ET MALWARE MacOS/XLOADER Domain in DNS Lookup (www .activ-ketodietakjsy620 .cloud)

SID: 2047693Rev: 24 viewsHistory

Sourceet/open

CreatedAugust 22, 2023

UpdatedOctober 1, 2024

Classificationtrojan-activity

alert dns $HOME_NET any -> any any (msg:"ET MALWARE MacOS/XLOADER Domain in DNS Lookup (www .activ-ketodietakjsy620 .cloud)"; dns.query; bsize:32; content:"www.activ-ketodietakjsy620.cloud"; nocase; reference:url,www.sentinelone.com/blog/xloaders-latest-trick-new-macos-variant-disguised-as-signed-officenote-app/; classtype:trojan-activity; sid:2047693; rev:2; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, created_at 2023_08_22, deployment Perimeter, malware_family MACOS_XLOADER, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_10_01, reviewed_at 2024_10_01;)

References

url	www.sentinelone.com/blog/xloaders-latest-trick-new-macos-variant-disguised-as-signed-officenote-app/

Metadata

affected productMac_OSX

attack targetClient_Endpoint

created at2023_08_22

deploymentPerimeter

malware familyMACOS_XLOADER

performance impactLow

confidenceHigh

signature severityMajor

updated at2024_10_01

reviewed at2024_10_01

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!