216.73.216.170

MacMa

The MITRE Corporation · Published 06/05/2022 03:29 · Modified 27/03/2026 01:06 Family

Essential information

Confidence
100/100
Is family
Yes
Published
06/05/2022 03:29
Modified
27/03/2026 01:06
Revoked
No
Author / Source
The MITRE Corporation
Related entities
60 attack patterns (mitre), 2 intrusion sets (apt), 4 countries, 17 indicators, 3 vulnerabilities (cve)

Aliases

OSX.CDDS DazzleSpy

Description

[MacMa](https://attack.mitre.org/software/S1016) is a macOS-based backdoor with a large set of functionalities to control and exfiltrate files from a compromised computer. [MacMa](https://attack.mitre.org/software/S1016) has been observed in the wild since November 2021.(Citation: ESET DazzleSpy Jan 2022) [MacMa](https://attack.mitre.org/software/S1016) shares command and control and unique libraries with [MgBot](https://attack.mitre.org/software/S1146) and [Nightdoor](https://attack.mitre.org/software/S1147), indicating a relationship with the [Daggerfly](https://attack.mitre.org/groups/G1034) threat actor.(Citation: Symantec Daggerfly 2024)

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references