Many of the samples originate from trojanized versions of Logic Pro, but other popular creative applications have been abused including Adobe Zii, Photoshop, Illustrator and Ableton Live.
The malware has been distributed on the PirateBay in cracked apps for at least three years by user wtfisthat34698409672.
Honkbox is a multistage cryptominer with three identified variants that make novel use of the I2P project. XProtect update v2166 includes three signatures for Honkbox Apple’s YARA rules dubbed the malware ‘Honkbox’ ( aka HONKBOX, but we’ll spare your eyes). The new signatures departed from Apple’s recent practice and used human-readable malware names instead of their usual short base 16 strings. In this post, we describe Honkbox from a threat hunter’s point of view, providing a comprehensive breakdown of file characteristics, unique behavior and sample hashes that analysts and SOC teams can ingest to further aid their detection and response.Īpple updated XProtect last week in light of a publication by researchers at Jamf describing a known but relatively undocumented macOS malware. Honkbox is an active threat with at least three variants and multiple components, some of which have not been previously documented. Apple’s update comes on the back of new research from Jamf, which itself builds on earlier research from other sources. Version 2166 added several new signatures for a threat it labels “Honkbox”, a cryptominer characterized by its leverage of XMRig and the “Invisible Internet Project” ( aka I2P). taken from here: GitHub - cliv/cs-falcon-protect-intune: Instructions and Code to deploy Crowdstrike Falcon via IntuneĪll this was working flawlessly during the tests but when we enabled the Prod POV last week - it's not working.For the first time since November 2022, Apple last week released an update to its internal YARA-based malware file blocking service, XProtect. mobileconfig to push the FDA, Network monitoring etc. Sudo /Applications/Falcon.app/Contents/Resources/falconctl load Sudo /Applications/Falcon.app/Contents/Resources/falconctl license XXXXXXXXXXXXXXXXXXX intunemac in Intune and assign to Usersĭistribute the license as. intunemac (remove some unnecessary BundleIDs from Detection.xml which is part of the. During the tests we figured out all the issues with Intune deployment but now it's not working again and im struggling on the MacOS deployment.
I tested out Crowdstrike during the summer and me and my company decided to implement it.
0 kommentar(er)
