Dok

Dok steals banking information through man-in-the-middle [1].

ID: S0281
Associated Software: Retefe

Type: MALWARE
Platforms: macOS

Version: 1.0

Associated Software Descriptions

NameDescription
Retefe[1].

Techniques Used

DomainIDNameUse
EnterpriseT1155AppleScriptDok uses AppleScript to create a login item for persistence.[1]
EnterpriseT1141Input PromptDok prompts the user for credentials.[1]
EnterpriseT1130Install Root CertificateDok installs a root certificate to aid in man-in-the-middle actions.[1]
EnterpriseT1159Launch AgentDok persists via a Launch Agent.[1]
EnterpriseT1162Login ItemDok persists via a login item.[1]
EnterpriseT1188Multi-hop ProxyDok downloads and installs Tor via homebrew.[1]

References