OSX/DOK

#30285 by ynvb
Fri Apr 28, 2017 5:56 am

New Mac OSX campaign detected.
Uses naive techniques to install proxy on infected computer. Proxy redirects to attacker controlled server on .onion

Malware spreads via a SPAM campaign of unknwon source.
.onion server seems to currently be offline.

Full report:
http://blog.checkpoint.com/2017/04/27/o ... s-traffic/

Username

ynvb

Posts

Joined

Tue Feb 26, 2013 12:17 pm

Re: OSX/DOK

#30286 by maddog4012
Fri Apr 28, 2017 1:28 pm

sample attached

Attachments

OSX_DOK.A.zip

pw virus
(124.57 KiB) Downloaded 55 times

Username

maddog4012

Posts

Joined

Mon Aug 04, 2014 6:53 pm

Re: OSX/DOK

#30305 by ynvb
Fri May 05, 2017 5:51 am

A new variant, with new Apple Developer ID. Packed with UPX.

http://blog.checkpoint.com/2017/05/04/u ... -campaign/

3f0130cfd7bf61b8e8226dd4775319c7376a08ec019f9df12875e9ea55992e94
cd93142f1e0bac1d73235515bc127f5f9634eafde0bea2d6c294bf3549d612b7
4252e482c9801463e6f684c71f70cb64a17ae74957ed8986f2401c653acae1d7

Username

ynvb

Posts

Joined

Tue Feb 26, 2013 12:17 pm

Page 1 of 1
3 posts

Return to “Malware”

Display:

Sort by:

Jump to: