OS X port of Snake malware discovered by Fox-IT (https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/): Artifacts created by this malware
Query:
select * from file \ where path = '/Library/LaunchDaemons/com.adobe.update.plist' OR \ path = '/Library/Scripts/installd.sh' OR \ path = '/Library/Scripts/queue' OR \ path = '/tmp/.gdm-socket' OR \ path = '/tmp/.gdm-selinux' OR \ path LIKE '/var/tmp/.ur-%%';Additional Query Info:
Version: 1.4.5
Platform: darwin
Interval: 3600
JSON:
{ "queries": { "OSX_Snake": { "query" : "select * from file \ where path = '/Library/LaunchDaemons/com.adobe.update.plist' OR \ path = '/Library/Scripts/installd.sh' OR \ path = '/Library/Scripts/queue' OR \ path = '/tmp/.gdm-socket' OR \ path = '/tmp/.gdm-selinux' OR \ path LIKE '/var/tmp/.ur-%%';", "interval" : "3600", "platform" : "darwin", "version": "1.4.5", "description" : "OS X port of Snake malware discovered by Fox-IT (https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/)", "value" : "Artifacts created by this malware" } } }