Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-08-21SentinelOnePhil Stokes, Dinesh Devadoss
@online{stokes:20230821:xloaders:5c2fc62, author = {Phil Stokes and Dinesh Devadoss}, title = {{XLoader's Latest Trick | New macOS Variant Disguised as Signed OfficeNote App}}, date = {2023-08-21}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/xloaders-latest-trick-new-macos-variant-disguised-as-signed-officenote-app/}, language = {English}, urldate = {2023-08-22} } XLoader's Latest Trick | New macOS Variant Disguised as Signed OfficeNote App
Xloader
2023-07-05SentinelOnePhil Stokes
@online{stokes:20230705:bluenoroff:15e17f0, author = {Phil Stokes}, title = {{BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection}}, date = {2023-07-05}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/bluenoroff-how-dprks-macos-rustbucket-seeks-to-evade-analysis-and-detection/}, language = {English}, urldate = {2023-07-08} } BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection
RustBucket
2022-09-26SentinelOneDinesh Devadoss, Phil Stokes
@online{devadoss:20220926:lazarus:36bd682, author = {Dinesh Devadoss and Phil Stokes}, title = {{Lazarus ‘Operation In(ter)ception’ Targets macOS Users Dreaming of Jobs in Crypto}}, date = {2022-09-26}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/lazarus-operation-interception-targets-macos-users-dreaming-of-jobs-in-crypto}, language = {English}, urldate = {2023-08-13} } Lazarus ‘Operation In(ter)ception’ Targets macOS Users Dreaming of Jobs in Crypto
Interception
2022-05-09Dinesh Devadoss, Phil Stokes
@online{devadoss:20220509:from:d580095, author = {Dinesh Devadoss and Phil Stokes}, title = {{From the Front Lines | Unsigned macOS oRAT Malware Gambles For The Win}}, date = {2022-05-09}, url = {https://www.sentinelone.com/blog/from-the-front-lines-unsigned-macos-orat-malware-gambles-for-the-win/}, language = {English}, urldate = {2022-05-11} } From the Front Lines | Unsigned macOS oRAT Malware Gambles For The Win
oRAT
2022-05-09SentinelOneDinesh Devadoss, Phil Stokes
@online{devadoss:20220509:from:658ed35, author = {Dinesh Devadoss and Phil Stokes}, title = {{From the Front Lines | Unsigned macOS oRAT Malware Gambles For The Win}}, date = {2022-05-09}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/from-the-front-lines-unsigned-macos-orat-malware-gambles-for-the-win}, language = {English}, urldate = {2022-05-11} } From the Front Lines | Unsigned macOS oRAT Malware Gambles For The Win
2022-03-21SentinelOnePhil Stokes
@online{stokes:20220321:art:6f00b56, author = {Phil Stokes}, title = {{The Art and Science of macOS Malware Hunting with radare2 | Leveraging Xrefs, YARA and Zignatures}}, date = {2022-03-21}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/the-art-and-science-of-macos-malware-hunting-with-radare2-leveraging-xrefs-yara-and-zignatures/}, language = {English}, urldate = {2022-03-25} } The Art and Science of macOS Malware Hunting with radare2 | Leveraging Xrefs, YARA and Zignatures
AbstractEmu Vigram
2022-02-01SentinelOnePhil Stokes
@online{stokes:20220201:sneaky:9162ee7, author = {Phil Stokes}, title = {{Sneaky Spies and Backdoor RATs | SysJoker and DazzleSpy Malware Target macOS}}, date = {2022-02-01}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/sneaky-spies-and-backdoor-rats-sysjoker-and-dazzlespy-malware-target-macos/}, language = {English}, urldate = {2022-02-07} } Sneaky Spies and Backdoor RATs | SysJoker and DazzleSpy Malware Target macOS
DazzleSpy SysJoker
2021-11-15SentinelOnePhil Stokes
@online{stokes:20211115:infect:a1d440c, author = {Phil Stokes}, title = {{Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma}}, date = {2021-11-15}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/infect-if-needed-a-deeper-dive-into-targeted-backdoor-macos-macma/}, language = {English}, urldate = {2021-11-17} } Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma
CDDS
2021-09-20SentinelOnePhil Stokes
@online{stokes:20210920:defeating:452749e, author = {Phil Stokes}, title = {{Defeating macOS Malware Anti-Analysis Tricks with Radare2}}, date = {2021-09-20}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/defeating-macos-malware-anti-analysis-tricks-with-radare2/}, language = {English}, urldate = {2021-10-11} } Defeating macOS Malware Anti-Analysis Tricks with Radare2
EvilQuest
2021-07-26SentinelOnePhil Stokes
@online{stokes:20210726:detecting:5795d48, author = {Phil Stokes}, title = {{Detecting XLoader | A macOS ‘Malware-as-a-Service’ Info Stealer and Keylogger}}, date = {2021-07-26}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/detecting-xloader-a-macos-malware-as-a-service-info-stealer-and-keylogger/}, language = {English}, urldate = {2021-07-26} } Detecting XLoader | A macOS ‘Malware-as-a-Service’ Info Stealer and Keylogger
Xloader
2021-03-18SentinelOnePhil Stokes
@online{stokes:20210318:new:08a6649, author = {Phil Stokes}, title = {{New macOS malware XcodeSpy Targets Xcode Developers with EggShell Backdoor}}, date = {2021-03-18}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/}, language = {English}, urldate = {2021-03-19} } New macOS malware XcodeSpy Targets Xcode Developers with EggShell Backdoor
2021-01-11Sentinel LABSPhil Stokes
@online{stokes:20210111:fade:70be08e, author = {Phil Stokes}, title = {{FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts}}, date = {2021-01-11}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/}, language = {English}, urldate = {2021-01-18} } FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts
OSAMiner
2020-12-02SentinelOnePhil Stokes
@online{stokes:20201202:apt32:acd6b3a, author = {Phil Stokes}, title = {{APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique}}, date = {2020-12-02}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/apt32-multi-stage-macos-trojan-innovates-on-crimeware-scripting-technique/}, language = {English}, urldate = {2020-12-08} } APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique
OceanLotus
2020-11-05SentinelOnePhil Stokes
@online{stokes:20201105:resourceful:2b135e6, author = {Phil Stokes}, title = {{Resourceful macOS Malware Hides in Named Fork}}, date = {2020-11-05}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/resourceful-macos-malware-hides-in-named-fork/}, language = {English}, urldate = {2020-11-09} } Resourceful macOS Malware Hides in Named Fork
Bundlore
2020-07-27SentinelOnePhil Stokes
@online{stokes:20200727:four:9d80c60, author = {Phil Stokes}, title = {{Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform}}, date = {2020-07-27}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/four-distinct-families-of-lazarus-malware-target-apples-macos-platform/}, language = {English}, urldate = {2020-07-30} } Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform
AppleJeus Casso Dacls WatchCat
2020-07-08SentinelOnePhil Stokes
@online{stokes:20200708:evilquest:aeb5d92, author = {Phil Stokes}, title = {{“EvilQuest” Rolls Ransomware, Spyware & Data Theft Into One}}, date = {2020-07-08}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/evilquest-a-new-macos-malware-rolls-ransomware-spyware-and-data-theft-into-one/}, language = {English}, urldate = {2022-03-02} } “EvilQuest” Rolls Ransomware, Spyware & Data Theft Into One
EvilQuest
2020-06-08SentinelOnePhil Stokes
@online{stokes:20200608:guide:6052f6c, author = {Phil Stokes}, title = {{A Guide to macOS Threat Hunting and Incident Response}}, date = {2020-06-08}, organization = {SentinelOne}, url = {https://assets.sentinelone.com/c/sentinal-one-mac-os-?x=FvGtLJ}, language = {English}, urldate = {2020-06-11} } A Guide to macOS Threat Hunting and Incident Response
2020-05-15SentinelOnePhil Stokes
@online{stokes:20200515:guide:42eb247, author = {Phil Stokes}, title = {{A Guide to macOS Threat Hunting and Incident Response}}, date = {2020-05-15}, organization = {SentinelOne}, url = {https://assets.sentinelone.com/c/sentinal-one-mac-os-?x=FvGtLJ&xs=123009}, language = {English}, urldate = {2022-03-28} } A Guide to macOS Threat Hunting and Incident Response
2018-09-20SentinelOnePhil Stokes
@online{stokes:20180920:trail:79336e9, author = {Phil Stokes}, title = {{On the Trail of OSX.FairyTale | Adware Playing at Malware}}, date = {2018-09-20}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/trail-osx-fairytale-adware-playing-malware/}, language = {English}, urldate = {2020-01-08} } On the Trail of OSX.FairyTale | Adware Playing at Malware
FailyTale