IOC Radar
TLP:WHITE2 IOCs

macOS Users Targeted by Sapphire Sleet Campaign Using Script Editor and Fake Update Dialogs

CP
Cyber Press
Published June 17, 2026Original Report

Diamond Model

Attack Flow9 steps · MITRE ATT&CK mapped

Initial AccessTA0001·T1204
1/9
User Execution
ActionExecute malicious script
Victims are tricked into opening a malicious AppleScript file disguised as a legitimate communication tool.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise2

TypeIndicatorConfidenceScoreFirst Seen
SHA256980bf65c703edae7b28a752207a84b80332be0dae4ee87f00928f82a011ab0ce
file-hashindicatorintel-blog
Medium
53
Jun 18, 26
SHA2562075fd1a1362d188290910a8c55cf30c11ed5955c04af410c481410f538da419
file-hashintel-blogmalware
Medium
56
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph2 total IOCs
SHA256
SHA2562REPORTmacOS Users Targeted by Sa
scroll to zoom · drag to pan · click IOC to open