valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-06 01:25:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Removing Keyboard Event Taps from osx-attacks (#7023)

Browse Source
This commit is contained in:
Chris Long 2021-03-25 19:00:35 -07:00 committed by GitHub
parent 4d7bb03afc
commit 7b795ea299
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
packs/osx-attacks.conf
View File

@ -596,13 +596,6 @@
"description": "OSX Dummy Malware (https://objective-see.com/blog/blog_0x32.html and https://isc.sans.edu/diary/23816)",
"value": "Artifacts created by this malware"
},
"Keyboard_Event_Taps": {
"query": "SELECT * FROM processes JOIN event_taps ON processes.pid = event_taps.tapping_process where event_taps.enabled = 1;",
"interval" : "3600",
"version": "3.3.0",
"description": "Finds processes that have active keyboard event taps, typically used by RATs and other malicious software for keylogging",
"value": "Process with keyboard event taps"
},
"OSX_SearchAwesome": {
"query" : "SELECT * FROM file \
WHERE path = '/Applications/spi.app' OR \