{
  "name": "Malware: Behaves Like Cross Between Infostealer and Spyware",
  "slug": "malware-behaves-like-cross-between-infostealer-and-spyware",
  "description": "On April 24, 2024, we found a previously undetected malicious Mach-O binary programmed to behave like a cross between spyware and an infostealer. We have named the malware Cuckoo, after the bird that lays its eggs in the nests of other birds and steals the host's resources for the gain of its young.",
  "published": "2024-05-03T08:31:41+00:00",
  "created_at": "2024-05-03T08:31:41+00:00",
  "modified_at": "2024-05-03T08:50:18+00:00",
  "created_at_opencti": "2024-05-03T08:31:41+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-05-03",
    "cuckoo",
    "infostealer",
    "spyware"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "146.70.80.123"
      },
      {
        "id": "",
        "name": "http://tunesolo.com"
      },
      {
        "id": "",
        "name": "http://tunesfun.com"
      },
      {
        "id": "",
        "name": "http://tunefab.com"
      },
      {
        "id": "",
        "name": "http://fonedog.com"
      },
      {
        "id": "",
        "name": "http://dumpmedia.com"
      },
      {
        "id": "",
        "name": "dumpmedia.com"
      },
      {
        "id": "",
        "name": "fonedog.com"
      },
      {
        "id": "",
        "name": "tunesolo.com"
      },
      {
        "id": "",
        "name": "tunefab.com"
      },
      {
        "id": "",
        "name": "tunesfun.com"
      },
      {
        "id": "",
        "name": "d8c3c7eedd41b35a9a30a99727b9e0b47e652b8f601b58e2c20e2a7d30ce14a8"
      },
      {
        "id": "",
        "name": "a709dacc4d741926a7f04cad40a22adfc12dd7406f016dd668dd98725686a2dc"
      },
      {
        "id": "",
        "name": "7a45639f768144799d608a4bbabf144fc1e3c016a7d665775c6314a0c71540f1"
      },
      {
        "id": "",
        "name": "39f1224d7d71100f86651012c87c181a545b0a1606edc49131730f8c5b56bdb7"
      },
      {
        "id": "",
        "name": "702fee1d3836cc14102ec2dfbf1e6706c2e359a8e38403d82789ba7d717cfc77"
      },
      {
        "id": "",
        "name": "1827db474aa94870aafdd63bdc25d61799c2f405ef94e88432e8e212dfa51ac7"
      },
      {
        "id": "",
        "name": "254663d6f4968b220795e0742284f9a846f995ba66590d97562e8f19049ffd4b"
      }
    ],
    "malware": [
      {
        "id": "84cbf070-23dc-4898-ae6f-22d072f8850c",
        "name": "Cuckoo",
        "slug": "cuckoo"
      }
    ],
    "attack_patterns": [
      {
        "id": "3645c785-310f-40a0-8db8-cdb47f81389c",
        "name": "T1081"
      },
      {
        "id": "436e795b-553f-444e-b837-65818d8f539f",
        "name": "T1119"
      },
      {
        "id": "1e73eaa9-ea78-444b-b3a3-5842f5d35115",
        "name": "T1074"
      },
      {
        "id": "93b2c4dd-5523-4464-8976-78754ee372fd",
        "name": "T1012"
      },
      {
        "id": "a72b6e11-a5d5-4f5a-8f0d-8861e90c34f7",
        "name": "T1555"
      },
      {
        "id": "8e0fea81-4d54-4e88-a7dd-3aa8b26558ed",
        "name": "T1113"
      },
      {
        "id": "70616b2f-4019-4963-b758-5d9f6f20e201",
        "name": "T1082"
      },
      {
        "id": "45082a8e-9c79-470e-ad1b-decac7188e8f",
        "name": "T1083"
      },
      {
        "id": "81ee4813-4f68-4984-bec1-980d7c5b56eb",
        "name": "T1132"
      },
      {
        "id": "5b7c66d1-0466-4ba7-af6f-eb82c2f9d05b",
        "name": "T1033"
      },
      {
        "id": "31d29704-da1c-47ea-b93f-76d368813bdf",
        "name": "T1560"
      },
      {
        "id": "0b2b1ecd-d52e-492a-af08-050954bc03e5",
        "name": "T1056"
      }
    ]
  },
  "external_refs": [
    "https://blog.kandji.io/malware-cuckoo-infostealer-spyware",
    "https://otx.alienvault.com/pulse/6634bd0d6056f4ec3dd86b82"
  ]
}