SYMBOLCOMMON_NAMEaka. SYNONYMS
osx.manuscrypt (Back to overview)

Manuscrypt

Actor(s): Lazarus Group


There is no description at this point.

References
2021-03-21BlackberryBlackberry Research
@techreport{research:20210321:2021:a393473, author = {Blackberry Research}, title = {{2021 Threat Report}}, date = {2021-03-21}, institution = {Blackberry}, url = {https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-bb-2021-threat-report.pdf}, language = {English}, urldate = {2021-03-25} } 2021 Threat Report
Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot
2020-12-11PWC UKTwitter (@BitsOfBinary)
@online{bitsofbinary:20201211:macos:a00d112, author = {Twitter (@BitsOfBinary)}, title = {{Tweet on macOS Manuscypt samples}}, date = {2020-12-11}, organization = {PWC UK}, url = {https://twitter.com/BitsOfBinary/status/1337330286787518464}, language = {English}, urldate = {2020-12-14} } Tweet on macOS Manuscypt samples
Manuscrypt
2020-11-27Microstep Intelligence BureauMicrostep online research response team
@online{team:20201127:lazarus:9111581, author = {Microstep online research response team}, title = {{钱包黑洞:Lazarus 组织近期在加密货币方面的隐蔽攻击活动}}, date = {2020-11-27}, organization = {Microstep Intelligence Bureau}, url = {https://www.anquanke.com/post/id/223817}, language = {Chinese}, urldate = {2020-12-26} } 钱包黑洞:Lazarus 组织近期在加密货币方面的隐蔽攻击活动
Manuscrypt
2020-10-28Twitter (@BitsOfBinary)John
@online{john:20201028:macos:15c0a45, author = {John}, title = {{Tweet on macOS version of Manuscrypt}}, date = {2020-10-28}, organization = {Twitter (@BitsOfBinary)}, url = {https://twitter.com/BitsOfBinary/status/1321488299932983296}, language = {English}, urldate = {2020-12-03} } Tweet on macOS version of Manuscrypt
Manuscrypt
Yara Rules
[TLP:WHITE] osx_manuscrypt_w0 (20201203 | No description)
rule osx_manuscrypt_w0 {

    meta:
        author = "AT&T Alien Labs"
        sha256 = "ccb5dc3a0e55e640fab5d6b6ac823328700836bcbe6423632428a0ead7436caf"
        tlp = "WHITE"
        malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/osx.manuscrypt"
        malpedia_rule_date = "20201203"
        malpedia_hash = ""
        malpedia_version = "20201203"
        malpedia_sharing = "TLP:WHITE"
        malpedia_license = ""

   	strings:   
     		$s = { 436f6f6b69653a205f67613d25732530326425642564253032642573 }   
       condition:   
           all of them   
   }
Download all Yara Rules