XAgentOSX
Associated Software Descriptions |
|
| Name | Description |
|---|---|
| OSX.Sofacy | (Citation: Symantec APT28 Oct 2018) |
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .002 | Application Layer Protocol: File Transfer Protocols |
XAgentOSX contains the ftpUpload function to use the FTPManager:uploadFile method to upload files from the target system.(Citation: XAgentOSX 2017) |
| Enterprise | T1555 | .003 | Credentials from Password Stores: Credentials from Web Browsers |
XAgentOSX contains the getFirefoxPassword function to attempt to locate Firefox passwords.(Citation: XAgentOSX 2017) |
| Enterprise | T1070 | .004 | Indicator Removal: File Deletion |
XAgentOSX contains the deletFileFromPath function to delete a specified file using the NSFileManager:removeFileAtPath method.(Citation: XAgentOSX 2017) |
| Enterprise | T1056 | .001 | Input Capture: Keylogging |
XAgentOSX contains keylogging functionality that will monitor for active application windows and write them to the log, it can handle special characters, and it will buffer by default 50 characters before sending them out over the C2 infrastructure.(Citation: XAgentOSX 2017) |
Groups That Use This Software |
||
| ID | Name | References |
|---|---|---|
| G0007 | APT28 |
(Citation: XAgentOSX 2017) (Citation: Symantec APT28 Oct 2018) (Citation: US District Court Indictment GRU Oct 2018) |
References
- Robert Falcone. (2017, February 14). XAgentOSX: Sofacy's Xagent macOS Tool. Retrieved July 12, 2017.
- Symantec Security Response. (2018, October 04). APT28: New Espionage Operations Target Military and Government Organizations. Retrieved November 14, 2018.
- Brady, S . (2018, October 3). Indictment - United States vs Aleksei Sergeyevich Morenets, et al.. Retrieved October 1, 2020.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.