OSX_OCEANLOTUS.D
MITRE
Tipo Malware:
Other
Other
Prima attivita:
Unknown
Unknown
Ultima attivita:
Unknown
Unknown
Dettagli:
[OSX_OCEANLOTUS.D](https://attack.mitre.org/software/S0352) is a macOS backdoor used by [APT32](https://attack.mitre.org/groups/G0050). First discovered in 2015, [APT32](https://attack.mitre.org/groups/G0050) has continued to make improvements using a plugin architecture to extend capabilities, specifically using `.dylib` files. [OSX_OCEANLOTUS.D](https://attack.mitre.org/software/S0352) can also determine it's permission level and execute according to access type (`root` or `user`).(Citation: Unit42 OceanLotus 2017)(Citation: TrendMicro MacOS April 2018)(Citation: Trend Micro MacOS Backdoor November 2020)
Tecniche Associate (28)
| ID | ATT&CK | Tattiche |
|---|---|---|
| T1005 | Data from Local System | - |
| T1016 | System Network Configuration Discovery | - |
| T1027.002 | Software Packing | - |
| T1027.013 | Encrypted/Encoded File | - |
| T1036.004 | Masquerade Task or Service | - |
| T1036.008 | Masquerade File Type | - |
| T1059.001 | PowerShell | - |
| T1059.004 | Unix Shell | - |
| T1059.005 | Visual Basic | - |
| T1070.004 | File Deletion | - |
| T1070.006 | Timestomp | - |
| T1071.001 | Web Protocols | - |
| T1082 | System Information Discovery | - |
| T1095 | Non-Application Layer Protocol | - |
| T1105 | Ingress Tool Transfer | - |
Alias (105)
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Usato da Attori (1)
Metadata
| ID: | 491 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |