XProtect.yara demystified

yara_rules.md

Rule ID	Malware Name	Add	Mod	Virustotal	Hybrid Analysis	ObjSee	VirusShare
AbkA	AoboKeylogger, AoboKey, AoboKeyLog	2081 2016-07-06	2136 2020-11-20	🔗
AdPluginA	Yontoo	2081 2016-07-06	2136 2020-11-20	🔗
AdPluginB	VSearch, Chatzum, Zako	2081 2016-07-06	2136 2020-11-20	🔗
BundloreA		2081 2016-07-06	2081 2016-07-06
CoinThiefA	CoinThief, CoinStealer, StealBit	2081 2016-07-06	2136 2020-11-20	🔗	🔗
CoinThiefB	CoinThief, CoinStealer, StealBit	2081 2016-07-06	2081 2016-07-06	🔗
CoinThiefC	CoinThief, CoinStealer, StealBit	2081 2016-07-06	2136 2020-11-20	🔗
CrossRiderA		2081 2016-07-06	2081 2016-07-06
DevilRobberA		2081 2016-07-06	2136 2020-11-20
DevilRobberB		2081 2016-07-06	2136 2020-11-20
EICAR	EICAR_Test_File	2081 2016-07-06	2136 2020-11-20	🔗
EleanorA	Eleanor	2081 2016-07-06	2136 2020-11-20	🔗	🔗	🔗
FileStealA		2081 2016-07-06	2136 2020-11-20
FileStealB	FileSteal, Kitmos, HackBack	2081 2016-07-06	2081 2016-07-06	🔗
FkCodecA		2081 2016-07-06	2081 2016-07-06
FlashbackA	FlashBack, Flashfake	2081 2016-07-06	2081 2016-07-06	🔗		🔗
FlashbackB	FlashBack, Flashfake	2081 2016-07-06	2081 2016-07-06	🔗
FlashbackC	FlashBack, Flashfake	2081 2016-07-06	2081 2016-07-06	🔗
GenieoA	Genieo	2081 2016-07-06	2136 2020-11-20	🔗	🔗
GenieoB	Genieo	2081 2016-07-06	2081 2016-07-06	🔗
GenieoC	Genieo	2081 2016-07-06	2136 2020-11-20	🔗	🔗
GenieoD	Genieo	2081 2016-07-06	2136 2020-11-20	🔗	🔗
GenieoDropper		2081 2016-07-06	2081 2016-07-06
GenieoE	Genieo	2081 2016-07-06	2081 2016-07-06	🔗	🔗
GetShellA	GetShell, Siggen	2081 2016-07-06	2136 2020-11-20	🔗	🔗
HellRTS		2081 2016-07-06	2103 2019-05-01
HMining	Genieo, HMining	2081 2016-07-06	2081 2016-07-06	🔗	🔗
HMining_Binary_A	Genieo, HMining	2081 2016-07-06	2081 2016-07-06	🔗	🔗
InstallCoreA	InstallCore, InstallMiez	2081 2016-07-06	2081 2016-07-06	🔗	🔗	🔗
InstallImitatorA	InstallCore, InstallMiez, InstallImitator	2081 2016-07-06	2136 2020-11-20	🔗
InstallImitatorB		2081 2016-07-06	2081 2016-07-06
InstallImitatorC	VSearch,Dypti	2081 2016-07-06	2081 2016-07-06	🔗
IServiceA	iWorm, Iservice, Krowi	2081 2016-07-06	2081 2016-07-06	🔗	🔗	🔗
IWormA	iWorm, Iservice	2081 2016-07-06	2136 2020-11-20	🔗	🔗	🔗
IWormBC		2081 2016-07-06	2136 2020-11-20
KeRangerA	KeRanger	2081 2016-07-06	2081 2016-07-06	🔗	🔗	🔗
LaoShuA	LaoShu	2081 2016-07-06	2136 2020-11-20	🔗	🔗	🔗
LeverageA	Leverage, Seadoor	2081 2016-07-06	2136 2020-11-20	🔗	🔗	🔗
MacDefenderA	MacDefender, FakeAlert, FakeAV, Defma	2081 2016-07-06	2136 2020-11-20	🔗n	🔗	🔗
MacDefenderB		2081 2016-07-06	2136 2020-11-20
MachookA	WireLurker, MAChook	2081 2016-07-06	2136 2020-11-20	🔗
MachookB	WireLurker, MAChook	2081 2016-07-06	2136 2020-11-20	🔗
MaControlA	MacContro, MacKontrol, Longage	2081 2016-07-06	2081 2016-07-06	🔗	🔗	🔗
MDropperA		2081 2016-07-06	2136 2020-11-20
NetWeirdA	Wirenet, Netweird	2081 2016-07-06	2081 2016-07-06	🔗
NetWeirdB		2081 2016-07-06	2136 2020-11-20
OpinionSpyA	OpinionSpy, Spynion	2081 2016-07-06	2081 2016-07-06	🔗	🔗	🔗
OpinionSpyB	OpinionSpy, Spynion	2081 2016-07-06	2136 2020-11-20	🔗
PrxlA		2081 2016-07-06	2136 2020-11-20
QHostWBA	QHost, Malcol	2081 2016-07-06	2136 2020-11-20	🔗	🔗	🔗
RevirA	Revir	2081 2016-07-06	2136 2020-11-20	🔗	🔗	🔗
RevirB	Revir, Imuler	2081 2016-07-06	2081 2016-07-06	🔗	🔗	🔗
RevirC		2081 2016-07-06	2136 2020-11-20
RevirD	Revir, Imuler	2081 2016-07-06	2081 2016-07-06	🔗
