0 SHOWING 1 TO 10 OF 10 ENTRIES COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2021 AlienVault, Inc. * Legal * Status