{ "name": "GitCaught: Threat Actor Leverages GitHub Repository for Malicious Infrastructure", "slug": "gitcaught-threat-actor-leverages-github-repository-for-malicious-infrastructure", "description": "In recent research, Recorded Future's Insikt Group uncovered a sophisticated cybercriminal campaign led by Russian-speaking threat actors from the Commonwealth of Independent States (CIS). These threat actors leveraged a GitHub profile to impersonate legitimate software applications like 1Password, Bartender 5, and Pixelmator Pro to distribute various malware types, such as Atomic macOS Stealer (AMOS) and Vidar. This malicious activity highlights the abuse of trusted internet services to orchestrate cyberattacks that steal personal information.", "published": "2024-05-20T14:33:16+00:00", "created_at": "2024-05-20T14:33:16+00:00", "modified_at": "2024-05-20T14:38:34+00:00", "created_at_opencti": "2024-05-20T14:33:16+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-05-20" ], "related_entities": { "observables": [ { "id": "", "name": "81.31.245.209" }, { "id": "", "name": "77.246.158.48" }, { "id": "", "name": "5.42.65.108" }, { "id": "", "name": "5.42.64.83" }, { "id": "", "name": "5.42.64.45" }, { "id": "", "name": "49.13.89.149" }, { "id": "", "name": "45.61.137.213" }, { "id": "", "name": "31.41.244.77" }, { "id": "", "name": "195.85.115.195" }, { "id": "", "name": "193.149.189.199" }, { "id": "", "name": "188.120.227.9" }, { "id": "", "name": "185.215.113.55" }, { "id": "", "name": "140.82.20.165" }, { "id": "", "name": "95.217.234.153" }, { "id": "", "name": "5.42.65.114" }, { "id": "", "name": "185.172.128.132" }, { "id": "", "name": "http://github.com/papinyurii33" }, { "id": "", "name": "patrikbob100.fvds.ru" }, { "id": "", "name": "dekabristiney.fvds.ru" }, { "id": "", "name": "ultradelux.buzz" }, { "id": "", "name": "theoryapparatusjuko.fun" }, { "id": "", "name": "telephoneverdictyow.site" }, { "id": "", "name": "strainriskpropos.store" }, { "id": "", "name": "snuggleapplicationswo.fun" }, { "id": "", "name": "smallrabbitcrossing.site" }, { "id": "", "name": "skylum.store" }, { "id": "", "name": "sipapp.lat" }, { "id": "", "name": "setapp.ink" }, { "id": "", "name": "servicescraft.buzz" }, { "id": "", "name": "rize.lat" }, { "id": "", "name": "rainway.cloud" }, { "id": "", "name": "punchtelephoneverdi.store" }, { "id": "", "name": "pixelmator.us" }, { "id": "", "name": "password-app.pro" }, { "id": "", "name": "orbitpettystudio.fun" }, { "id": "", "name": "macbartender.lat" }, { "id": "", "name": "lightpillar.lat" }, { "id": "", "name": "iina-app.lat" }, { "id": "", "name": "figma.lat" }, { "id": "", "name": "cleanshot.ink" }, { "id": "", "name": "aptonic.xyz" }, { "id": "", "name": "pixelmator.pics" }, { "id": "", "name": "parallelsdesktop.pro" }, { "id": "", "name": "cleanmymac.pro" }, { "id": "", "name": "arcbrowser.pro" }, { "id": "", "name": "f83261fc31892d0e4eda20fb2f1107ca64d60f282abdcde58b4e8726b80382b4" }, { "id": "", "name": "cd39b0faa64702e596afc66fe32b467c478724a0fbda9fa8679f64927f34c1b2" }, { "id": "", "name": "cbbbd6b953b3e377662407c18a423225e214127707447c9c8318bc1e0863b82d" }, { "id": "", "name": "c301eb35ea5e8c216aa841c96aca078f7fe9950382de17ae928d5de02b586033" }, { "id": "", "name": "b1b162e0d066425bfa84ba6eacc976ba36a348c90d87901dc06bab55e26b5939" }, { "id": "", "name": "95aadba24cb01df8760f2d3f80ef29d2c452b43945a1ad22e29a0771c12f04f1" }, { "id": "", "name": "89ed92a03d1e8e2ff06e74a51a0dfabb4cbaa27794a2d2588015d219956a1e7b" }, { "id": "", "name": "824e35d8dd11acdcb3c48d8c66114eccb25c2fff2d8cb047cd5b4b6c22c481a7" }, { "id": "", "name": "7e0f9a359298e0822e7de42db933a5e1d6f46255b47e0d86dd4d16abad44f834" }, { "id": "", "name": "78ebf9dc8f62b49077393d2753746170e300f6ad7eb740c19ac449ae3d3ef8b1" }, { "id": "", "name": "7835e499d0030c850f7dd9b56d58ad7027f9bcda81348178ac029a22e0926da8" }, { "id": "", "name": "6f709406f88bde5a1622f42b2b22cfdb4fa03cf36d4f518df9c7ed9793f8ae9a" }, { "id": "", "name": "688636e7f11b16ef685115e84c98aa006fdb6e3dd72b2a7e984b41b57b8cd315" }, { "id": "", "name": "5db172c8d55088cfd5b3e148168f51e01893128b0ef35fbf971ec78d40354021" }, { "id": "", "name": "5a75c44fee834f08819ac3b3d114fb723fce11f4f15a2ac256af5b8d76d3c85e" }, { "id": "", "name": "4e1d26d3a7feb06780717a7d99ebac8b926b0dffd2234e2f2704aee3a1c39474" }, { "id": "", "name": "42c33e7d37c8af8713e9c2557a6c27b92ea9aff88d88adfe4d68796860b68f4e" }, { "id": "", "name": "40f50f931029048dd6f81fc07268a5ccd5714e637206f92dea2e5a847c67dd69" }, { "id": "", "name": "3534353639643261616165373137363333356136376266373265383637333666" }, { "id": "", "name": "3335366532396633346264303137363965376666616565313833623436353833" }, { "id": "", "name": "299f731437df0c0548275a35384f93ef9abfc2f020d507f4fe22f641abe5817c" }, { "id": "", "name": "17b52120268ceacf4a9d950d709b27aae11a5ddcbf60cbb9df340f0649c2849f" }, { "id": "", "name": "16dbfb956e720b0b7c3ba5364765859f2eb1a9bf246daeeae74fb3f0d8c911da" }, { "id": "", "name": "152cb8b36dd023d09c742a033e76b87c6e4c2f09f6d84757001f16705eab05e7" }, { "id": "", "name": "1383462f7f85b0a7c340f164472a7bd1dea39b23f674adc9999dca862346c3ef" }, { "id": "", "name": "107a3addcb5fd5550b1bcd7a1c41f8e11e3911078d47ce507697f2f2993ff6d2" }, { "id": "", "name": "0ae581638cedc98efb4d004a84ddd8397d1eab891fdfd836d27bd3ecf1d72c55" }, { "id": "", "name": "f81f1dfc07e5b84cd158ed24ec60ac43a2d2427835d4d1a21b8f8622b7b706a6" }, { "id": "", "name": "705b899bcf83311187021a29369e5344bf4477579a3e7485055d1fe8e0efcbb3" }, { "id": "", "name": "401c113bc24701e80468047974c19c3b7936e4d34a6625ce996c12d1639de3ba" }, { "id": "", "name": "3805cb7589da01a978e899fd4a051adec083c8543343ce637e448716cbbbcef1" } ], "malware": [ { "id": "legacy:malware:6e1cc60e25630284", "name": "Octo", "slug": "octo" }, { "id": "legacy:malware:e887974363cd7a08", "name": "Lumma Stealer", "slug": "lumma-stealer" }, { "id": "legacy:malware:eb01d8f828a6c9a2", "name": "AMOS", "slug": "amos" }, { "id": "2c582ed8-35df-4ef9-917d-994e214aa5f9", "name": "Vidar", "slug": "vidar" } ], "attack_patterns": [ { "id": "79525d9e-3824-4347-a471-7dcea20fd864", "name": "T1583.006" }, { "id": "88fd8eb3-cc2d-4ff0-92ff-d047dafc7855", "name": "T1592.002" }, { "id": "d19f56ca-5ce8-4bd1-af90-7d83e394470c", "name": "T1583.001" }, { "id": "ea8c69fc-e735-4ded-8480-4c3564beace6", "name": "T1589.001" }, { "id": "e615d5ec-8d67-4048-b21d-a5fb09925bb9", "name": "T1552.001" }, { "id": "d955a391-6fd0-4eb2-8767-973c39c761e0", "name": "T1120" }, { "id": "6f00068c-812c-4e2b-9100-2cfa86b3aed9", "name": "T1132.001" }, { "id": "5e3b3612-8bf8-46e1-943e-b4c1524bef11", "name": "T1587" }, { "id": "7f00bfa7-4116-4294-a80f-724681b7ce85", "name": "T1202" }, { "id": "7911f1c3-e86b-4e33-afea-9a054b0295dc", "name": "T1222" }, { "id": "93b2c4dd-5523-4464-8976-78754ee372fd", "name": "T1012" }, { "id": "2e0c6db7-16a7-4bf6-992e-263474014fce", "name": "T1059.004" }, { "id": "3245033a-53c4-454c-873a-fb653af0bf8a", "name": "T1552" }, { "id": "392fef6c-4d5d-4280-bad6-b78751569e7f", "name": "T1222.002" }, { "id": "46ecf5ab-5539-4a8a-aa5b-c180d0ae5a67", "name": "T1059.002" }, { "id": "97d377d8-89c7-48f8-a79f-0f48bd60df74", "name": "T1005" }, { "id": "b9a3b4f8-b9c0-4ed8-bf5e-bf759b9804d6", "name": "T1564" }, { "id": "70616b2f-4019-4963-b758-5d9f6f20e201", "name": "T1082" }, { "id": "c473a756-355a-42ad-a0df-cd3a8fa006d1", "name": "T1057" }, { "id": "bb20a9e1-f4f6-459d-94f4-470c6867dc2d", "name": "T1053" }, { "id": "09124a92-c11f-4571-b35b-ab0bce6dd081", "name": "T1112" }, { "id": "fa3b8b48-d97c-4242-83a6-07d435a5a79e", "name": "T1041" }, { "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221", "name": "T1059" } ] }, "external_refs": [ "https://www.recordedfuture.com/gitcaught-threat-actor-leverages-github-repository-for-malicious-infrastructure", "https://otx.alienvault.com/pulse/664b7b4d9a73d574f7411803" ] }