- CREATED 10 HOURS AGO by AlienVault
- Public
- TLP: White
Kaspersky has discovered a new campaign from the WildPressure threat actor. This campaign includes the C++ Milum Trojan, a corresponding VBScript variant and a set of modules that include an orchestrator and three plugins.
REFERENCE:https://securelist.com/wildpressure-targets-macos/103072/
TAGS:milum, wildpressure, macos, apt, tandis, python guard
ADVERSARY:WildPressure
MALWARE FAMILIES:Milum, Tandis, Python Guard
ATT&CK IDS:T1047 – Windows Management Instrumentation, T1140 – Deobfuscate/Decode Files or Information, T1547 – Boot or Logon Autostart Execution, T1059 – Command and Scripting Interpreter, T1407 – Download New Code at Runtime, T1041 – Exfiltration Over C2 Channel, T1070 – Indicator Removal on Host