Neo23x0
commented
7 years ago Its a false positive that originated from this OTX pulse
https://otx.alienvault.com/pulse/594c00a2f2bf36170e38c4b7
I have notified the author - AlienVault
Closed daga480 closed 7 years ago
Neo23x0
commented
7 years ago Its a false positive that originated from this OTX pulse
https://otx.alienvault.com/pulse/594c00a2f2bf36170e38c4b7
I have notified the author - AlienVault
Entire file is 8 bytes (APPL????) and is reported as a macOS backdoor:
[ALERT] FILE: H:\Export\REDACTED\Downloads\SophosInstall\Sophos Installer.app\Contents\PkgInfo SCORE: 100 TYPE: UNKNOWN SIZE: 8 FIRST_BYTES: 4150504c3f3f3f3f / APPL???? MD5: 23b7d7d024abb0f558420e098800bf27 SHA1: 9f9eea0cfe2d65f2c3d6b092e375b40782d08f31 SHA256: 82502191c9484b04d685374f9879a0066069c49b8acae7a04b01d38d07e8eca0 CREATED: Tue Oct 24 09:59:26 2017 MODIFIED: Tue Oct 24 13:54:26 2017 ACCESSED: Thu Nov 09 00:14:58 2017 REASON_1: Malware Hash TYPE: SHA256 HASH: 82502191c9484b04d685374f9879a0066069c49b8acae7a04b01d38d07e8eca0 SUBSCORE: 100 DESC: The New and Improved macOS Backdoor from OceanLotus https://researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-ba