Currently viewing ATT&CK v7.2 which was live between July 8, 2020 and October 26, 2020. Learn more about the versioning system or see the live site.
Register to stream the next session of ATT&CKcon Power Hour November 12
SOFTWARE
Aria-body
SOFTWARE
1-9
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Y-Z
  1. Home
  2. Software
  3. CallMe

CallMe

CallMe is a Trojan designed to run on Apple OSX. It is based on a publicly available tool called Tiny SHell. [1]

ID: S0077
Type: MALWARE
Platforms: macOS
Version: 1.1
Created: 31 May 2017
Last Modified: 30 March 2020
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1059 .004 Command and Scripting Interpreter: Unix Shell

CallMe has the capability to create a reverse shell on victims.[1]
Enterprise T1573 .001 Encrypted Channel: Symmetric Cryptography

CallMe uses AES to encrypt C2 traffic.[1]
Enterprise T1041 Exfiltration Over C2 Channel

CallMe exfiltrates data to its C2 server over the same protocol as C2 communications.[1]
Enterprise T1105 Ingress Tool Transfer

CallMe has the capability to download a file to the victim from the C2 server.[1]

Groups That Use This Software

ID Name References
G0029 Scarlet Mimic

[1]

References

  1. Falcone, R. and Miller-Osborn, J.. (2016, January 24). Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists. Retrieved February 10, 2016.