Dok
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[Dok](https://attack.mitre.org/software/S0281) is a Trojan application disguised as a .zip file that is able to collect user credentials and install a malicious proxy server to redirect a user's network traffic (i.e. [Adversary-in-the-Middle](https://attack.mitre.org/techniques/T1557)).(Citation: objsee mac malware 2017)(Citation: hexed osx.dok analysis 2019)(Citation: CheckPoint Dok)
Associated Techniques (11)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1027.002 | Software Packing | - |
| T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol | - |
| T1056.002 | GUI Input Capture | - |
| T1059.002 | AppleScript | - |
| T1090.003 | Multi-hop Proxy | - |
| T1222.002 | Linux and Mac File and Directory Permissions Modification | - |
| T1543.001 | Launch Agent | - |
| T1547.015 | Login Items | - |
| T1548.003 | Sudo and Sudo Caching | - |
| T1553.004 | Install Root Certificate | - |
| T1557 | Adversary-in-the-Middle | - |
Aliases (105)
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Retefe
Metadata
| ID: | 661 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |