MaMi OSX Malware 2017-01-12 (https://objective-see.com/blog/blog_0x26.html): bogus certificate added to key store by this malware
Query:
select * from certificates where common_name like '%cloudguard.me%' and not_valid_after = '2352216315';Additional Query Info:
Version: 2.8.0
Platform: darwin
Interval: 3600
JSON:
{ "queries": { "OSX_MaMi_Certificate": { "query" : "select * from certificates where common_name like '%cloudguard.me%' and not_valid_after = '2352216315';", "interval" : "3600", "platform" : "darwin", "version": "2.8.0", "description" : "MaMi OSX Malware 2017-01-12 (https://objective-see.com/blog/blog_0x26.html)", "value" : "bogus certificate added to key store by this malware" } } }