Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-11-03Objective-SeePatrick Wardle
@online{wardle:20201103:adventures:1b70800, author = {Patrick Wardle}, title = {{Adventures in Anti-Gravity: Deconstructing the Mac Variant of GravityRAT}}, date = {2020-11-03}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x5B.html}, language = {English}, urldate = {2020-11-06} } Adventures in Anti-Gravity: Deconstructing the Mac Variant of GravityRAT
2020-09-26Objective-SeePatrick Wardle
@online{wardle:20200926:finfisher:fa6d6ad, author = {Patrick Wardle}, title = {{FinFisher Filleted: a triage of the FinSpy (macOS) malware}}, date = {2020-09-26}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x4F.html}, language = {English}, urldate = {2020-10-05} } FinFisher Filleted: a triage of the FinSpy (macOS) malware
FinFisher
2020-06-29Objective-SeePatrick Wardle
@online{wardle:20200629:osxevilquest:dc69dab, author = {Patrick Wardle}, title = {{OSX.EvilQuest Uncovered}}, date = {2020-06-29}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x59.html}, language = {English}, urldate = {2020-06-30} } OSX.EvilQuest Uncovered
EvilQuest
2020-05-05Objective-SeePatrick Wardle
@online{wardle:20200505:dacls:b9f2391, author = {Patrick Wardle}, title = {{The Dacls RAT ...now on macOS! deconstructing the mac variant of a lazarus group implant}}, date = {2020-05-05}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x57.html}, language = {English}, urldate = {2020-05-07} } The Dacls RAT ...now on macOS! deconstructing the mac variant of a lazarus group implant
Dacls
2020-02-22Objective-SeePatrick Wardle
@online{wardle:20200222:weaponizing:ea810ff, author = {Patrick Wardle}, title = {{Weaponizing a Lazarus Group Implant: repurposing a 1st-stage loader, to execute custom 'fileless' payloads}}, date = {2020-02-22}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x54.html}, language = {English}, urldate = {2020-02-27} } Weaponizing a Lazarus Group Implant: repurposing a 1st-stage loader, to execute custom 'fileless' payloads
AppleJeus
2020-01-01Objective-SeePatrick Wardle
@online{wardle:20200101:mac:1d3cffc, author = {Patrick Wardle}, title = {{The Mac Malware of 2019}}, date = {2020-01-01}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x53.html}, language = {English}, urldate = {2020-07-20} } The Mac Malware of 2019
Gmera Mokes Yort
2019-12-12Virus BulletinPatrick Wardle
@online{wardle:20191212:cyber:50cf0cd, author = {Patrick Wardle}, title = {{Cyber espionage in the Middle East: unravelling OSX.WindTail}}, date = {2019-12-12}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/04/vb2019-paper-cyber-espionage-middle-east-unravelling-osxwindtail/}, language = {English}, urldate = {2020-04-08} } Cyber espionage in the Middle East: unravelling OSX.WindTail
WindTail
2019-10-12Objective-SeePatrick Wardle
@online{wardle:20191012:pass:9a75bd6, author = {Patrick Wardle}, title = {{Pass the AppleJeus}}, date = {2019-10-12}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x49.html}, language = {English}, urldate = {2020-01-13} } Pass the AppleJeus
AppleJeus
2019-06-20Objective-SeePatrick Wardle
@online{wardle:20190620:burned:0768343, author = {Patrick Wardle}, title = {{Burned by Fire(fox)}}, date = {2019-06-20}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x43.html}, language = {English}, urldate = {2020-01-10} } Burned by Fire(fox)
Wirenet
2019-01-15Obective SeePatrick Wardle
@online{wardle:20190115:middle:687dc1d, author = {Patrick Wardle}, title = {{Middle East Cyber-Espionage: analyzing WindShift's implant: OSX.WindTail (part 2)}}, date = {2019-01-15}, organization = {Obective See}, url = {https://objective-see.com/blog/blog_0x3D.html}, language = {English}, urldate = {2019-12-18} } Middle East Cyber-Espionage: analyzing WindShift's implant: OSX.WindTail (part 2)
