Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
d1TtkSBl05.dmg
|
zlib compressed data
|
initial sample
|
||
|
/dev/null
|
ASCII text
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/mds/mdsDirectory.db_
|
Mac OS X Keychain File
|
dropped
|
||
|
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/mds/mdsObject.db_
|
Mac OS X Keychain File
|
dropped
|
||
|
/private/var/log/wifi.log.0.bz2
|
bzip2 compressed data, block size = 900k
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/usr/libexec/xpcproxy
|
-
|
||
|
/usr/libexec/nsurlstoraged
|
/usr/libexec/nsurlstoraged --privileged
|
||
|
/usr/bin/bzip2
|
-
|
||
|
/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
|
-
|
||
|
/usr/bin/open
|
/usr/bin/open /Volumes/Mac Evaluation Utility 4.6.2/Mac Evaluation Utility 4.6.2.pkg
|
||
|
/usr/libexec/xpcproxy
|
-
|
||
|
/System/Library/CoreServices/Installer.app/Contents/MacOS/Installer
|
/System/Library/CoreServices/Installer.app/Contents/MacOS/Installer
|
||
|
/usr/libexec/xpcproxy
|
-
|
||
|
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
|
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
|
||
|
/usr/libexec/xpcproxy
|
-
|
||
|
/usr/libexec/firmwarecheckers/eficheck/eficheck
|
/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon
|
There are 1 hidden processes, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
appledownload.map.fastly.net
|
151.101.3.8
|
||
|
h3.apis.apple.map.fastly.net
|
151.101.3.6
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
151.101.3.8
|
appledownload.map.fastly.net
|
United States
|
||
|
151.101.3.6
|
h3.apis.apple.map.fastly.net
|
United States
|
||
|
151.101.195.6
|
unknown
|
United States
|
||
|
23.46.224.247
|
unknown
|
United States
|
||
|
151.101.67.6
|
unknown
|
United States
|