UPDATE:
Following our initial release, we have been contacted by our fellow researchers at Jamf who were able to identify three more samples that act like first-stage payloads. They are responsible for downloading the backdoor:
* e7cab6f2be47940bf36e279bbec54ec7 – Jobinfo.app.zip
* 26d6a7e3507edf9953684d367dcd44bd – Jobinfo.zip
* 775851f86cbde630808ff6d2cf8cedbf – Jobinfo.zip
Combined with information in our previous research, the investigation of these samples revealed new components of t
Leave a Reply