DOK malicious app (http://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/): Artifact used by this malware
Query:
select * from apps where bundle_name = 'Truesteer.AppStore';Additional Query Info:
Version: 1.4.5
Platform: darwin
Interval: 3600
JSON:
{ "queries": { "OSX_DOK_4": { "query" : "select * from apps where bundle_name = 'Truesteer.AppStore';", "interval" : "3600", "platform" : "darwin", "version": "1.4.5", "description" : "DOK malicious app (http://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/)", "value" : "Artifact used by this malware" } } }