(http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials): Artifact used by this malware
Query:
select * from launchd where name IN ('com.apple.iCloud.sync.daemon', 'com.geticloud.icloud.photo');Additional Query Info:
Version: 1.4.5
Platform: darwin
Interval: 3600
JSON:
{ "queries": { "OSX_Keydnap": { "query" : "select * from launchd where name IN ('com.apple.iCloud.sync.daemon', 'com.geticloud.icloud.photo');", "interval" : "3600", "platform" : "darwin", "version": "1.4.5", "description" : "(http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials)", "value" : "Artifact used by this malware" } } }