Trusted Design

ClickFix Malware Uses macOS Script Editor to Deliver Atomic Stealer

概要

Jamf Threat Labs discovered a ClickFix-style macOS attack that abuses the applescript:// URL scheme to launch Script Editor and deliver an Atomic Stealer infostealer payload — bypassing Terminal entirely.

Created: 2026-04-08

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

GALLIUM

Score: 8.35

Matched TTPs:

T1003.002 - Security Account Manager
T1190 - Exploit Public-Facing Application
T1018 - Remote System Discovery
T1550.002 - Pass the Hash

MITREへのリンク →

APT29

Score: 14.80

Matched TTPs:

T1003.002 - Security Account Manager
T1190 - Exploit Public-Facing Application
T1595.002 - Vulnerability Scanning
T1546.008 - Accessibility Features
T1218.005 - Mshta
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN13

Score: 10.94

Matched TTPs:

T1003.002 - Security Account Manager
T1190 - Exploit Public-Facing Application
T1134.003 - Make and Impersonate Token
T1550.002 - Pass the Hash

MITREへのリンク →

Dragonfly

Score: 16.62

Matched TTPs:

T1003.002 - Security Account Manager
T1598.003 - Spearphishing Link
T1190 - Exploit Public-Facing Application
T1562.004 - Disable or Modify System Firewall
T1595.002 - Vulnerability Scanning
T1598.002 - Spearphishing Attachment
T1018 - Remote System Discovery

MITREへのリンク →

Ke3chang

Score: 11.97

Matched TTPs:

T1003.002 - Security Account Manager
T1583.005 - Botnet
T1007 - System Service Discovery
T1190 - Exploit Public-Facing Application
T1018 - Remote System Discovery

MITREへのリンク →

Agrius

Score: 7.40

Matched TTPs:

T1003.002 - Security Account Manager
T1190 - Exploit Public-Facing Application
T1562.001 - Disable or Modify Tools
T1018 - Remote System Discovery

MITREへのリンク →

APT41

Score: 20.70

Matched TTPs:

T1003.002 - Security Account Manager
T1190 - Exploit Public-Facing Application
T1595.002 - Vulnerability Scanning
T1546.008 - Accessibility Features
T1486 - Data Encrypted for Impact
T1018 - Remote System Discovery
T1550.002 - Pass the Hash
T1596.005 - Scan Databases

MITREへのリンク →

APT5

Score: 7.91

Matched TTPs:

T1003.002 - Security Account Manager
T1583.005 - Botnet
T1190 - Exploit Public-Facing Application

MITREへのリンク →

menuPass

Score: 5.60

Matched TTPs:

T1003.002 - Security Account Manager
T1190 - Exploit Public-Facing Application
T1018 - Remote System Discovery

MITREへのリンク →

Threat Group-3390

Score: 7.58

Matched TTPs:

T1003.002 - Security Account Manager
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1018 - Remote System Discovery

MITREへのリンク →

Wizard Spider

Score: 16.84

Matched TTPs:

T1003.002 - Security Account Manager
T1518.002 - Backup Software Discovery
T1562.001 - Disable or Modify Tools
T1555.004 - Windows Credential Manager
T1018 - Remote System Discovery
T1550.002 - Pass the Hash

MITREへのリンク →

Ember Bear

Score: 12.74

Matched TTPs:

T1003.002 - Security Account Manager
T1190 - Exploit Public-Facing Application
T1595.002 - Vulnerability Scanning
T1562.001 - Disable or Modify Tools
T1018 - Remote System Discovery
T1550.002 - Pass the Hash

MITREへのリンク →

Sea Turtle

Score: 13.47

Matched TTPs:

T1583.002 - DNS Server
T1190 - Exploit Public-Facing Application
T1608.003 - Install Digital Certificate
T1027.004 - Compile After Delivery

MITREへのリンク →

Axiom

Score: 8.60

Matched TTPs:

T1583.002 - DNS Server
T1190 - Exploit Public-Facing Application
T1546.008 - Accessibility Features

MITREへのリンク →

HEXANE

Score: 7.36

Matched TTPs:

T1583.002 - DNS Server
T1608.001 - Upload Malware
T1018 - Remote System Discovery

MITREへのリンク →

Scattered Spider

Score: 19.84

Matched TTPs:

T1484.002 - Trust Modification
T1598.003 - Spearphishing Link
T1070.008 - Clear Mailbox Data
T1562.001 - Disable or Modify Tools
T1486 - Data Encrypted for Impact
T1598 - Phishing for Information
T1018 - Remote System Discovery

MITREへのリンク →

Storm-0501

Score: 7.94

Matched TTPs:

T1484.002 - Trust Modification
T1190 - Exploit Public-Facing Application
T1486 - Data Encrypted for Impact

