216.73.217.50

Indicator (IOC)

yara Revoked AlienVault · Published 20/12/2025 19:39 · Modified 21/12/2025 00:45

Essential information

Value / Name
2c2d5167f156f4afb77dffcec0ad2869a095ee74
Confidence
100/100
Revoked
Yes
Valid from
22/06/2023 20:56
Valid until
24/09/2024 20:56
Pattern type
yara
Published
20/12/2025 19:39
Modified
21/12/2025 00:45
Author / Source
AlienVault

Description

No description.

Pattern

rule Macos_Hacktool_JokerSpy {   
       meta:   
           author = "Elastic Security"   
           creation_date = "2023-06-19"   
           last_modified = "2023-06-19"   
           os = "MacOS"   
           arch = "x86"   
           category_type = "Hacktool"   
           family = "JokerSpy"   
           threat_name = "Macos.Hacktool.JokerSpy"   
           reference_sample = "d895075057e491b34b0f8c0392b44e43ade425d19eaaacea6ef8c5c9bd3487d8"   
           license = "Elastic License v2"   
      
       strings:   
           $str1 = "ScreenRecording: NO" fullword   
           $str2 = "Accessibility: NO" fullword   
           $str3 = "Accessibility: YES" fullword   
           $str4 = "eck13XProtectCheck"   
           $str5 = "Accessibility: NO" fullword   
           $str6 = "kMDItemDisplayName = *TCC.db" fullword   
       condition:   
           5 of them   
   }

Labels / Tags

Labels: apache bitcoin hacktool jokerspy macos

Marking (TLP)

TLP:CLEAR

Related entities

No linked attack reports or intrusion sets yet.