Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-11Objective-SeePatrick Wardle
@online{wardle:20211111:osxcdds:bfdc124, author = {Patrick Wardle}, title = {{OSX.CDDS a sophisticated watering hole campaign drops a new macOS implant!}}, date = {2021-11-11}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x69.html}, language = {English}, urldate = {2021-11-17} } OSX.CDDS a sophisticated watering hole campaign drops a new macOS implant!
CDDS
2021-09-14Objective-SeePatrick Wardle
@online{wardle:20210914:osxzuru:926e182, author = {Patrick Wardle}, title = {{OSX.ZuRu: trojanized apps spread malware, via sponsored search results}}, date = {2021-09-14}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x66.html}, language = {English}, urldate = {2021-09-16} } OSX.ZuRu: trojanized apps spread malware, via sponsored search results
ZuRu
2021-04-26Objective-SeePatrick Wardle
@online{wardle:20210426:all:9cbbc8c, author = {Patrick Wardle}, title = {{All Your Macs Are Belong To Us: bypassing macOS's file quarantine, gatekeeper, and notarization requirements}}, date = {2021-04-26}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x64.html}, language = {English}, urldate = {2021-04-29} } All Your Macs Are Belong To Us: bypassing macOS's file quarantine, gatekeeper, and notarization requirements
Shlayer
2021-02-14Objective-SeePatrick Wardle
@online{wardle:20210214:armd:9b3ea08, author = {Patrick Wardle}, title = {{Arm'd & Dangerous malicious code, now native on apple silicon}}, date = {2021-02-14}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x62.html}, language = {English}, urldate = {2021-02-24} } Arm'd & Dangerous malicious code, now native on apple silicon
Pirrit
2021-01-05Objective-SeePatrick Wardle
@online{wardle:20210105:discharging:2eb3c47, author = {Patrick Wardle}, title = {{Discharging ElectroRAT}}, date = {2021-01-05}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x61.html}, language = {English}, urldate = {2021-01-10} } Discharging ElectroRAT
ElectroRAT
2021-01-01Objective-SeePatrick Wardle
@online{wardle:20210101:mac:a6f5a3b, author = {Patrick Wardle}, title = {{The Mac Malware of 2020 - a comprehensive analysis of the year's new malware}}, date = {2021-01-01}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x5F.html}, language = {English}, urldate = {2021-01-11} } The Mac Malware of 2020 - a comprehensive analysis of the year's new malware
AppleJeus Dacls EvilQuest FinFisher WatchCat XCSSET
2020-11-27Objective-SeePatrick Wardle
@online{wardle:20201127:adventures:e74df5f, author = {Patrick Wardle}, title = {{Adventures in Anti-Gravity (Part II) Deconstructing the Mac Variant of GravityRAT}}, date = {2020-11-27}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x5C.html}, language = {English}, urldate = {2020-12-08} } Adventures in Anti-Gravity (Part II) Deconstructing the Mac Variant of GravityRAT
2020-11-03Objective-SeePatrick Wardle
@online{wardle:20201103:adventures:1b70800, author = {Patrick Wardle}, title = {{Adventures in Anti-Gravity: Deconstructing the Mac Variant of GravityRAT}}, date = {2020-11-03}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x5B.html}, language = {English}, urldate = {2020-11-06} } Adventures in Anti-Gravity: Deconstructing the Mac Variant of GravityRAT
2020-09-26Objective-SeePatrick Wardle
@online{wardle:20200926:finfisher:fa6d6ad, author = {Patrick Wardle}, title = {{FinFisher Filleted: a triage of the FinSpy (macOS) malware}}, date = {2020-09-26}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x4F.html}, language = {English}, urldate = {2020-10-05} } FinFisher Filleted: a triage of the FinSpy (macOS) malware
FinFisher
2020-06-29Objective-SeePatrick Wardle
@online{wardle:20200629:osxevilquest:dc69dab, author = {Patrick Wardle}, title = {{OSX.EvilQuest Uncovered}}, date = {2020-06-29}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x59.html}, language = {English}, urldate = {2020-06-30} } OSX.EvilQuest Uncovered