MITREへのリンク →

Sidewinder

Score: 8.42

Matched TTPs:

T1598.003 - Spearphishing Link
T1218.005 - Mshta
T1598.002 - Spearphishing Attachment

MITREへのリンク →

Mustang Panda

Score: 12.45

Matched TTPs:

T1598.003 - Spearphishing Link
T1608.001 - Upload Malware
T1218.005 - Mshta
T1052.001 - Exfiltration over USB
T1018 - Remote System Discovery

MITREへのリンク →

Sandworm Team

Score: 12.38

Matched TTPs:

T1598.003 - Spearphishing Link
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1595.002 - Vulnerability Scanning
T1486 - Data Encrypted for Impact
T1018 - Remote System Discovery

MITREへのリンク →

Silent Librarian

Score: 6.30

Matched TTPs:

T1598.003 - Spearphishing Link
T1608.005 - Link Target

MITREへのリンク →

ZIRCONIUM

Score: 5.90

Matched TTPs:

T1598.003 - Spearphishing Link
T1598 - Phishing for Information

MITREへのリンク →

APT32

Score: 11.06

Matched TTPs:

T1598.003 - Spearphishing Link
T1608.001 - Upload Malware
T1218.005 - Mshta
T1018 - Remote System Discovery
T1550.002 - Pass the Hash

MITREへのリンク →

Kimsuky

Score: 21.09

Matched TTPs:

T1598.003 - Spearphishing Link
T1007 - System Service Discovery
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1562.004 - Disable or Modify System Firewall
T1218.005 - Mshta
T1562.001 - Disable or Modify Tools
T1598 - Phishing for Information
T1550.002 - Pass the Hash

MITREへのリンク →

Magic Hound

Score: 17.06

Matched TTPs:

T1598.003 - Spearphishing Link
T1190 - Exploit Public-Facing Application
T1562.004 - Disable or Modify System Firewall
T1595.002 - Vulnerability Scanning
T1562.001 - Disable or Modify Tools
T1486 - Data Encrypted for Impact
T1018 - Remote System Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT28

Score: 17.24

Matched TTPs:

T1598.003 - Spearphishing Link
T1190 - Exploit Public-Facing Application
T1595.002 - Vulnerability Scanning
T1598 - Phishing for Information
T1498 - Network Denial of Service
T1550.002 - Pass the Hash

MITREへのリンク →

Star Blizzard

Score: 8.05

Matched TTPs:

T1598.003 - Spearphishing Link
T1608.001 - Upload Malware
T1598.002 - Spearphishing Attachment

MITREへのリンク →

Moonstone Sleet

Score: 12.73

Matched TTPs:

T1598.003 - Spearphishing Link
T1608.001 - Upload Malware
T1486 - Data Encrypted for Impact
T1598 - Phishing for Information
T1566.003 - Spearphishing via Service

MITREへのリンク →

CURIUM

Score: 4.98

Matched TTPs:

T1598.003 - Spearphishing Link
T1566.003 - Spearphishing via Service

MITREへのリンク →

HAFNIUM

Score: 6.86

Matched TTPs:

T1583.005 - Botnet
T1190 - Exploit Public-Facing Application
T1018 - Remote System Discovery

MITREへのリンク →

BRONZE BUTLER

Score: 5.86

Matched TTPs:

T1007 - System Service Discovery
T1562.001 - Disable or Modify Tools
T1018 - Remote System Discovery

MITREへのリンク →

TeamTNT

Score: 11.23

Matched TTPs:

T1007 - System Service Discovery
T1608.001 - Upload Malware
T1562.004 - Disable or Modify System Firewall
T1595.002 - Vulnerability Scanning
T1562.001 - Disable or Modify Tools

MITREへのリンク →

Indrik Spider

Score: 8.20

Matched TTPs:

T1007 - System Service Discovery
T1562.001 - Disable or Modify Tools
T1486 - Data Encrypted for Impact
T1018 - Remote System Discovery

MITREへのリンク →

OilRig

Score: 12.98

Matched TTPs:

T1007 - System Service Discovery
T1608.001 - Upload Malware
T1562.004 - Disable or Modify System Firewall
T1555.004 - Windows Credential Manager
T1566.003 - Spearphishing via Service

MITREへのリンク →

Turla

Score: 9.48

Matched TTPs:

T1007 - System Service Discovery
T1562.001 - Disable or Modify Tools
T1555.004 - Windows Credential Manager
T1018 - Remote System Discovery

MITREへのリンク →

Aquatic Panda

Score: 9.66

Matched TTPs:

T1007 - System Service Discovery
T1595.002 - Vulnerability Scanning
T1562.001 - Disable or Modify Tools
T1550.002 - Pass the Hash

MITREへのリンク →

Chimera

Score: 6.81

Matched TTPs:

