Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1123 | Audio Capture |
Janicab captured audio and sent it out to a C2 server.[2][1] |
|
Enterprise | T1053 | .003 | Scheduled Task/Job: Cron | |
Enterprise | T1113 | Screen Capture |
Janicab captured screenshots and sent them out to a C2 server.[2][1] |
|
Enterprise | T1553 | .002 | Subvert Trust Controls: Code Signing |
Janicab used a valid AppleDeveloperID to sign the code to get past security restrictions.[1] |