General

  • Target

    https://bitbucket.org/crypto-oasis-web3/socifi-mvp-v1/src/main/

  • Sample

    241113-nhc8ss1cjd

Malware Config

Targets

    • Target

      https://bitbucket.org/crypto-oasis-web3/socifi-mvp-v1/src/main/

    • Exfiltration Over Alternative Protocol

      Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel.

    • File Permission

      Adversaries may modify file permissions/attributes to evade access control lists (ACLs) and access protected files.

    • Queries the macOS version information.

      An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.

    • Legitimate hosting services abused for malware hosting/C2

    • File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.

MITRE ATT&CK Enterprise v15

Tasks