(https://blog.malwarebytes.com/cybercrime/2016/07/new-mac-backdoor-malware-eleanor/): Artifact used by this malware
Query:
SELECT * FROM launchd WHERE name IN ('com.getdropbox.dropbox.integritycheck.plist','com.getdropbox.dropbox.timegrabber.plist','com.getdropbox.dropbox.usercontent.plist');Additional Query Info:
Version: 1.4.5
Platform: darwin
Interval: 3600
JSON:
{ "queries": { "Backdoor_MAC_Eleanor": { "query" : "SELECT * FROM launchd WHERE name IN ('com.getdropbox.dropbox.integritycheck.plist','com.getdropbox.dropbox.timegrabber.plist','com.getdropbox.dropbox.usercontent.plist');", "interval" : "3600", "platform" : "darwin", "version": "1.4.5", "description" : "(https://blog.malwarebytes.com/cybercrime/2016/07/new-mac-backdoor-malware-eleanor/)", "value" : "Artifact used by this malware" } } }