SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
iKitten
ID: S0278
Associated Software: OSX/MacDownloader
Type: MALWARE
Platforms: macOS
Version: 1.1
Created: 17 October 2018
Last Modified: 30 March 2020
Associated Software Descriptions
Name | Description |
---|---|
OSX/MacDownloader |
[1]. |
Techniques Used
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1560 | .001 | Archive Collected Data: Archive via Utility |
iKitten will zip up the /Library/Keychains directory before exfiltrating it.[1] |
Enterprise | T1037 | .004 | Boot or Logon Initialization Scripts: Rc.common |
iKitten adds an entry to the rc.common file for persistence.[1] |
Enterprise | T1555 | .001 | Credentials from Password Stores: Keychain | |
Enterprise | T1564 | .001 | Hide Artifacts: Hidden Files and Directories |
iKitten saves itself with a leading "." so that it's hidden from users by default.[1] |
Enterprise | T1056 | .002 | Input Capture: GUI Input Capture | |
Enterprise | T1057 | Process Discovery | ||
Enterprise | T1016 | System Network Configuration Discovery |
References
×