Malware: Cryptoistic

Description

[Cryptoistic](https://attack.mitre.org/software/S0498) is a backdoor, written in Swift, that has been used by [Lazarus Group](https://attack.mitre.org/groups/G0032).(Citation: SentinelOne Lazarus macOS July 2020)

External References

• mitre-attack
• SentinelOne Lazarus macOS July 2020

Techniques Used by This Malware

• T1005 — Data from Local System
• T1033 — System Owner/User Discovery
• T1070.004 — File Deletion
• T1083 — File and Directory Discovery
• T1095 — Non-Application Layer Protocol
• T1105 — Ingress Tool Transfer
• T1573 — Encrypted Channel

APT Groups Using This Malware

• Lazarus Group