OSX_OCEANLOTUS.D
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[OSX_OCEANLOTUS.D](https://attack.mitre.org/software/S0352) is a macOS backdoor used by [APT32](https://attack.mitre.org/groups/G0050). First discovered in 2015, [APT32](https://attack.mitre.org/groups/G0050) has continued to make improvements using a plugin architecture to extend capabilities, specifically using `.dylib` files. [OSX_OCEANLOTUS.D](https://attack.mitre.org/software/S0352) can also determine it's permission level and execute according to access type (`root` or `user`).(Citation: Unit42 OceanLotus 2017)(Citation: TrendMicro MacOS April 2018)(Citation: Trend Micro MacOS Backdoor November 2020)
Associated Techniques (28)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1005 | Data from Local System | - |
| T1016 | System Network Configuration Discovery | - |
| T1027.002 | Software Packing | - |
| T1027.013 | Encrypted/Encoded File | - |
| T1036.004 | Masquerade Task or Service | - |
| T1036.008 | Masquerade File Type | - |
| T1059.001 | PowerShell | - |
| T1059.004 | Unix Shell | - |
| T1059.005 | Visual Basic | - |
| T1070.004 | File Deletion | - |
| T1070.006 | Timestomp | - |
| T1071.001 | Web Protocols | - |
| T1082 | System Information Discovery | - |
| T1095 | Non-Application Layer Protocol | - |
| T1105 | Ingress Tool Transfer | - |
Aliases (105)
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Backdoor.MacOS.OCEANLOTUS.F
Used by Actors (1)
Metadata
| ID: | 491 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |