文档章节

OSX malware and exploit collection (~100 files) + links and resources for OSX malware analysis

Cnlouds
 Cnlouds
发布于 2013/11/26 02:10
字数 878
阅读 561
收藏 6

#程序员薪资揭榜#你做程序员几年了?月薪多少?发量还在么?>>>

此文为关于MAC OSX系统的所有攻击脚本和溢出代码的收藏集。附带资源链接和相关讲解文档~mark下

'Tis the season.

Here is a nice collection of ~100 Mac OS malware and Word document exploits carrying MacOS payload (all are CVE-2009-0563) along with links for OSX malware analysis.

Please send your favorite tools for OSX if they are not listed.

CVE-2009-0563

CVE-2009-0563
Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability."

Links

Some OSX malware analysis tools and links 


Tools

Malware in the provided package - links to research and news articles




Download

Download all files listed below. Please email me if you need the password scheme
OSX_CrisisB_a32e073132ae0439daca9c82b8119009  
Additional older downloads

  1. OSX_Docklight payload  http://contagioexchange.blogspot.com/2012/05/019-speechdoc-macosxms09-027a-word.html 
  2. misc OSX malware on contagio http://contagiodump.blogspot.com/search/label/-%20OSX
  3. 30 samples of ancient Mac OS malware http://contagiodump.blogspot.com/2012/04/osxflashbackk-sample-mac-os-malware.html

