MacMa
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 06/05/2022 03:29
- Modified
- 27/03/2026 01:06
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 60 attack patterns (mitre), 2 intrusion sets (apt), 4 countries, 17 indicators, 3 vulnerabilities (cve)
Aliases
OSX.CDDS DazzleSpy
Description
[MacMa](https://attack.mitre.org/software/S1016) is a macOS-based backdoor with a large set of functionalities to control and exfiltrate files from a compromised computer. [MacMa](https://attack.mitre.org/software/S1016) has been observed in the wild since November 2021.(Citation: ESET DazzleSpy Jan 2022) [MacMa](https://attack.mitre.org/software/S1016) shares command and control and unique libraries with [MgBot](https://attack.mitre.org/software/S1146) and [Nightdoor](https://attack.mitre.org/software/S1147), indicating a relationship with the [Daggerfly](https://attack.mitre.org/groups/G1034) threat actor.(Citation: Symantec Daggerfly 2024)
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.