Skip to content

S0077 CallMe

CallMe is a Trojan designed to run on Apple OSX. It is based on a publicly available tool called Tiny SHell. 1

Item Value
ID S0077
Associated Names
Version 1.1
Created 31 May 2017
Last Modified 30 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1059 Command and Scripting Interpreter -
enterprise T1059.004 Unix Shell CallMe has the capability to create a reverse shell on victims.1
enterprise T1573 Encrypted Channel -
enterprise T1573.001 Symmetric Cryptography CallMe uses AES to encrypt C2 traffic.1
enterprise T1041 Exfiltration Over C2 Channel CallMe exfiltrates data to its C2 server over the same protocol as C2 communications.1
enterprise T1105 Ingress Tool Transfer CallMe has the capability to download a file to the victim from the C2 server.1

Groups That Use This Software

ID Name References
G0029 Scarlet Mimic 1


Back to top