List of files provided in this post

  1. OSX_AoboKeylogger_362D5DDB3924C625589B42030B66CA69
  2. OSX_BackTrack-A_B03276BFBF85CFDD7C8998004C1200DA
  3. OSX_Boonana_B3A0B0DA5AA01FF200CEBC8AF359A3C3
  4. OSX_ChatZum_487E5CD581587D63783CDD356DE9CF24
  5. OSX_ChatZum_57A4EB15CAA4FCC0A8F6AFBBD66C4859
  6. OSX_Clapzok_99FE5AD5FF514F5AAEA8E501DDBAF95B
  7. OSX_Crisis_04BBDA5B11FA0FD3C767CAF4719D6A4D
  8. OSX_Crisis_42C112036E319ED8DF0F55C7F4C0DA85
  9. OSX_CrisisBOSX_CrisisB_a32e073132ae0439daca9c82b8119009 _a32e073132ae0439daca9c82b8119009 
  10. OSX_Crisis_59FE83E0AE12E085E0FA301ECCA6776F
  11. OSX_Crisis_6F055150861D8D6E145E9ACA65F92822
  12. OSX_Crisis_A32E073132AE0439DACA9C82B8119009_Biglietto Visita
  13. OSX_Crisis_ACEC5F00057D3EC94849511F3EDDCB91
  14. OSX_Crisis_FAAB883598C8C379ACFD0B9DCCC93D0C
  15. OSX_Dockster_Backdoor_C6CA5071907A9B6E34E1C99413DCD142
  16. OSX_FkCodec_74812C7B6E0A55347284ABFA7D5670BF
  17. OSX_FkCodec_74812C7B6E0A55347284ABFA7D5670BF_Codec-M
  18. OSX_FkCodec_B4ECE10D1E706B87B065523A654D48A7_download.dmg
  19. OSX_FkCodec1C5AE9F1DD9FE6F506EAABD382925CA8_codec-M.safariextz
  20. OSX_Flashback_3DCB6D6A9EA8D9755EB61AE057B3D74A
  21. OSX_Flashback_9FCFE8EF92F51F1C29A26E1516EF7003_FlashPlayer-11-macos.pkg
  22. OSX_Flashback_C2819C3C183BBF7547CF76C6A004EA15_FlashPlayer-11-macos.pkg
  23. OSX_Fucobha_IceFog_A615DD792093191E9FC975132A2DB409A_CleanMyMac
  24. OSX_Fucobha_IceFog_B4249F9B49A9A177B4D2F4439373029A
  25. OSX_Fucobha_IceFog_CF1815491D41202EB8647341A8695E1E
  26. OSX_GetShell_68078CBD1A34EB7BE8A044287F05CCE4
  27. OSX_GetShell_AC99ACE403D31C7079C938F9B0FD0895
  28. OSX_GetShell_ACC2B4A595939F17F7D07DE2CF75CDC8
  29. OSX_Hacktool_Hoylecann_FED8E22AE6F080F9B05A309C7E48B5EF
  30. OSX_HellRaiser_CA74984601287459AFB7B39EBEBDD394
  31. OSX_HellRTS.AH_KeystrokeRecorder X Pref Editor_C19377D07A234D1585D85F8FA3CF77FB
  32. OSX_HellRTS_F1AD75AEB4B4C2883DF2221C8804DA2A.AH
  33. OSX_Hovdy_Backdoor_FED713CAC7012D25F60B236E6DDCF513
  34. OSX_Inqtana.zip
  35. OSX_Iservice_4C9E7EE7C0F5C19C68B45CA6C81F8D62
  36. OSX_Iservice_E34BA325F3EEB8DF07A09EE9FBF1071D
  37. OSX_Jahlav_12F32EACBB3CD2C5623EE6976A51913A_QuickTime.xpt
  38. OSX_Jahlav_CCB72243EF478EEFE90B5898EC32389B
  39. OSX_Jahlav_D7DDF72D17F889C2C5B302AC0A5FBDC5
  40. OSX_Jahlav_FB79A75A6152EF47BBF88AE8544545CC.pl
  41. OSX_Jahlav_flash.zip
  42. OSX_Kitmos_A_39FAA22EB9D6B750EC345EFCB38189F5
  43. OSX_Kitmos_A_3AA9C558D4D5F1B2A6D3CE47AA26315F
  44. OSX_Kitmos_A_B3D49091875DE190F200110C2F2032D4
  45. OSX_Lamadai_20F0D0CE8A413A51EB16DEE860021E6A
  46. OSX_Lamadai_DE90189F040494E3708D83A33E37E40E
  47. OSX_Leverage_A_Backdoor_C425D2BE8B4AF733A44EC1518F182BE8
  48. OSX_LocalRoot_3DC01743FB42E917E9F9EDE5009F10CD
  49. OSX_Macarena_A_BFC7B7B9D3E1DF9D6E1A31D3E7BED628
  50. OSX_MacDefender_8AE7163C7C3C02564A4C69DF1F7C483E_Archive.pax
  51. OSX_MacDefender_E187F4071723808560E135647245562A_Archive.pax
  52. OSX_MacKontrol_89C35C057655E67580EFD0FF8242D960
  53. OSX_MacKontrol_E88027E4BFC69B9D29CAEF6BAE0238E8_matiriyal.dmg
  54. OSX_Macsweeper_4836CC480796386ED6929C38E5AAD525
  55. OSX_Miner_DevilRobber_417369B713F1A5F3A3DC0DAF76BDCFD6
  56. OSX_Miner_DevilRobber_EE2BA586232007FA41703EB120AC7408