EvilQuest
2020-05-05Objective-SeePatrick Wardle
@online{wardle:20200505:dacls:b9f2391, author = {Patrick Wardle}, title = {{The Dacls RAT ...now on macOS! deconstructing the mac variant of a lazarus group implant}}, date = {2020-05-05}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x57.html}, language = {English}, urldate = {2020-05-07} } The Dacls RAT ...now on macOS! deconstructing the mac variant of a lazarus group implant
Dacls
2020-02-22Objective-SeePatrick Wardle
@online{wardle:20200222:weaponizing:ea810ff, author = {Patrick Wardle}, title = {{Weaponizing a Lazarus Group Implant: repurposing a 1st-stage loader, to execute custom 'fileless' payloads}}, date = {2020-02-22}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x54.html}, language = {English}, urldate = {2020-02-27} } Weaponizing a Lazarus Group Implant: repurposing a 1st-stage loader, to execute custom 'fileless' payloads
AppleJeus
2020-01-01Objective-SeePatrick Wardle
@online{wardle:20200101:mac:1d3cffc, author = {Patrick Wardle}, title = {{The Mac Malware of 2019}}, date = {2020-01-01}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x53.html}, language = {English}, urldate = {2020-07-20} } The Mac Malware of 2019
Gmera Mokes Yort
2019-12-12Virus BulletinPatrick Wardle
@online{wardle:20191212:cyber:50cf0cd, author = {Patrick Wardle}, title = {{Cyber espionage in the Middle East: unravelling OSX.WindTail}}, date = {2019-12-12}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/04/vb2019-paper-cyber-espionage-middle-east-unravelling-osxwindtail/}, language = {English}, urldate = {2020-04-08} } Cyber espionage in the Middle East: unravelling OSX.WindTail
WindTail
2019-10-12Objective-SeePatrick Wardle
@online{wardle:20191012:pass:9a75bd6, author = {Patrick Wardle}, title = {{Pass the AppleJeus}}, date = {2019-10-12}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x49.html}, language = {English}, urldate = {2020-01-13} } Pass the AppleJeus
AppleJeus
2019-06-20Objective-SeePatrick Wardle
@online{wardle:20190620:burned:0768343, author = {Patrick Wardle}, title = {{Burned by Fire(fox)}}, date = {2019-06-20}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x43.html}, language = {English}, urldate = {2020-01-10} } Burned by Fire(fox)
Wirenet
2019-01-15Obective SeePatrick Wardle
@online{wardle:20190115:middle:687dc1d, author = {Patrick Wardle}, title = {{Middle East Cyber-Espionage: analyzing WindShift's implant: OSX.WindTail (part 2)}}, date = {2019-01-15}, organization = {Obective See}, url = {https://objective-see.com/blog/blog_0x3D.html}, language = {English}, urldate = {2019-12-18} } Middle East Cyber-Espionage: analyzing WindShift's implant: OSX.WindTail (part 2)
WindTail
2018-12-20Objective-SeePatrick Wardle
@online{wardle:20181220:middle:a318acb, author = {Patrick Wardle}, title = {{Middle East Cyber-Espionage: analyzing WindShift's implant: OSX.WindTail (part 1)}}, date = {2018-12-20}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x3B.html}, language = {English}, urldate = {2020-01-07} } Middle East Cyber-Espionage: analyzing WindShift's implant: OSX.WindTail (part 1)
WindTail
2018-06-29Objective-SeePatrick Wardle
@online{wardle:20180629:osxdummy:21758e3, author = {Patrick Wardle}, title = {{OSX.Dummy}}, date = {2018-06-29}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x32.html}, language = {English}, urldate = {2020-01-10} } OSX.Dummy
Dummy
2018-02-17Objective-SeePatrick Wardle
@online{wardle:20180217:tearing:57ab62c, author = {Patrick Wardle}, title = {{Tearing Apart the Undetected (OSX)Coldroot RAT}}, date = {2018-02-17}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x2A.html}, language = {English}, urldate = {2020-01-13} } Tearing Apart the Undetected (OSX)Coldroot RAT
Coldroot RAT