Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Bundlore

Bundlore is adware written for macOS that has been in use since at least 2015. Though categorized as adware, Bundlore has many features associated with more traditional backdoors.(Citation: MacKeeper Bundlore Apr 2019)

ID: S0482

Associated Software: OSX.Bundlore

Type: MALWARE

Platforms: Windows

Version: 1.1

Created: 01 Jul 2020

Last Modified: 10 Feb 2022

Name	Description
Associated Software Descriptions
OSX.Bundlore	(Citation: MacKeeper Bundlore Apr 2019)

Domain	ID		Name	Use
Techniques Used
Enterprise	T1098	.004	Account Manipulation: SSH Authorized Keys	Bundlore creates a new key pair with `ssh-keygen` and drops the newly created user key in `authorized_keys` to enable remote login.(Citation: MacKeeper Bundlore Apr 2019)
Enterprise	T1071	.001	Application Layer Protocol: Web Protocols	Bundlore uses HTTP requests for C2.(Citation: MacKeeper Bundlore Apr 2019)
Enterprise	T1059	.002	Command and Scripting Interpreter: AppleScript	Bundlore can use AppleScript to inject malicious JavaScript into a browser.(Citation: MacKeeper Bundlore Apr 2019)
		.004	Command and Scripting Interpreter: Unix Shell	Bundlore has leveraged /bin/sh and /bin/bash to execute commands on the victim machine.(Citation: MacKeeper Bundlore Apr 2019)
		.006	Command and Scripting Interpreter: Python	Bundlore has used Python scripts to execute payloads.(Citation: MacKeeper Bundlore Apr 2019)
		.007	Command and Scripting Interpreter: JavaScript	Bundlore can execute JavaScript by injecting it into the victim's browser.(Citation: MacKeeper Bundlore Apr 2019)
Enterprise	T1543	.001	Create or Modify System Process: Launch Agent	Bundlore can persist via a LaunchAgent.(Citation: MacKeeper Bundlore Apr 2019)
		.004	Create or Modify System Process: Launch Daemon	Bundlore can persist via a LaunchDaemon.(Citation: MacKeeper Bundlore Apr 2019)
Enterprise	T1222	.002	File and Directory Permissions Modification: Linux and Mac File and Directory Permissions Modification	Bundlore changes the permissions of a payload using the command `chmod -R 755`.(Citation: 20 macOS Common Tools and Techniques)
Enterprise	T1562	.001	Impair Defenses: Disable or Modify Tools	Bundlore can change browser security settings to enable extensions to be installed. Bundlore uses the `pkill cfprefsd` command to prevent users from inspecting processes.(Citation: MacKeeper Bundlore Apr 2019)(Citation: 20 macOS Common Tools and Techniques)
Enterprise	T1056	.002	Input Capture: GUI Input Capture	Bundlore prompts the user for their credentials.(Citation: MacKeeper Bundlore Apr 2019)
Enterprise	T1036	.005	Masquerading: Match Legitimate Name or Location	Bundlore has disguised a malicious .app file as a Flash Player update.(Citation: MacKeeper Bundlore Apr 2019)
Enterprise	T1204	.002	User Execution: Malicious File	Bundlore has attempted to get users to execute a malicious .app file that looks like a Flash Player update.(Citation: MacKeeper Bundlore Apr 2019)

References

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

Bundlore

Associated Software Descriptions

Techniques Used

References