OSX_Snake

Name: OSX_Snake
OS X port of Snake malware discovered by Fox-IT (https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/): Artifacts created by this malware

Query:
select * from file \
         where path = '/Library/LaunchDaemons/com.adobe.update.plist' OR \
           path = '/Library/Scripts/installd.sh' OR \
           path = '/Library/Scripts/queue' OR \
           path = '/tmp/.gdm-socket' OR \
           path = '/tmp/.gdm-selinux' OR \
           path LIKE '/var/tmp/.ur-%%';
Additional Query Info:
Version: 1.4.5
Platform: darwin
Interval: 3600

JSON:
{
  "queries": {
    "OSX_Snake": {
      "query" : "select * from file \
         where path = '/Library/LaunchDaemons/com.adobe.update.plist' OR \
           path = '/Library/Scripts/installd.sh' OR \
           path = '/Library/Scripts/queue' OR \
           path = '/tmp/.gdm-socket' OR \
           path = '/tmp/.gdm-selinux' OR \
           path LIKE '/var/tmp/.ur-%%';",
      "interval" : "3600",
      "platform" : "darwin",
      "version": "1.4.5",
      "description" : "OS X port of Snake malware discovered by Fox-IT (https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/)",
      "value" : "Artifacts created by this malware"
    }
  }
}

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com