S0352macOS
S0352OSX_OCEANLOTUS.D
Platforms
1
ATT&CK
14.1
References
4
Description
[OSX_OCEANLOTUS.D](https://attack.mitre.org/software/S0352) is a macOS backdoor used by [APT32](https://attack.mitre.org/groups/G0050). First discovered in 2015, [APT32](https://attack.mitre.org/groups/G0050) has continued to make improvements using a plugin architecture to extend capabilities, specifically using `.dylib` files. [OSX_OCEANLOTUS.D](https://attack.mitre.org/software/S0352) can also determine it's permission level and execute according to access type (`root` or `user`).(Citation: Unit42 OceanLotus 2017)(Citation: TrendMicro MacOS April 2018)(Citation: Trend Micro MacOS Backdoor November 2020)
Platforms· 1
macOS
Attributed to1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Group | APT32g0050 | 100% | live |
References
- https://attack.mitre.org/software/S0352
- https://unit42.paloaltonetworks.com/unit42-new-improved-macos-backdoor-oceanlotus/
- https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-backdoor-linked-to-oceanlotus-found/
- https://www.trendmicro.com/en_us/research/20/k/new-macos-backdoor-connected-to-oceanlotus-surfaces.html
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.