Malware: Dok

Description

[Dok](https://attack.mitre.org/software/S0281) is a Trojan application disguised as a .zip file that is able to collect user credentials and install a malicious proxy server to redirect a user's network traffic (i.e. [Adversary-in-the-Middle](https://attack.mitre.org/techniques/T1557)).(Citation: objsee mac malware 2017)(Citation: hexed osx.dok analysis 2019)(Citation: CheckPoint Dok)

External References

• mitre-attack
• hexed osx.dok analysis 2019
• CheckPoint Dok
• objsee mac malware 2017

Techniques Used by This Malware

• T1027.002 — Software Packing
• T1048.003 — Exfiltration Over Unencrypted Non-C2 Protocol
• T1056.002 — GUI Input Capture
• T1059.002 — AppleScript
• T1090.003 — Multi-hop Proxy
• T1222.002 — Linux and Mac File and Directory Permissions Modification
• T1543.001 — Launch Agent
• T1547.015 — Login Items
• T1548.003 — Sudo and Sudo Caching
• T1553.004 — Install Root Certificate
• T1557 — Adversary-in-the-Middle