MacMa
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[MacMa](https://attack.mitre.org/software/S1016) is a macOS-based backdoor with a large set of functionalities to control and exfiltrate files from a compromised computer. [MacMa](https://attack.mitre.org/software/S1016) has been observed in the wild since November 2021.(Citation: ESET DazzleSpy Jan 2022) [MacMa](https://attack.mitre.org/software/S1016) shares command and control and unique libraries with [MgBot](https://attack.mitre.org/software/S1146) and [Nightdoor](https://attack.mitre.org/software/S1147), indicating a relationship with the [Daggerfly](https://attack.mitre.org/groups/G1034) threat actor.(Citation: Symantec Daggerfly 2024)
Associated Techniques (27)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1005 | Data from Local System | - |
| T1016 | System Network Configuration Discovery | - |
| T1021 | Remote Services | - |
| T1033 | System Owner/User Discovery | - |
| T1041 | Exfiltration Over C2 Channel | - |
| T1056.001 | Keylogging | - |
| T1057 | Process Discovery | - |
| T1059.004 | Unix Shell | - |
| T1070.002 | Clear Linux or Mac System Logs | - |
| T1070.004 | File Deletion | - |
| T1070.006 | Timestomp | - |
| T1074.001 | Local Data Staging | - |
| T1082 | System Information Discovery | - |
| T1083 | File and Directory Discovery | - |
| T1095 | Non-Application Layer Protocol | - |
Aliases (210)
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
OSX.CDDS
DazzleSpy
Used by Actors (1)
Metadata
| ID: | 534 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |