S0277 FruitFly
FruitFly is designed to spy on mac users 1.
| Item | Value |
|---|---|
| ID | S0277 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.2 |
| Created | 17 October 2018 |
| Last Modified | 22 March 2023 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1543 | Create or Modify System Process | - |
| enterprise | T1543.001 | Launch Agent | FruitFly persists via a Launch Agent.1 |
| enterprise | T1083 | File and Directory Discovery | FruitFly looks for specific files and file types.1 |
| enterprise | T1564 | Hide Artifacts | - |
| enterprise | T1564.001 | Hidden Files and Directories | FruitFly saves itself with a leading “.” to make it a hidden file.1 |
| enterprise | T1070 | Indicator Removal | - |
| enterprise | T1070.004 | File Deletion | FruitFly will delete files on the system.1 |
| enterprise | T1027 | Obfuscated Files or Information | - |
| enterprise | T1027.010 | Command Obfuscation | FruitFly executes and stores obfuscated Perl scripts.1 |
| enterprise | T1057 | Process Discovery | FruitFly has the ability to list processes on the system.1 |
| enterprise | T1113 | Screen Capture | FruitFly takes screenshots of the user’s desktop.1 |