CallMe

CallMe is a Trojan designed to run on Apple OSX. It is based on a publicly available tool called Tiny SHell. [1]

ID: S0077
Type: MALWARE
Platforms: macOS
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1059 Command-Line Interface

CallMe has the capability to create a reverse shell on victims.[1]

Enterprise T1041 Exfiltration Over Command and Control Channel

CallMe exfiltrates data to its C2 server over the same protocol as C2 communications.[1]

Enterprise T1105 Remote File Copy

CallMe has the capability to download a file to the victim from the C2 server.[1]

Enterprise T1032 Standard Cryptographic Protocol

CallMe uses AES to encrypt C2 traffic.[1]

Groups That Use This Software

ID Name References
G0029 Scarlet Mimic [1]

References