T1007 - System Service Discovery
T1018 - Remote System Discovery
T1550.002 - Pass the Hash

MITREへのリンク →

Earth Lusca

Score: 12.44

Matched TTPs:

T1007 - System Service Discovery
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1595.002 - Vulnerability Scanning
T1218.005 - Mshta
T1018 - Remote System Discovery

MITREへのリンク →

Volt Typhoon

Score: 13.51

Matched TTPs:

T1007 - System Service Discovery
T1190 - Exploit Public-Facing Application
T1587.004 - Exploits
T1018 - Remote System Discovery
T1596.005 - Scan Databases

MITREへのリンク →

APT1

Score: 5.27

Matched TTPs:

T1007 - System Service Discovery
T1550.002 - Pass the Hash

MITREへのリンク →

TA2541

Score: 6.11

Matched TTPs:

T1608.001 - Upload Malware
T1218.005 - Mshta
T1562.001 - Disable or Modify Tools

MITREへのリンク →

LuminousMoth

Score: 5.82

Matched TTPs:

T1608.001 - Upload Malware
T1608.005 - Link Target

MITREへのリンク →

LazyScripter

Score: 4.31

Matched TTPs:

T1608.001 - Upload Malware
T1218.005 - Mshta

MITREへのリンク →

Gamaredon Group

Score: 9.73

Matched TTPs:

T1608.001 - Upload Malware
T1218.005 - Mshta
T1562.001 - Disable or Modify Tools
T1027.004 - Compile After Delivery

MITREへのリンク →

SideCopy

Score: 7.94

Matched TTPs:

T1608.001 - Upload Malware
T1218.005 - Mshta
T1598.002 - Spearphishing Attachment

MITREへのリンク →

TA505

Score: 6.11

Matched TTPs:

T1608.001 - Upload Malware
T1562.001 - Disable or Modify Tools
T1486 - Data Encrypted for Impact

MITREへのリンク →

BlackByte

Score: 15.60

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1562.004 - Disable or Modify System Firewall
T1134.003 - Make and Impersonate Token
T1562.001 - Disable or Modify Tools
T1486 - Data Encrypted for Impact
T1018 - Remote System Discovery

MITREへのリンク →

Saint Bear

Score: 3.77

Matched TTPs:

T1608.001 - Upload Malware
T1562.001 - Disable or Modify Tools

MITREへのリンク →

Contagious Interview

Score: 6.29

Matched TTPs:

T1608.001 - Upload Malware
T1562.001 - Disable or Modify Tools
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN7

Score: 14.31

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1562.004 - Disable or Modify System Firewall
T1218.005 - Mshta
T1608.005 - Link Target
T1486 - Data Encrypted for Impact

MITREへのリンク →

EXOTIC LILY

Score: 4.50

Matched TTPs:

T1608.001 - Upload Malware
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT42

Score: 6.11

Matched TTPs:

T1608.001 - Upload Malware
T1070.008 - Clear Mailbox Data

MITREへのリンク →

Rocke

Score: 10.77

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1562.004 - Disable or Modify System Firewall
T1562.001 - Disable or Modify Tools
T1027.004 - Compile After Delivery
T1018 - Remote System Discovery

MITREへのリンク →

Medusa Group

Score: 14.03

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1562.004 - Disable or Modify System Firewall
T1562.001 - Disable or Modify Tools
T1486 - Data Encrypted for Impact
T1650 - Acquire Access
T1018 - Remote System Discovery

MITREへのリンク →

Fox Kitten

Score: 6.30

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1546.008 - Accessibility Features
T1018 - Remote System Discovery

MITREへのリンク →

ToddyCat

Score: 7.88

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1562.004 - Disable or Modify System Firewall
T1018 - Remote System Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Blue Mockingbird

Score: 5.31

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1134 - Access Token Manipulation

MITREへのリンク →

Winter Vivern

Score: 4.06

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1595.002 - Vulnerability Scanning

MITREへのリンク →

Leviathan

Score: 7.91

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1595.002 - Vulnerability Scanning
T1587.004 - Exploits

MITREへのリンク →

Volatile Cedar

Score: 4.06

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1595.002 - Vulnerability Scanning

MITREへのリンク →

INC Ransom

Score: 5.61

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1562.001 - Disable or Modify Tools
T1486 - Data Encrypted for Impact

MITREへのリンク →

UNC3886

Score: 9.45

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1562.004 - Disable or Modify System Firewall
T1562.001 - Disable or Modify Tools
T1587.004 - Exploits

MITREへのリンク →

Moses Staff

Score: 3.81

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1562.004 - Disable or Modify System Firewall

MITREへのリンク →

Play

Score: 4.81

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1562.001 - Disable or Modify Tools
T1018 - Remote System Discovery

MITREへのリンク →

MuddyWater

Score: 9.23

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1218.005 - Mshta
T1562.001 - Disable or Modify Tools
T1027.004 - Compile After Delivery

MITREへのリンク →

Salt Typhoon

Score: 3.81

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1562.004 - Disable or Modify System Firewall

MITREへのリンク →

APT39

Score: 3.01

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1018 - Remote System Discovery

MITREへのリンク →

Akira

Score: 10.22

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1562.001 - Disable or Modify Tools
T1486 - Data Encrypted for Impact
T1018 - Remote System Discovery

MITREへのリンク →

Lazarus Group

Score: 9.00

Matched TTPs:

T1562.004 - Disable or Modify System Firewall
T1218.005 - Mshta
T1562.001 - Disable or Modify Tools
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT38

Score: 13.36

Matched TTPs:

T1562.004 - Disable or Modify System Firewall
T1218.005 - Mshta
T1562.001 - Disable or Modify Tools
T1486 - Data Encrypted for Impact
T1565.002 - Transmitted Data Manipulation

MITREへのリンク →

Velvet Ant

Score: 4.14

Matched TTPs:

T1562.004 - Disable or Modify System Firewall
T1562.001 - Disable or Modify Tools

MITREへのリンク →

APT3

Score: 4.83

Matched TTPs:

T1546.008 - Accessibility Features
T1018 - Remote System Discovery

MITREへのリンク →

Deep Panda

Score: 4.83

Matched TTPs:

T1546.008 - Accessibility Features
T1018 - Remote System Discovery

MITREへのリンク →

Tropic Trooper

Score: 4.13

Matched TTPs:

T1052.001 - Exfiltration over USB

MITREへのリンク →

FIN6

Score: 9.71

Matched TTPs:

T1562.001 - Disable or Modify Tools
T1134 - Access Token Manipulation
T1018 - Remote System Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Storm-1811

Score: 4.86

Matched TTPs:

T1486 - Data Encrypted for Impact
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN8

Score: 3.88

Matched TTPs:

T1486 - Data Encrypted for Impact
T1018 - Remote System Discovery

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1555.004 - Windows Credential Manager

MITREへのリンク →

Lotus Blossom

Score: 5.39

Matched TTPs:

T1134 - Access Token Manipulation
T1018 - Remote System Discovery

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70

Matched TTPs:

T1218.005 - Mshta
T1562.004 - Disable or Modify System Firewall
T1598.003 - Spearphishing Link
T1007 - System Service Discovery
T1190 - Exploit Public-Facing Application
T1598 - Phishing for Information
T1550.002 - Pass the Hash
T1608.001 - Upload Malware
T1562.001 - Disable or Modify Tools

MITREへのリンク →

APT41

Score: 0.69

Matched TTPs:

T1546.008 - Accessibility Features
T1190 - Exploit Public-Facing Application
T1550.002 - Pass the Hash
T1486 - Data Encrypted for Impact
T1595.002 - Vulnerability Scanning
T1596.005 - Scan Databases
T1003.002 - Security Account Manager
T1018 - Remote System Discovery

MITREへのリンク →

Scattered Spider

Score: 0.66

Matched TTPs:

T1598.003 - Spearphishing Link
T1598 - Phishing for Information
T1486 - Data Encrypted for Impact
T1484.002 - Trust Modification
T1562.001 - Disable or Modify Tools
T1018 - Remote System Discovery
T1070.008 - Clear Mailbox Data

MITREへのリンク →

APT28

Score: 0.57

Matched TTPs:

T1498 - Network Denial of Service
T1598.003 - Spearphishing Link
T1598 - Phishing for Information
T1190 - Exploit Public-Facing Application
T1550.002 - Pass the Hash
T1595.002 - Vulnerability Scanning

MITREへのリンク →

Magic Hound

Score: 0.57

Matched TTPs:

T1562.004 - Disable or Modify System Firewall
T1598.003 - Spearphishing Link
T1190 - Exploit Public-Facing Application
T1566.003 - Spearphishing via Service
T1486 - Data Encrypted for Impact
T1595.002 - Vulnerability Scanning
T1562.001 - Disable or Modify Tools
T1018 - Remote System Discovery

MITREへのリンク →

Wizard Spider

Score: 0.56

Matched TTPs:

T1555.004 - Windows Credential Manager
T1550.002 - Pass the Hash
T1562.001 - Disable or Modify Tools
T1003.002 - Security Account Manager
T1018 - Remote System Discovery
T1518.002 - Backup Software Discovery

MITREへのリンク →

Dragonfly

Score: 0.55

Matched TTPs:

T1562.004 - Disable or Modify System Firewall
T1598.003 - Spearphishing Link
T1190 - Exploit Public-Facing Application
T1598.002 - Spearphishing Attachment
T1595.002 - Vulnerability Scanning
T1003.002 - Security Account Manager
T1018 - Remote System Discovery

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る