(osquery#3500) Add Check for Additional Leverage Variant

clong · Jul 31, 2017 · be1a943 · be1a943
1 parent 383a39b
commit be1a943
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/packs/osx-attacks.conf b/packs/osx-attacks.conf
@@ -28,6 +28,13 @@
       "description" : "(http://www.intego.com/mac-security-blog/new-mac-trojan-discovered-related-to-syria/)",
       "value" : "Artifact used by this malware"
     },
+    "Leverage-A_3": {
+      "query" : "select * from launchd where name = 'com.GetFlashPlayer.plist';",
+      "interval" : "3600",
+      "version": "1.4.5",
+      "description" : "(https://www.volexity.com/blog/2017/07/24/real-news-fake-flash-mac-os-x-users-targeted/)",
+      "value" : "Artifact used by this malware"
+    },
     "Tibet.D": {
       "query" : "select * from launchd where path like '%com.apple.AudioService.plist';",
       "interval" : "3600",