Malware: Calisto

Description

[Calisto](https://attack.mitre.org/software/S0274) is a macOS Trojan that opens a backdoor on the compromised machine. [Calisto](https://attack.mitre.org/software/S0274) is believed to have first been developed in 2016. (Citation: Securelist Calisto July 2018) (Citation: Symantec Calisto July 2018)

External References

• mitre-attack
• Securelist Calisto July 2018
• Symantec Calisto July 2018

Techniques Used by This Malware

• T1005 — Data from Local System
• T1016 — System Network Configuration Discovery
• T1036.005 — Match Legitimate Resource Name or Location
• T1056.002 — GUI Input Capture
• T1070.004 — File Deletion
• T1074.001 — Local Data Staging
• T1098 — Account Manipulation
• T1105 — Ingress Tool Transfer
• T1136.001 — Local Account
• T1217 — Browser Information Discovery
• T1543.001 — Launch Agent
• T1555.001 — Keychain
• T1560.001 — Archive via Utility
• T1564.001 — Hidden Files and Directories
• T1569.001 — Launchctl