Execution
11 binaries with this tactic
caffeinate
Prevent the system from sleeping on behalf of a utility.
ExecutionDefense Evasion bashzsh
funzip
The malicious binaries use funzip to extract the malicious binary with a password and using head or tail commands.
Execution bashzsh
hdiutil
Manipulate disk images using the DiskImages framework.
ExecutionCollection bashzshdisk
launchctl
Interact with LaunchAgents and LaunchDaemons.
ExecutionPersistence bashzshoneliner
mdls
List metadata attributes for the specified file.
Defense EvasionDiscoveryExecution +1 genieoshlayercleanmaster +4
open
Open files, folders, apps, URLs, and header files.
Execution application
osascript
Execute AppleScripts and other OSA language scripts and commands.
CollectionCredential AccessDiscovery +4 clipboardbashoneliner +15
ssh-keygen
Load unsigned dynamic libraries into the ssh-keygen binary.
ExecutionDefense Evasion dylib
swift
Arbitrarily execute swift code from the terminal.
ExecutionDefense Evasion swiftreplbash +1
tclsh
Run Tcl files or shell commands from standard input.
Execution dylib
xattr
Display and manipulate extended attributes.
ExecutionDefense Evasion xattrquarantine