Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-04-01Objective-SeePatrick Wardle
@online{wardle:20230401:ironing:d7ecebf, author = {Patrick Wardle}, title = {{Ironing out (the macOS) details of a Smooth Operator (Part II)}}, date = {2023-04-01}, organization = {Objective-See}, url = {https://objective-see.org/blog/blog_0x74.html}, language = {English}, urldate = {2023-04-06} } Ironing out (the macOS) details of a Smooth Operator (Part II)
3CX Backdoor
2023-03-29Objective-SeePatrick Wardle
@online{wardle:20230329:ironing:7faf1d3, author = {Patrick Wardle}, title = {{Ironing out (the macOS details) of a Smooth Operator}}, date = {2023-03-29}, organization = {Objective-See}, url = {https://objective-see.org/blog/blog_0x73.html}, language = {English}, urldate = {2023-04-02} } Ironing out (the macOS details) of a Smooth Operator
3CX Backdoor
2023-01-01Objective-SeePatrick Wardle
@online{wardle:20230101:mac:e454667, author = {Patrick Wardle}, title = {{The Mac Malware of 2022}}, date = {2023-01-01}, organization = {Objective-See}, url = {https://objective-see.org/blog/blog_0x71.html}, language = {English}, urldate = {2023-03-20} } The Mac Malware of 2022
2022-01-25Objective-SeePatrick Wardle
@online{wardle:20220125:analyzing:fc3bf7b, author = {Patrick Wardle}, title = {{Analyzing OSX.DazzleSpy}}, date = {2022-01-25}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x6D.html}, language = {English}, urldate = {2022-02-04} } Analyzing OSX.DazzleSpy
DazzleSpy
2021-11-11Objective-SeePatrick Wardle
@online{wardle:20211111:osxcdds:bfdc124, author = {Patrick Wardle}, title = {{OSX.CDDS a sophisticated watering hole campaign drops a new macOS implant!}}, date = {2021-11-11}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x69.html}, language = {English}, urldate = {2021-11-17} } OSX.CDDS a sophisticated watering hole campaign drops a new macOS implant!
CDDS
2021-10-01Objective-SeeRuna Sandvik
@online{sandvik:20211001:made:832ee10, author = {Runa Sandvik}, title = {{Made In America: Green Lambert for OS X}}, date = {2021-10-01}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x68.html}, language = {English}, urldate = {2021-10-24} } Made In America: Green Lambert for OS X
Lambert
2021-09-16Objective-SeeTom McGuire
@online{mcguire:20210916:analysis:107f9ed, author = {Tom McGuire}, title = {{Analysis of CVE-2021-30860 the flaw and fix of a zero-click vulnerability, exploited in the wild}}, date = {2021-09-16}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x67.html}, language = {English}, urldate = {2021-09-19} } Analysis of CVE-2021-30860 the flaw and fix of a zero-click vulnerability, exploited in the wild
Chrysaor
2021-09-14Objective-SeePatrick Wardle
@online{wardle:20210914:osxzuru:926e182, author = {Patrick Wardle}, title = {{OSX.ZuRu: trojanized apps spread malware, via sponsored search results}}, date = {2021-09-14}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x66.html}, language = {English}, urldate = {2021-09-16} } OSX.ZuRu: trojanized apps spread malware, via sponsored search results
ZuRu
2021-04-26Objective-SeePatrick Wardle
@online{wardle:20210426:all:9cbbc8c, author = {Patrick Wardle}, title = {{All Your Macs Are Belong To Us: bypassing macOS's file quarantine, gatekeeper, and notarization requirements}}, date = {2021-04-26}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x64.html}, language = {English}, urldate = {2021-04-29} } All Your Macs Are Belong To Us: bypassing macOS's file quarantine, gatekeeper, and notarization requirements
Shlayer
2021-02-14Objective-SeePatrick Wardle
@online{wardle:20210214:armd:9b3ea08, author = {Patrick Wardle}, title = {{Arm'd & Dangerous malicious code, now native on apple silicon}}, date = {2021-02-14}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x62.html}, language = {English}, urldate = {2021-02-24} } Arm'd & Dangerous malicious code, now native on apple silicon
