Concrete signature match: Hack Tool - Tool used to exploit vulnerabilities for macOS platform, family BloodHound
This threat is a detection of BloodHound, a legitimate open-source penetration testing tool used for Active Directory reconnaissance and attack path mapping. Its presence on an unauthorized system, particularly detected via behavioral analysis, indicates potential malicious activity such as reconnaissance, privilege escalation, or lateral movement by an attacker.
No detailed analysis available from definition files.
f53d8040d84edd75ebe9e232e6d4b020e9368b9477434d91889ed1ec48fa558e2fa73ce2b5dcd03adf58a6a7692ef97fb005b967c2336686dd45495ec8b967e6454c3881ca6a4de23eed3d09884fa43485ee0a80de54187259639ce60949ba0204a162a5b7da204dcb3c099294fa3cf502af6f925073d0edddc30e98993f505f36e65d9e1863623ec984fc4f0d8d75720309710ef8e9a7a5e06c8d4a870b3b13Isolate the affected MacOS system immediately. Investigate the source and context of the BloodHound deployment to determine if it was authorized. Scan the system for other malicious tools or indicators of compromise, review Active Directory logs for suspicious activity, and remove all detected files associated with BloodHound.