Malware: Proton

Description

[Proton](https://attack.mitre.org/software/S0279) is a macOS backdoor focusing on data theft and credential access (Citation: objsee mac malware 2017).

External References

• mitre-attack
• objsee mac malware 2017

Techniques Used by This Malware

• T1021.005 — VNC
• T1056.001 — Keylogging
• T1056.002 — GUI Input Capture
• T1059.004 — Unix Shell
• T1070.002 — Clear Linux or Mac System Logs
• T1070.004 — File Deletion
• T1113 — Screen Capture
• T1140 — Deobfuscate/Decode Files or Information
• T1543.001 — Launch Agent
• T1548.003 — Sudo and Sudo Caching
• T1555.001 — Keychain
• T1555.003 — Credentials from Web Browsers
• T1555.005 — Password Managers
• T1560 — Archive Collected Data
• T1562.001 — Disable or Modify Tools