Pirrit
2021-01-05Objective-SeePatrick Wardle
@online{wardle:20210105:discharging:2eb3c47, author = {Patrick Wardle}, title = {{Discharging ElectroRAT}}, date = {2021-01-05}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x61.html}, language = {English}, urldate = {2021-01-10} } Discharging ElectroRAT
ElectroRAT
2021-01-01Objective-SeePatrick Wardle
@online{wardle:20210101:mac:a6f5a3b, author = {Patrick Wardle}, title = {{The Mac Malware of 2020 - a comprehensive analysis of the year's new malware}}, date = {2021-01-01}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x5F.html}, language = {English}, urldate = {2021-01-11} } The Mac Malware of 2020 - a comprehensive analysis of the year's new malware
AppleJeus Dacls EvilQuest FinFisher WatchCat XCSSET
2020-11-27Objective-SeePatrick Wardle
@online{wardle:20201127:adventures:e74df5f, author = {Patrick Wardle}, title = {{Adventures in Anti-Gravity (Part II) Deconstructing the Mac Variant of GravityRAT}}, date = {2020-11-27}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x5C.html}, language = {English}, urldate = {2020-12-08} } Adventures in Anti-Gravity (Part II) Deconstructing the Mac Variant of GravityRAT
2020-11-03Objective-SeePatrick Wardle
@online{wardle:20201103:adventures:1b70800, author = {Patrick Wardle}, title = {{Adventures in Anti-Gravity: Deconstructing the Mac Variant of GravityRAT}}, date = {2020-11-03}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x5B.html}, language = {English}, urldate = {2020-11-06} } Adventures in Anti-Gravity: Deconstructing the Mac Variant of GravityRAT
2020-09-26Objective-SeePatrick Wardle
@online{wardle:20200926:finfisher:fa6d6ad, author = {Patrick Wardle}, title = {{FinFisher Filleted: a triage of the FinSpy (macOS) malware}}, date = {2020-09-26}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x4F.html}, language = {English}, urldate = {2020-10-05} } FinFisher Filleted: a triage of the FinSpy (macOS) malware
FinFisher
2020-06-29Objective-SeePatrick Wardle
@online{wardle:20200629:osxevilquest:dc69dab, author = {Patrick Wardle}, title = {{OSX.EvilQuest Uncovered}}, date = {2020-06-29}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x59.html}, language = {English}, urldate = {2020-06-30} } OSX.EvilQuest Uncovered
EvilQuest
2020-05-05Objective-SeePatrick Wardle
@online{wardle:20200505:dacls:b9f2391, author = {Patrick Wardle}, title = {{The Dacls RAT ...now on macOS! deconstructing the mac variant of a lazarus group implant}}, date = {2020-05-05}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x57.html}, language = {English}, urldate = {2020-05-07} } The Dacls RAT ...now on macOS! deconstructing the mac variant of a lazarus group implant
Dacls
2020-02-22Objective-SeePatrick Wardle
@online{wardle:20200222:weaponizing:ea810ff, author = {Patrick Wardle}, title = {{Weaponizing a Lazarus Group Implant: repurposing a 1st-stage loader, to execute custom 'fileless' payloads}}, date = {2020-02-22}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x54.html}, language = {English}, urldate = {2020-02-27} } Weaponizing a Lazarus Group Implant: repurposing a 1st-stage loader, to execute custom 'fileless' payloads
AppleJeus
2020-01-01Objective-SeePatrick Wardle
@online{wardle:20200101:mac:1d3cffc, author = {Patrick Wardle}, title = {{The Mac Malware of 2019}}, date = {2020-01-01}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x53.html}, language = {English}, urldate = {2020-07-20} } The Mac Malware of 2019
Gmera Mokes Yort
2019-12-03Objective-SeeObjective-See
@online{objectivesee:20191203:lazarus:028af2b, author = {Objective-See}, title = {{Lazarus Group Goes 'Fileless'}}, date = {2019-12-03}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x51.html}, language = {English}, urldate = {2020-01-13} } Lazarus Group Goes 'Fileless'
Unidentified macOS 001 (UnionCryptoTrader)