Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-04-26Objective-SeePatrick Wardle
@online{wardle:20210426:all:9cbbc8c, author = {Patrick Wardle}, title = {{All Your Macs Are Belong To Us: bypassing macOS's file quarantine, gatekeeper, and notarization requirements}}, date = {2021-04-26}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x64.html}, language = {English}, urldate = {2021-04-29} } All Your Macs Are Belong To Us: bypassing macOS's file quarantine, gatekeeper, and notarization requirements
Shlayer
2021-02-14Objective-SeePatrick Wardle
@online{wardle:20210214:armd:9b3ea08, author = {Patrick Wardle}, title = {{Arm'd & Dangerous malicious code, now native on apple silicon}}, date = {2021-02-14}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x62.html}, language = {English}, urldate = {2021-02-24} } Arm'd & Dangerous malicious code, now native on apple silicon
Pirrit
2021-01-05Objective-SeePatrick Wardle
@online{wardle:20210105:discharging:2eb3c47, author = {Patrick Wardle}, title = {{Discharging ElectroRAT}}, date = {2021-01-05}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x61.html}, language = {English}, urldate = {2021-01-10} } Discharging ElectroRAT
ElectroRAT
2021-01-01Objective-SeePatrick Wardle
@online{wardle:20210101:mac:a6f5a3b, author = {Patrick Wardle}, title = {{The Mac Malware of 2020 - a comprehensive analysis of the year's new malware}}, date = {2021-01-01}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x5F.html}, language = {English}, urldate = {2021-01-11} } The Mac Malware of 2020 - a comprehensive analysis of the year's new malware
AppleJeus Dacls EvilQuest FinFisher WatchCat XCSSET
2020-11-27Objective-SeePatrick Wardle
@online{wardle:20201127:adventures:e74df5f, author = {Patrick Wardle}, title = {{Adventures in Anti-Gravity (Part II) Deconstructing the Mac Variant of GravityRAT}}, date = {2020-11-27}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x5C.html}, language = {English}, urldate = {2020-12-08} } Adventures in Anti-Gravity (Part II) Deconstructing the Mac Variant of GravityRAT
2020-11-03Objective-SeePatrick Wardle
@online{wardle:20201103:adventures:1b70800, author = {Patrick Wardle}, title = {{Adventures in Anti-Gravity: Deconstructing the Mac Variant of GravityRAT}}, date = {2020-11-03}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x5B.html}, language = {English}, urldate = {2020-11-06} } Adventures in Anti-Gravity: Deconstructing the Mac Variant of GravityRAT
2020-09-26Objective-SeePatrick Wardle
@online{wardle:20200926:finfisher:fa6d6ad, author = {Patrick Wardle}, title = {{FinFisher Filleted: a triage of the FinSpy (macOS) malware}}, date = {2020-09-26}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x4F.html}, language = {English}, urldate = {2020-10-05} } FinFisher Filleted: a triage of the FinSpy (macOS) malware
FinFisher
2020-06-29Objective-SeePatrick Wardle
@online{wardle:20200629:osxevilquest:dc69dab, author = {Patrick Wardle}, title = {{OSX.EvilQuest Uncovered}}, date = {2020-06-29}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x59.html}, language = {English}, urldate = {2020-06-30} } OSX.EvilQuest Uncovered
EvilQuest
2020-05-05Objective-SeePatrick Wardle
@online{wardle:20200505:dacls:b9f2391, author = {Patrick Wardle}, title = {{The Dacls RAT ...now on macOS! deconstructing the mac variant of a lazarus group implant}}, date = {2020-05-05}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x57.html}, language = {English}, urldate = {2020-05-07} } The Dacls RAT ...now on macOS! deconstructing the mac variant of a lazarus group implant
Dacls
2020-02-22Objective-SeePatrick Wardle