  57. OSX_Miner_F8EBF03E88928EBF91A8420E3D5993FE
  58. OSX_Olyx_Backdoor_93A9B55BB66D0FF80676232818D5952F
  59. OSX_Olyx_Backdoor_93A9B55BB66D0FF80676232818D5952F_Current events 2009 July 5
  60. OSX_OpinionSpy_C98AE54F4BE1082B4E82548D7511077E_Crystal-Clock-screensaver.zip
  61. OSX_OpinionSpy_CC33C95C59372AFCA60A0552A58D0EF8_Crystal-Clock-screensaver.zip
  62. OSX_PSides_32F4792B1141BA259067F9613E2E88B5
  63. OSX_PUP_AABEDBAAB63EF19657A3A82C930CCE18_Genieo_InstallGenieo.dmg
  64. OSX_PUP_PerfectKeylog_1B192319C8F41036A2D6B8E987809D42
  65. OSX_Renepo_80753666A54A8AE97BD6ED3A4E2F3702
  66. OSX_RevirA_FE4AEFE0A416192A1A6916F8FC1CE484_revir-a.dmg
  67. OSX_RevirC_Imuler_7DBA3A178662E7FF904D12F260F0FFF3
  68. OSX_Safari_B24C0E60AF3D3E836FBE8A92FBCC8EB7.dat
  69. OSX_SniperSpy
  70. OSX_Wirenet_50D4F0DA2E38874E417BD13B59F4C067
  71. OSX_Wirenet_B56AD86A4BACEF92EF46D36EABEF6467
  72. OSX_Wirenet_D048F7AE2D244A264E58AF67B1A20DB0
  73. OSX_Yontoo_16ACCB0ABC051D667640B1EE4FF3A7A1
  74. OSX_Yontoo_7C433B3AC0E8072BA5E6B57298E1B28B
  75. OSXWeapoX_7FDEBB5FEC63FB3739A79A66265BB765
EXPLOITS
OSX_CVE-2009-0563 targeting Tibetan and Uyghur activists (filenames shortened here)
  1. 0DA957B9B952420241F945A9A2C52A50_C2-alma.apple.cloudns.org_ParticipantsArrivalDeparture.doc
  2. 0E5110493FD197813068310E57467B44_C2-alma.apple.cloudns.org _Uighur Han unrest.doc
  3. 0E945428D07464EC33EBDFF5712FE788_C2-update.googmail.org_Jenwediki yighingha.doc
  4. 1218840F3B66832CC58C33C75AD3D419_C2-update.googmail.org_Uyghur_Xitayning Yengi Rehberlik.doc
  5. 1CE3C4A8907A242250D366586711CBDC_C2-alma.apple.cloudns.org _Rabiye_hanim_bilen_Dolkun_Isa.doc
  6. 2567399683111CFCB838C5DA80DF181D_Tibetan Parliament urges World to take concrete step on Tibet.doc
  7. 28821C5FD38B11EE630D87961C11A3D7_DUQning reyisi namzatlar isimliki.doc
  8. 3D28AE551B9BD4C62FFC6C72F5668D96_Tibet_The United Nations Commission for Human Rights.doc
  9. 3D90D04C09C6B4D5D52888C89BDE9685_Tibetan Parliament urges World.doc
  10. 567ECE88B2D6F4F12F0D0760C30605EE_C2-apple12.crabdance.com_list.doc
  11. 58A0A5824A6B30EA7EEBBB51818AE04B_uYGHUR_Jenwe yinghinining xeweri.doc
  12. 786A7D1A1DCEC50E6A89E3CC8F33A3AE_Uyghur_Dunya Uyghur Qurultayigha iane qilish toghrisida.doc
  13. 7D7A5C530A7DBF24C42145A0EFCC8669_kurban-bayrami.doc
  14. 8618BCCB98F7D20634EBEDC488981E86_C2-update.googmail.org_email73.doc
  15. 908116A30F53EDF9D1749E3F0F267680_Website-TGSL.doc
  16. 9F9F96D5C882528D08315201042647DF_C2-update.googmail.org_Uyghur_The Duke Program.doc
  17. BA76DE3471497A8B1858AF4A8C700AE1_www.uyghurcongress.org.doc
  18. C024E159A96F3292915B257070FC3325_Sartin-TGSL.doc
  19. DD7C486BC17772A5E96425271FA5ED4D_c2-apple12.crabdance.com_10. Jahresgedenktag.doc
  20. E510AE50B0344EFBE1F8888771C7446C_www.tughlan.com.doc
  21. E683339BCCFDEB0F06C7E567F2C284C5_Planning for action.doc
  22. ECE44C00D46BE019AFF38FD5D31B9110_C2-update.googmail.org_UAA 2012 Saylam Komtiti saylam.doc
  23. F81775C93F7337E0664F1D106E13C7B3_C2-update.googmail.org_Uyghur_Human Rights Education.doc
  24. FBE399BF714184ED7FEA313F36A86514_C2-apple12.crabdance.com_Uyghur_Putun Dunyadiki Sherqi.doc
  25. MacOSSabpub-A_43F281076E185E55BECE7EB2F0EC8164.doc

