Shares tag: macOS • Shares 4 IOCs • Same author: Objective-see
The Mac Malware of 2019
2020-01-01 • Objective-see •
Objective-See’s Mac malware year-in-review covered several macOS threats from 2019, including Lazarus-linked activity against cryptocurrency businesses. The source notes Lazarus group backdoors and CookieMiner-style activity that used launch agents for persistence and attempted to exfiltrate data to attacker-controlled command infrastructure. The report is a broad macOS malware survey rather than a single campaign write-up, but it preserves useful context on DPRK-linked macOS targeting of cryptocurrency users and businesses. Defenders can use it to map persistence, backdoor, and miner behaviors observed across macOS malware families from that period.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | 55554944ee2cb96a1f5132ce8788c3f… | 2019-12-03 | 2023-04-01 |
| DOMAIN | beastgoc.com | 2019-10-12 | 2021-02-18 |
| DOMAIN | unioncrypto.vip | 2019-12-03 | 2021-02-17 |
| URL | https://www.unioncrypto.vip/dow… | 2019-12-03 | 2021-02-17 |
| HASH | 6588d262529dc372c400bef8478c2eec | 2019-12-03 | 2020-02-22 |
| URL | https://unioncrypto.vip/update | 2019-12-03 | 2020-02-22 |
| URL | https://unioncrypto.vip/ | 2019-12-03 | 2020-02-22 |
| HASH | 3d0d7e5fb2ce288813306e4d4636395… | 2020-01-01 | 2020-01-01 |
| HASH | b639bca429778d24bda4f4a40c1bbc6… | 2020-01-01 | 2020-01-01 |
| HASH | 23017a55b3d25a2597b7148214fd8fb… | 2020-01-01 | 2020-01-01 |
| URL | http://usb.mine.nu/a.plist | 2020-01-01 | 2020-01-01 |
| URL | http://zr.webhop.org:1337 | 2020-01-01 | 2020-01-01 |
| URL | https://nzssdm.com/assets/mt.da… | 2020-01-01 | 2020-01-01 |
| URL | https://nzssdm.com/assets/mt.dat | 2020-01-01 | 2020-01-01 |
| URL | http://owpqkszz.info/link.php | 2020-01-01 | 2020-01-01 |
| URL | http://usb.mine.nu/ | 2020-01-01 | 2020-01-01 |
| URL | http://usb.mine.nu/p.php | 2020-01-01 | 2020-01-01 |
| URL | http://zr.webhop.org | 2020-01-01 | 2020-01-01 |
| URL | http://people.ds.cam.ac.uk/nm60… | 2020-01-01 | 2020-01-01 |
| URL | http://usb.mine.nu/c.sh | 2020-01-01 | 2020-01-01 |
| DOMAIN | usb.mine.nu | 2020-01-01 | 2020-01-01 |
| DOMAIN | zr.webhop.org | 2020-01-01 | 2020-01-01 |
| DOMAIN | message-whatsapp.com | 2020-01-01 | 2020-01-01 |
| IPv4 | 185.49.69.210 | 2020-01-01 | 2020-01-01 |
| IPv4 | 69.195.124.206 | 2020-01-01 | 2020-01-01 |
| IPv4 | 46.226.108.171 | 2020-01-01 | 2020-01-01 |
| HASH | 8d204e5b7ae08e80b728de675aeb8cc… | 2019-12-03 | 2020-01-01 |
| HASH | a8096ddf8758a79fdf68753190c6216a | 2019-11-04 | 2020-01-01 |
| URL | https://www.jmttrading.org/ | 2019-10-12 | 2020-01-01 |
| URL | https://beastgoc.com/grepmonux.… | 2019-10-12 | 2020-01-01 |
| URL | https://appstockfolio.com/panel… | 2019-09-20 | 2020-01-01 |
| DOMAIN | appstockfolio.com | 2019-09-20 | 2020-01-01 |
| DOMAIN | owpqkszz.info | 2019-09-20 | 2020-01-01 |
| IPv4 | 193.37.212.176 | 2019-09-20 | 2020-01-01 |
| URL | https://towingoperations.com/ch… | 2019-03-26 | 2020-01-01 |
| URL | https://www.tangowithcolette.co… | 2019-03-26 | 2020-01-01 |
| URL | https://baseballcharlemagnelega… | 2019-03-26 | 2020-01-01 |
| DOMAIN | nzssdm.com | 2019-03-26 | 2020-01-01 |
| DOMAIN | towingoperations.com | 2019-03-26 | 2020-01-01 |
| DOMAIN | baseballcharlemagnelegardeur.com | 2019-03-26 | 2020-01-01 |
| IPv4 | 89.34.111.113 | 2019-03-26 | 2020-01-01 |
Related Reports
Shares tag: macOS • Published within a month
Shares tag: macOS • Same author: Objective-see
Shares tag: macOS • Same author: Objective-see
Shares tag: macOS • Same author: Objective-see
Shares tag: macOS • Same author: Objective-see