Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit
Essential information
- Published
- 03/03/2026 15:42
- Modified
- 03/03/2026 16:45
- Tags
- 2026-03-03 CVE-2020-27932 CVE-2020-27950 CVE-2021-30952 CVE-2022-48503 CVE-2023-32409 CVE-2023-32434 CVE-2023-38606 CVE-2023-41974 CVE-2023-43000 CVE-2024-23222 CVE-2024-23225 CVE-2024-23296 coruna cryptocurrency exploit-kit financial theft ios plasmagrid surveillance zero-day
- Related entities
- 12 vulnerabilities (cve), 77 observables, 1 intrusion sets (apt), 14 techniques (mitre), 2 malware, 60 others
Description
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (12)
Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.
- Attack vector
- LOCAL
- Published
- 10/01/2024
- Modified
- 15/03/2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, …
- Attack vector
- NETWORK
- Published
- 05/11/2025
- Modified
- 15/03/2026
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted …
- Attack vector
- Network
- Complexity
- LOW
- Published
- 23/01/2024
- Modified
- 04/04/2026
Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges.
- Attack vector
- Local
- Published
- 23/06/2023
- Modified
- 03/03/2026
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out …
- Attack vector
- Network
- Published
- 22/05/2023
- Modified
- 03/03/2026
Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and …
- Attack vector
- Local
- Complexity
- LOW
- Published
- 05/03/2024
- Modified
- 04/04/2026
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state.
- Attack vector
- Local
- Published
- 26/07/2023
- Modified
- 21/12/2025
Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory.
- Published
- 03/11/2021
- Modified
- 03/03/2026
Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web …
- Attack vector
- LOCAL
- Published
- 24/08/2021
- Modified
- 10/03/2026
Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel …
- Published
- 03/11/2021
- Modified
- 03/03/2026
Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary …
- Attack vector
- Network
- Published
- 20/10/2025
- Modified
- 03/03/2026
Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read …
- Attack vector
- Local
- Complexity
- LOW
- Published
- 05/03/2024
- Modified
- 04/04/2026
Observables (77)
-
https://ajskbnrs.xn--jor0b302fdhgwnccw8g.com/gogo/list.html -
https://iphonex.mjdqw.cn/tuiliu/group.html -
https://www.appstoreconn.com/xmweb/group.html -
https://dbgopaxl.com/static/goindex/tuiliu/group.html -
https://share.4u.game/group.html -
https://osec2.668ddf.cc/tuiliu/group.html -
https://pepeairdrop01.com/static/analytics.html -
https://w2a315.tubeluck.com/static/goindex/tuiliu/group.html -
https://anygg.liquorfight.com/88k4ez/group.html -
https://sj9ioz3a7y89cy7.xyz/list.html -
https://lddx3z2d72aa8i6.xyz/group.html -
https://i.binaner.com/group.html
Intrusion sets (APT) (1)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Techniques (MITRE) (14)
-
Virtualization/Sandbox Evasion MITRE
-
Input Capture MITRE
-
Process Injection MITRE
-
Credentials from Password Stores MITRE
-
Software Discovery MITRE
-
Native API MITRE
-
Acquire Infrastructure MITRE
-
Exploit Public-Facing Application MITRE
-
Remote Access Tools MITRE
-
Command and Scripting Interpreter MITRE
-
File and Directory Discovery MITRE
-
Stage Capabilities MITRE
Malware (2)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Others (60)
-
Ukraine
-
Finance
-
goodcryptocurrency.top
-
2s3b3rknfqtwwpo.xyz
-
hui4tbh9uv9x4yi.xyz
-
ose.668ddf.cc
-
ztvnhmhm4zj95w3.xyz
-
ai-scorepredict.com
-
roy2tlop2u.xyz
-
btrank.top
-
pen0axt0u476duw.xyz
-
fxrhcnfwxes90q.xyz