SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Janicab
Janicab is an OS X trojan that relied on a valid developer ID and oblivious users to install it. [1]
ID: S0163
ⓘ
Type: MALWARE
ⓘ
Platforms: macOS
Version: 1.1
Created: 14 December 2017
Last Modified: 19 March 2020
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1123 | Audio Capture |
Janicab captured audio and sent it out to a C2 server.[2][1] |
|
| Enterprise | T1053 | .003 | Scheduled Task/Job: Cron |
Janicab used a cron job for persistence on Mac devices.[1] |
| Enterprise | T1113 | Screen Capture |
Janicab captured screenshots and sent them out to a C2 server.[2][1] |
|
| Enterprise | T1553 | .002 | Subvert Trust Controls: Code Signing |
Janicab used a valid AppleDeveloperID to sign the code to get past security restrictions.[1] |
References
- Thomas. (2013, July 15). New signed malware called Janicab. Retrieved July 17, 2017.
×