One Article Review
| Source |  Contagio |
|---|---|
| Identifiant | 9956 |
| Date de publication | 2013-12-08 17:54:45 (vue: 2013-12-08 17:54:45) |
| Titre | OSX malware and exploit collection (~100 files) + links and resources for OSX malware analysis |
| Texte |  'Tis the season.Here is a nice collection of ~100 Mac OS malware and Word document exploits carrying MacOS payload (all are CVE-2009-0563) along with links for OSX malware analysis.Please send your favorite tools for OSX if they are not listed.CVE-2009-0563CVE-2009-0563Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability."LinksSome OSX malware analysis tools and links http://computer-forensics.sans.org/community/papers/gcfa/mac-os-malware-analysis_2286http://en.wikibooks.org/wiki/Reverse_Engineering/Mac_OS_Xhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.htmlToolsActivity Monitor (Max OSX Utilities folder)MacMemoryze (support for Mountain Lion) free, Volatility ( |
| Envoyé | Oui |
| Condensat | $79 but http://contagioexchange http://www 0020 020412 021715 027a 041001 04bbda5b11fa0fd3c767caf4719d6a4dosx 0563 0563cve 0563stack 0da957b9b952420241f945a9a2c52a50 12f32eacbb3cd2c5623ee6976a51913a 16accb0abc051d667640b1ee4ff3a7a1osx 1b192319c8f41036a2d6b8e987809d42osx 2002 2003 2004 2007 2008; 2009 2012 2013/osx 20f0d0ce8a413a51eb16dee860021e6aosx 20osx30 2286http://en 3051 32f4792b1141ba259067f9613e2e88b5osx 3611 362d5ddb3924c625589b42030b66ca69osx 39faa22eb9d6b750ec345efcb38189f5osx 3aa9c558d4d5f1b2a6d3ce47aa26315fosx 3dc01743fb42e917e9f9ede5009f10cdosx 3dcb6d6a9ea8d9755eb61ae057b3d74aosx 417369b713f1a5f3a3dc0daf76bdcfd6osx 42c112036e319ed8df0f55c7f4c0da85osx 43f281076e185e55bece7eb2f0ec8164 4836cc480796386ed6929c38e5aad525osx 487e5cd581587d63783cdd356de9cf24osx 4c9e7ee7c0f5c19c68b45ca6c81f8d62osx 50d4f0da2e38874e417bd13b59f4c067osx 57a4eb15caa4fcc0a8f6afbbd66c4859osx 59fe83e0ae12e085e0fa301ecca6776fosx 5osx 68078cbd1a34eb7be8a044287f05cce4osx 6f055150861d8d6e145e9aca65f92822osx 74812c7b6e0a55347284abfa7d5670bf 74812c7b6e0a55347284abfa7d5670bfosx 7c433b3ac0e8072ba5e6b57298e1b28bosxweapox 7dba3a178662e7ff904d12f260f0fff3osx 7fdebb5fec63fb3739a79a66265bb765exploitsosx 80753666a54a8ae97bd6ed3a4e2f3702osx 89c35c057655e67580efd0ff8242d960osx 8ae7163c7c3c02564a4c69df1f7c483e 93a9b55bb66d0ff80676232818d5952f 93a9b55bb66d0ff80676232818d5952fosx 99&tabid=2osx 99fe5ad5ff514f5aaea8e501ddbaf95bosx 99osx 9fcfe8ef92f51f1c29a26e1516ef7003 a http://www a/description a32e073132ae0439daca9c82b8119009 a32e073132ae0439daca9c82b8119009 a32e073132ae0439daca9c82b8119009 additional a32e073132ae0439daca9c82b8119009 osx a615dd792093191e9fc975132a2db409a aabedbaab63ef19657a3a82c930cce18 abi ac99ace403d31c7079c938f9b0fd0895osx acc2b4a595939f17f7d07de2cf75cdc8osx acec5f00057d3ec94849511f3eddcb91osx action action/osx activists adware ahosx alienvault all allows alma along analyses/viruses analysis analysis author: analysisosx ancient another anti aobokeylogger aobokeylogger http://aobo aosx apple apple12 apt arbitrary archive are are cve articlesosx aspxdownloaddownload aspxosx attack attackers attacks attacksosx attacksosx/dockster b03276bfbf85cfdd7c8998004c1200daosx b24c0e60af3d3e836fbe8a92fbcc8eb7 b3a0b0da5aa01ff200cebc8af359a3c3osx b3d49091875de190f200110c2f2032d4osx b4249f9b49a9a177b4d2f4439373029aosx b4ece10d1e706b87b065523a654d48a7 b56ad86a4bacef92ef46d36eabef6467osx backdoor backdoor http://contagiodump backdoor http://www backtrack based bayrami bfc7b7b9d3e1df9d6e1a31d3e7bed628osx biglietto bilen blazingtools blog/clapzok blog/macdefender blog/new blog/pint blogspot boonana boonana http://contagiodump browsers buffer c19377d07a234d1585d85f8fa3cf77fbosx c2819c3c183bbf7547cf76c6a004ea15 c425d2be8b4af733a44ec1518f182be8osx c6ca5071907a9b6e34e1c99413dcd142osx c98ae54f4be1082b4e82548d7511077e ca74984601287459afb7b39ebebdd394osx called carrying case cc/osx cc33c95c59372afca60a0552a58d0ef8 ccb72243ef478eefe90b5898ec32389bosx center/threat cf1815491d41202eb8647341a8695e1eosx chatzum chatzum http://www clapzok clapzok http://www cleanmymacosx cloak clock cloudns code codec collection com com/ com/2010/11/nov com/2011/07/jul com/2012/03/28/osxlamadai com/2012/04/osxflashbackk com/2012/05/019 com/2012/11/group com/2012/12/osxdockstera com/2013/03/21/new com/august com/b/mmpc/archive/2012/04/30/an com/blog/2012/09/14/wirenet com/chatzum com/connect/blogs/osxiservice com/download com/en com/en/analysis/204791948/mac com/en/blog/208193470/new com/en/blog/208193616/new com/en/blog/208214064/the com/hellraiser com/mac com/malicious com/open com/osx com/osxfkcodec com/osxjahlav com/search/label/ com/security com/sw commission compatibility concrete confirmed contagio containing converter crabdance crafted crisis crisis http://www crisisb crisisbosx crystal current cve d/detailed d048f7ae2d244a264e58af67b1a20db0osx d7ddf72d17f889c2c5b302ac0a5fbdc5osx daggersosx datosx de90189f040494e3708d83a33e37e40eosx desc/spyware devilrobber devilrobber http://www discovered dis |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.