Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

iKitten

iKitten is a macOS exfiltration agent [1].

ID: S0278
Aliases: iKitten, OSX/MacDownloader
Type: MALWARE
Platforms: macOS

Version: 1.0

Alias Descriptions

NameDescription
iKitten[1].
OSX/MacDownloader[1].

Techniques Used

DomainIDNameUse
EnterpriseT1002Data CompressediKitten will zip up the /Library/Keychains directory before exfiltrating it.[1]
EnterpriseT1158Hidden Files and DirectoriesiKitten saves itself with a leading "." so that it's hidden from users by default.[1]
EnterpriseT1141Input PromptiKitten prompts the user for their credentials.[1]
EnterpriseT1142KeychainiKitten collects the keychains on the system.[1]
EnterpriseT1057Process DiscoveryiKitten lists the current processes running.[1]
EnterpriseT1163Rc.commoniKitten adds an entry to the rc.common file for persistence.[1]
EnterpriseT1016System Network Configuration DiscoveryiKitten will look for the current IP address.[1]

References