3월 2, 2023
SentinelOne VS Honkbox Cryptominer – macOS – Protection
Honkbox is a novel piece of macOS malware in a number of ways. Its use of I2P for tunneling and, in the recent variants, its lack of a ‘traditional’ persistence mechanism show the authors prize stealth. The use of multiple detection evasion techniques and masquerades attempt to hide it from users even if they become suspicous. In addition, as some components of this multi-stage malware were not previously documented, it’s possible that some detection solutions may still have to catch up.
SentinelOne fully detects the Honkbox cryptominer and security teams are advised to review the indicators listed below. For more information about how SentinelOne can help protect your macOS fleet, contact us or request a demo.
MITRE ATT&CK
T1036 Process executable has a file extension which is uncommon
T1064 Executes commands using a shell commandline interpreter
T1070.004 Executes the “rm” command to delete files or directories
T1082 Reads the systems hostname
T1095 Performs DNS lookups
T1222 Executes the “chmod” command used to modify permissions
T1564 Executes the “mktemp” command to create a temporary unique file name
T1564.001 Creates and executes hidden MachO files
For Indicators of Compromise, visit https://www.sentinelone.com/blog/hunting-for-honkbox-multistage-macos-cryptominer-may-still-be-hiding/
관련 리소스
데이터시트
Singularity™ Complete AI 지원 엔드포인트와 클라우드 보안
점점 더 복잡해지는 보안 아키텍처와 데이터 소스, 제한된 리소스, 더욱 정교해지는 공격에 직면한 보안 팀은 AI 지원 공격 세례에 대비하느라…
지금 읽기
Resource
SentinelOne PartnerOne - America's 2025
⛳️ Last week in Pebble Beach the America's best cybersecurity partners came together for our annual PartnerOne summit. Check out…
View Asset