There is no description at this point.
rule osx_macspy_w0 { meta: author = "AlienVault Labs" malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/osx.macspy" malpedia_version = "20170612" malpedia_license = "CC BY-NC-SA 4.0" malpedia_sharing = "TLP:WHITE" strings: $header0 = {cf fa ed fe} $header1 = {ce fa ed fe} $header2 = {ca fe ba be} $c1 = { 76 31 09 00 76 32 09 00 76 33 09 00 69 31 09 00 69 32 09 00 69 33 09 00 69 34 09 00 66 31 09 00 66 32 09 00 66 33 09 00 66 34 09 00 74 63 3A 00 } condition: ($header0 at 0 or $header1 at 0 or $header2 at 0) and $c1 }
If your designated proposal does not fit in any other category, feel free to write a free-text in the comment field below.
Please propose all changes regarding references on the Malpedia library page
Your suggestion will be reviewed before being published. Thank you for contributing!
YYYY-MM-DD
YYYY-MM
YYYY