WindTail
2018-12-20Objective-SeePatrick Wardle
@online{wardle:20181220:middle:a318acb, author = {Patrick Wardle}, title = {{Middle East Cyber-Espionage: analyzing WindShift's implant: OSX.WindTail (part 1)}}, date = {2018-12-20}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x3B.html}, language = {English}, urldate = {2020-01-07} } Middle East Cyber-Espionage: analyzing WindShift's implant: OSX.WindTail (part 1)
WindTail
2018-06-29Objective-SeePatrick Wardle
@online{wardle:20180629:osxdummy:21758e3, author = {Patrick Wardle}, title = {{OSX.Dummy}}, date = {2018-06-29}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x32.html}, language = {English}, urldate = {2020-01-10} } OSX.Dummy
Dummy
2018-02-17Objective-SeePatrick Wardle
@online{wardle:20180217:tearing:57ab62c, author = {Patrick Wardle}, title = {{Tearing Apart the Undetected (OSX)Coldroot RAT}}, date = {2018-02-17}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x2A.html}, language = {English}, urldate = {2020-01-13} } Tearing Apart the Undetected (OSX)Coldroot RAT
Coldroot RAT
2018-02-05Objective-SeePatrick Wardle
@online{wardle:20180205:analyzing:928c52d, author = {Patrick Wardle}, title = {{Analyzing OSX/CreativeUpdater}}, date = {2018-02-05}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x29.html}, language = {English}, urldate = {2020-01-10} } Analyzing OSX/CreativeUpdater
CreativeUpdater
2018-02-05Patrick Wardle
@online{wardle:20180205:analyzing:7b606e1, author = {Patrick Wardle}, title = {{Analyzing OSX/CreativeUpdater a macOS cryptominer, distributed via macupdate.com}}, date = {2018-02-05}, url = {https://digitasecurity.com/blog/2018/02/05/creativeupdater/}, language = {English}, urldate = {2019-12-05} } Analyzing OSX/CreativeUpdater a macOS cryptominer, distributed via macupdate.com
CreativeUpdater
2018-01-24Objective-SeePatrick Wardle
@online{wardle:20180124:analyzing:5922fbb, author = {Patrick Wardle}, title = {{Analyzing CrossRAT: A cross-platform implant, utilized in a global cyber-espionage campaign}}, date = {2018-01-24}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x28.html}, language = {English}, urldate = {2019-11-27} } Analyzing CrossRAT: A cross-platform implant, utilized in a global cyber-espionage campaign
CrossRAT
2018-01-11Objective-SeePatrick Wardle
@online{wardle:20180111:ay:2c79d80, author = {Patrick Wardle}, title = {{Ay MaMi}}, date = {2018-01-11}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x26.html}, language = {English}, urldate = {2020-01-08} } Ay MaMi
MaMi
2017-11Virus BulletinPatrick Wardle
@online{wardle:201711:offensive:6abd0b8, author = {Patrick Wardle}, title = {{Offensive malware analysis: dissecting OSX/FruitFly.B via a custom C&C server}}, date = {2017-11}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2017/11/vb2017-paper-offensive-malware-analysis-dissecting-osxfruitflyb-custom-cc-server/}, language = {English}, urldate = {2020-01-08} } Offensive malware analysis: dissecting OSX/FruitFly.B via a custom C&C server
FruitFly
2017-08-08Objective-SeePatrick Wardle
@online{wardle:20170808:wtf:7e38e1e, author = {Patrick Wardle}, title = {{WTF is Mughthesec!?}}, date = {2017-08-08}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x20.html}, language = {English}, urldate = {2020-01-07} } WTF is Mughthesec!?
Mughthesec
2017-06-12Objective-SeePatrick Wardle
@online{wardle:20170612:osxmacransom:bac498a, author = {Patrick Wardle}, title = {{OSX/MacRansom}}, date = {2017-06-12}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x1E.html}, language = {English}, urldate = {2019-10-23} } OSX/MacRansom
MacRansom