“- date because you never really know what might happen on their machines. persistence is futile once malware makes it onto the machine, it will need a way to persist past reboots. the main persistence mechanism used by macos malware uses launchagents. this is accomplished by addi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
86%
“. windows users are used to having to update software like adobe flash player or reader and may be easy prey to malware authors under such guise. another way that malware can take advantage of users ’ unfamiliarity with macos features is by crafting malicious urls that may result…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
80%
“various macos attacker tactics — let alone our roots in hunting for persistence — persistence was the obvious place to start. persistence is prevalent across many malware families on macos, as we ’ ll see later. common infection vectors as identified by patrick wardle in previous…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1547.009Shortcut Modification
56%
“various macos attacker tactics — let alone our roots in hunting for persistence — persistence was the obvious place to start. persistence is prevalent across many malware families on macos, as we ’ ll see later. common infection vectors as identified by patrick wardle in previous…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1546.004Unix Shell Configuration Modification
48%
“across some customers and have managed to already detect malware. one example we ’ ve found during this time is bundlore. bundlore is a malicious macos x adware that bundles multiple different types of adware together and is then installed on the host. this nasty piece of malware…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.001Malicious Link
31%
“various macos attacker tactics — let alone our roots in hunting for persistence — persistence was the obvious place to start. persistence is prevalent across many malware families on macos, as we ’ ll see later. common infection vectors as identified by patrick wardle in previous…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
We're excited to announce the general availability of the Huntress macOS agent! And don't worry – Persistent Footholds are just the beginning.