File Download Via Nscurl - MacOS

 1title: File Download Via Nscurl - MacOS
 2id: 6d8a7cf1-8085-423b-b87d-7e880faabbdf
 3status: test
 4description: Detects the execution of the nscurl utility in order to download files.
 5references:
 6    - https://www.loobins.io/binaries/nscurl/
 7    - https://www.agnosticdev.com/content/how-diagnose-app-transport-security-issues-using-nscurl-and-openssl
 8    - https://gist.github.com/nasbench/ca6ef95db04ae04ffd1e0b1ce709cadd
 9author: Daniel Cortez
10date: 2024-06-04
11tags:
12    - attack.command-and-control
13    - attack.t1105
14logsource:
15    category: process_creation
16    product: macos
17detection:
18    selection:
19        Image|endswith: '/nscurl'
20        CommandLine|contains:
21            - '--download '
22            - '--download-directory '
23            - '--output '
24            - '-dir '
25            - '-dl '
26            - '-ld'
27            - '-o '
28    condition: selection
29falsepositives:
30    - Legitimate usage of nscurl by administrators and users.
31level: medium

References

• nscurl

  

  Download, upload, and read files.

  
  Read More

• How to Diagnose App Transport Security Issues using nscurl and OpenSSL

  

  Learn how to test the best possible options for App Transport Security on your #iOS or #macOS application using nscurl and #openSSL. #networking #iOSDev #secureNetworking #networkDebugging

  
  Read More

• Nscrurl Full Help

  

  Nscrurl Full Help. GitHub Gist: instantly share code, notes, and snippets.

  
  Read More

Related rules

• Axios NPM Compromise Indicators - Linux
• Axios NPM Compromise Indicators - Windows
• Axios NPM Compromise Indicators - macOS
• Browser Execution In Headless Mode
• Curl Download And Execute Combination