Keydnap - S0276 (4b072c90-bc7a-432b-940e-016fc1c01761)

This piece of malware steals the content of the user's keychain while maintaining a permanent backdoor (Citation: OSX Keydnap malware).

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Keydnap - S0276 (4b072c90-bc7a-432b-940e-016fc1c01761)	Malware	Space after Filename - T1036.006 (e51137a5-1cdc-499e-911a-abaedaa5ac86)	Attack Pattern	1
Keydnap - S0276 (4b072c90-bc7a-432b-940e-016fc1c01761)	Malware	GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d)	Attack Pattern	1
Keydnap - S0276 (4b072c90-bc7a-432b-940e-016fc1c01761)	Malware	Securityd Memory - T1555.002 (1a80d097-54df-41d8-9d33-34e755ec5e72)	Attack Pattern	1
Keydnap - S0276 (4b072c90-bc7a-432b-940e-016fc1c01761)	Malware	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	1
Keydnap - S0276 (4b072c90-bc7a-432b-940e-016fc1c01761)	Malware	Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	1
Keydnap - S0276 (4b072c90-bc7a-432b-940e-016fc1c01761)	Malware	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	1
Keydnap - S0276 (4b072c90-bc7a-432b-940e-016fc1c01761)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	1
Keydnap - S0276 (4b072c90-bc7a-432b-940e-016fc1c01761)	Malware	Resource Forking - T1564.009 (b22e5153-ac28-4cc6-865c-2054e36285cb)	Attack Pattern	1
Keydnap - S0276 (4b072c90-bc7a-432b-940e-016fc1c01761)	Malware	Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9)	Attack Pattern	1
Space after Filename - T1036.006 (e51137a5-1cdc-499e-911a-abaedaa5ac86)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d)	Attack Pattern	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	2
Securityd Memory - T1555.002 (1a80d097-54df-41d8-9d33-34e755ec5e72)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	2
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Resource Forking - T1564.009 (b22e5153-ac28-4cc6-865c-2054e36285cb)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9)	Attack Pattern	2