@online{wardle:20200222:weaponizing:ea810ff, author = {Patrick Wardle}, title = {{Weaponizing a Lazarus Group Implant: repurposing a 1st-stage loader, to execute custom 'fileless' payloads}}, date = {2020-02-22}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x54.html}, language = {English}, urldate = {2020-02-27} } Weaponizing a Lazarus Group Implant: repurposing a 1st-stage loader, to execute custom 'fileless' payloads
AppleJeus
2020-01-01Objective-SeePatrick Wardle
@online{wardle:20200101:mac:1d3cffc, author = {Patrick Wardle}, title = {{The Mac Malware of 2019}}, date = {2020-01-01}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x53.html}, language = {English}, urldate = {2020-07-20} } The Mac Malware of 2019
Gmera Mokes Yort
2019-12-03Objective-SeeObjective-See
@online{objectivesee:20191203:lazarus:028af2b, author = {Objective-See}, title = {{Lazarus Group Goes 'Fileless'}}, date = {2019-12-03}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x51.html}, language = {English}, urldate = {2020-01-13} } Lazarus Group Goes 'Fileless'
Unidentified macOS 001 (UnionCryptoTrader)
2019-10-12Objective-SeePatrick Wardle
@online{wardle:20191012:pass:9a75bd6, author = {Patrick Wardle}, title = {{Pass the AppleJeus}}, date = {2019-10-12}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x49.html}, language = {English}, urldate = {2020-01-13} } Pass the AppleJeus
AppleJeus
2019-06-20Objective-SeePatrick Wardle
@online{wardle:20190620:burned:0768343, author = {Patrick Wardle}, title = {{Burned by Fire(fox)}}, date = {2019-06-20}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x43.html}, language = {English}, urldate = {2020-01-10} } Burned by Fire(fox)
Wirenet
2018-12-20Objective-SeePatrick Wardle
@online{wardle:20181220:middle:a318acb, author = {Patrick Wardle}, title = {{Middle East Cyber-Espionage: analyzing WindShift's implant: OSX.WindTail (part 1)}}, date = {2018-12-20}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x3B.html}, language = {English}, urldate = {2020-01-07} } Middle East Cyber-Espionage: analyzing WindShift's implant: OSX.WindTail (part 1)
WindTail
2018-06-29Objective-SeePatrick Wardle
@online{wardle:20180629:osxdummy:21758e3, author = {Patrick Wardle}, title = {{OSX.Dummy}}, date = {2018-06-29}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x32.html}, language = {English}, urldate = {2020-01-10} } OSX.Dummy
Dummy
2018-02-17Objective-SeePatrick Wardle
@online{wardle:20180217:tearing:57ab62c, author = {Patrick Wardle}, title = {{Tearing Apart the Undetected (OSX)Coldroot RAT}}, date = {2018-02-17}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x2A.html}, language = {English}, urldate = {2020-01-13} } Tearing Apart the Undetected (OSX)Coldroot RAT
Coldroot RAT
2018-02-05Objective-SeePatrick Wardle
@online{wardle:20180205:analyzing:928c52d, author = {Patrick Wardle}, title = {{Analyzing OSX/CreativeUpdater}}, date = {2018-02-05}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x29.html}, language = {English}, urldate = {2020-01-10} } Analyzing OSX/CreativeUpdater
CreativeUpdater
2018-01-24Objective-SeePatrick Wardle
@online{wardle:20180124:analyzing:5922fbb, author = {Patrick Wardle}, title = {{Analyzing CrossRAT: A cross-platform implant, utilized in a global cyber-espionage campaign}}, date = {2018-01-24}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x28.html}, language = {English}, urldate = {2019-11-27} } Analyzing CrossRAT: A cross-platform implant, utilized in a global cyber-espionage campaign
CrossRAT
2018-01-11Objective-SeePatrick Wardle
@online{wardle:20180111:ay:2c79d80, author = {Patrick Wardle}, title = {{Ay MaMi}}, date = {2018-01-11}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x26.html}, language = {English}, urldate = {2020-01-08} } Ay MaMi
MaMi