OSX HiddenLotus

OSquery

Apple added XProtect rules for this sample: (https://www.virustotal.com/en/file/f261815905e77eebdb5c4ec06a7acdda7b68644b1f5155049f133be866d8b179/analysis/1509567775/):

Query

select * from launchd where name = 'com.apple.hidd.shared.plist';

Additional Query Info

  • Version: 1.4.5
  • Interval: 3600

JSON

{
  "queries": {
    "OSX HiddenLotus": {
      "query": "select * from launchd where name = 'com.apple.hidd.shared.plist';",
      "interval": "3600",
      "platform": "",
      "version": "1.4.5",
      "description": "Apple added XProtect rules for this sample: (https://www.virustotal.com/en/file/f261815905e77eebdb5c4ec06a7acdda7b68644b1f5155049f133be866d8b179/analysis/1509567775/)",
      "value": ""
    }
  }
}