SYMBOLCOMMON_NAMEaka. SYNONYMS
osx.imuler (Back to overview)

iMuler

aka: Revir

The threat was a multi-stage malware displaying a decoy that appeared to the victim as a Chinese language article on the long-running dispute over the Diaoyu Islands; an array of erotic pictures; or images of Tibetan organisations. It consisted of two stages: Revir was the dropper/downloader and Imuler was the backdoor capable of the following operations:

- capture screenshots
- exfiltrate files to a remote computer
- send various information about the infected computer
- extract ZIP archive
- download files from a remote computer and/or the Internet
- run executable files

References
2012-11-14Contagiodump BlogMila Parkour
@online{parkour:20121114:photoszip:07d9915, author = {Mila Parkour}, title = {{Group Photos.zip OSX/Revir | OSX/iMuler samples March 2012-November 2012}}, date = {2012-11-14}, organization = {Contagiodump Blog}, url = {http://contagiodump.blogspot.com/2012/11/group-photoszip-osxrevir-osximuler.html}, language = {English}, urldate = {2019-12-20} } Group Photos.zip OSX/Revir | OSX/iMuler samples March 2012-November 2012
iMuler
2012-11-13SophosGraham Cluley
@online{cluley:20121113:new:627d122, author = {Graham Cluley}, title = {{New variant of Mac Trojan discovered, targeting Tibet}}, date = {2012-11-13}, organization = {Sophos}, url = {https://nakedsecurity.sophos.com/2012/11/13/new-mac-trojan/}, language = {English}, urldate = {2020-01-08} } New variant of Mac Trojan discovered, targeting Tibet
iMuler
2012-03-16ESET ResearchAlexis Dorais-Joncas
@online{doraisjoncas:20120316:osximuler:badbc2e, author = {Alexis Dorais-Joncas}, title = {{OSX/Imuler updated: still a threat on Mac OS X}}, date = {2012-03-16}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2012/03/16/osximuler-updated-still-a-threat-on-mac-os-x/}, language = {English}, urldate = {2019-11-14} } OSX/Imuler updated: still a threat on Mac OS X
iMuler

There is no Yara-Signature yet.