OSX/DOK

Forum for analysis and discussion about malware.

OSX/DOK

Postby ynvb » Fri Apr 28, 2017 5:56 am

New Mac OSX campaign detected.
Uses naive techniques to install proxy on infected computer. Proxy redirects to attacker controlled server on .onion

Malware spreads via a SPAM campaign of unknwon source.
.onion server seems to currently be offline.

Full report:
http://blog.checkpoint.com/2017/04/27/o ... s-traffic/
ynvb
 
Posts: 4
Joined: Tue Feb 26, 2013 12:17 pm
Reputation point: 0

Re: OSX/DOK

Postby maddog4012 » Fri Apr 28, 2017 1:28 pm

sample attached
You do not have the required permissions to view the files attached to this post.
User avatar
maddog4012
 
Posts: 54
Joined: Mon Aug 04, 2014 6:53 pm
Reputation point: 47

Re: OSX/DOK

Postby ynvb » Fri May 05, 2017 5:51 am

A new variant, with new Apple Developer ID. Packed with UPX.

http://blog.checkpoint.com/2017/05/04/u ... -campaign/

3f0130cfd7bf61b8e8226dd4775319c7376a08ec019f9df12875e9ea55992e94
cd93142f1e0bac1d73235515bc127f5f9634eafde0bea2d6c294bf3549d612b7
4252e482c9801463e6f684c71f70cb64a17ae74957ed8986f2401c653acae1d7
ynvb
 
Posts: 4
Joined: Tue Feb 26, 2013 12:17 pm
Reputation point: 0


Return to Malware

Who is online

Users browsing this forum: No registered users and 14 guests