   via@

© 著作权归作者所有

Cnlouds
粉丝 13
博文 95
码字总数 56136
作品 0
海淀
程序员
私信 提问
加载中

评论(2)

caiyingping
caiyingping
赞一个
caiyingping
caiyingping
关注
Mac-MacOS降级(Mac系统降级,系统回退)

前言 最近把macOS更新到了 macOS Catalina,使用了一段时间后,结合自己的使用环境和体验,感觉 Catalina 不太好用,就想把系统回退到 macOS Mojave,但是平时几乎不用时间机器去备份,所以若...

osc_05umekgg
02/22
9
0
APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4,Security Update 2019-002 High Sierra, Security Update 2...

APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Secu......

osc_wmsc0xiz
2019/03/26
4
0
macOS 开发 - 入门笔记

文章目录 一、引言 二、招聘信息 三、相关书籍推荐 1、《macOS应用开发基础教程》 2、《Cocoa入门:使用Objective-C》 3、非虫:《macOS软件安全与逆向分析》 4、官方开发文档 5、深入解析M...

osc_k11w4vu5
2019/05/06
28
0
制作 macOS High Sierra U盘USB启动安装盘方法教程 (全新安装 Mac 系统)

方法一:使用命令行创建制作 macOS High Sierra 正式版 USB 安装盘 首先,准备一个 8GB 或更大容量的 U盘,并备份好里面的所有资料。 下载好 macOS High Sierra 正式版的安装程序 打开 “应用...

osc_6ddefhon
2018/03/28
5
0
mac下在ntfs下建立软链接的问题

我在Mac系统上把一个很大的游戏(本地硬盘不够用了)解压到移动硬盘上,结果双击那个app文件(夹)运行程序,提示"不能运行程序....已损坏...",显示包内容查看是因为Info.plist的软链接有问...

iman123
2014/04/01
1.1K
0

没有更多内容

加载失败,请刷新页面

加载更多

如何限制利用spring boot 框架自动限制上传文件

spring:   application:     name: appname   servlet:     multipart:       enabled: true       max-file-size: 512MB       max-request-size: 512MB @Ex...

osc_31d5oo2i
16分钟前
9
0
NATAPP1分钟快速新手图文教程(远程办公程序员联调神器)

NATAPP官方地址:https://natapp.cn/ 应用场景:前后端异地联调、系统演示、远程临时访问 首先在本站注册账号 点击注册 登录后,点击左边 购买隧道,免费/付费均可 根据需要选择隧道协议,这里以...

明德先生
18分钟前
6
0
李子柒的视频为什么这么吸引人?对她在B站上发布的视频进行分析

前言 本文的文字及图片来源于网络,仅供学习、交流使用,不具有任何商业用途,版权归原作者所有,如有问题请及时联系我们以作处理。 作者:CDA数据分析师 加企鹅群695185429即可免费获取,资料全...

osc_tc2z9lbh
18分钟前
9
0
MySQL如何有效的存储IP地址

前几天,阿淼的一个朋友去面试,他回来告诉我,面试官问他 IP 地址是怎么存在数据库的?他当时也没多想,直接就回答的存字符串啊(心想:这么简单的问题,怕不是看不起我吧) 前面这段权当看...

osc_q5m9dzk0
19分钟前
18
0
一口气说出8种幂等性解决重复提交的方案,面试官懵了!

1.什么是幂等 在我们编程中常见幂等 1)select查询天然幂等 2)delete删除也是幂等,删除同一个多次效果一样 3)update直接更新某个值的,幂等 4)update更新累加操作的,非幂等 5)insert非幂等操作...

osc_kd8rd7b3
21分钟前
3
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部