RSPlugA	DNSChanger, Jahlav, RSPlug, Puper	2081 2016-07-06	2136 2020-11-20	🔗
SMSSendA	SMSsend, Archsms, Zonsterarch	2081 2016-07-06	2136 2020-11-20	🔗	🔗	🔗
SMSSendB		2081 2016-07-06	2136 2020-11-20
TroviProxyApp	Pirrit, VSearch	2081 2016-07-06	2081 2016-07-06	🔗	🔗
VindinstallerA	Vindinstaller, Vidsler	2081 2016-07-06	2136 2020-11-20	🔗
VSearchA	VSearch	2081 2016-07-06	2136 2020-11-20	🔗
XcodeGhost		2081 2016-07-06	2136 2020-11-20
BundloreB		2092 2017-07-07	2092 2017-07-07
HMiningB		2092 2017-07-07	2092 2017-07-07
NetwireA	Netwire, Wirenet	2092 2017-07-07	2092 2017-07-07	🔗	🔗	🔗
OSX_Bundlore_A	Bundlore	2092 2017-07-07	2092 2017-07-07	🔗	🔗
OSX_Findzip_A	FileCoder, Crypat, KeRanger	2092 2017-07-07	2092 2017-07-07	🔗	🔗	🔗
OSX_HMining_C		2092 2017-07-07	2092 2017-07-07
OSX_iKitten_A	MacDownload, Remolash, MacDownloader	2092 2017-07-07	2092 2017-07-07	🔗	🔗	🔗
OSX_Proton_A		2092 2017-07-07	2092 2017-07-07
OSX_XAgent_A	Xagent, Sofacy, APT28	2092 2017-07-07	2092 2017-07-07	🔗	🔗	🔗
XProtect_OSX_ATG15_B	OceanLotus	2092 2017-07-07	2092 2017-07-07	🔗	🔗	🔗
XProtect_OSX_Dok_A		2092 2017-07-07	2136 2020-11-20
XProtect_OSX_Dok_B	Dok, Aptordoc, Bella	2092 2017-07-07	2092 2017-07-07	🔗	🔗	🔗
XProtect_OSX_Genieo_G	Genieo	2092 2017-07-07	2136 2020-11-20	🔗	🔗	🔗
XProtect_OSX_Proton_B	Proton	2092 2017-07-07	2092 2017-07-07	🔗	🔗	🔗
OSX_ExtensionsInstaller_A		2095 2017-09-29	2095 2017-09-29
XProtect_AdLoad_A		2095 2017-09-29	2095 2017-09-29
XProtect_Bundlore_B	Bundlore	2095 2017-09-29	2095 2017-09-29	🔗	🔗
XProtect_Genieo_G_1	Genieo	2095 2017-09-29	2095 2017-09-29	🔗	🔗	🔗
XProtect_OSX_AceInstaller_B		2095 2017-09-29	2095 2017-09-29
XProtect_OSX_Leverage_A	Leverage, Seadoor	2095 2017-09-29	2095 2017-09-29	🔗	🔗	🔗
XProtect_OSX_Mughthesec_A	Adload, Cimpli, Mughthesec	2095 2017-09-29	2095 2017-09-29	🔗	🔗	🔗
XProtect_AdLoad_B_1		2099 2018-03-13	2099 2018-03-13
XProtect_AdLoad_B_2		2099 2018-03-13	2099 2018-03-13
XProtect_OSX_28a9883		2099 2018-03-13	2099 2018-03-13
XProtect_OSX_Bundlore_D		2099 2018-03-13	2099 2018-03-13
XProtect_OSX_HiddenLotus_A	OceanLotus, HiddenLotus, Occamy	2099 2018-03-13	2099 2018-03-13	🔗	🔗	🔗
XProtect_OSX_HMining_D		2099 2018-03-13	2099 2018-03-13
XProtect_OSX_Mughthesec_B	Adload, Cimpli, Mughthesec	2099 2018-03-13	2099 2018-03-13	🔗	🔗	🔗
XProtect_OSX_Particle_Smasher_A	Proton	2099 2018-03-13	2099 2018-03-13	🔗		🔗
XProtect_MACOS_d1e06b8	Winplyer, Wajam, InstallCapital	2102 2019-04-19	2102 2019-04-19	🔗	🔗
XProtect_MACOS_6175e25	AMCleaner, AMC, GT32SupportGeeks, AdvancedMacCleaner	2103 2019-05-01	2103 2019-05-01	🔗	🔗
XProtect_MACOS_22d71e9	Adload, Cimpli, Mughthesec	2108 2019-11-13	2135 2020-11-13	🔗	🔗
XProtect_MACOS_b70290c	Adload, Cimpli	2108 2019-11-13	2136 2020-11-20	🔗	🔗
XProtect_MACOS_de444f2	Adload, Cimpli, Mughthesec	2108 2019-11-13	2135 2020-11-13	🔗	🔗
XProtect_MACOS_0e62876	Bundlore	2109 2019-12-10	2136 2020-11-20	🔗	🔗
XProtect_MACOS_9bdf6ec	Adload	2109 2019-12-10	2136 2020-11-20	🔗	🔗
XProtect_MACOS_d92d83c	Bundlore	2109 2019-12-10	2136 2020-11-20	🔗	🔗
XProtect_MACOS_e79dc35	Adload	2109 2019-12-10	2127 2020-07-23	🔗	🔗
XProtect_MACOS_03b5cbe	Genieo	2111 2020-01-07	2136 2020-11-20	🔗	🔗
XProtect_MACOS_5af1486	Genieo	2111 2020-01-07	2136 2020-11-20	🔗	🔗
XProtect_MACOS_ce3281e	Genieo	2111 2020-01-07	2136 2020-11-20	🔗	🔗
XProtect_MACOS_60a3d68	Bundlore, Shlayer	2112 2020-01-23	2136 2020-11-20	🔗	🔗
XProtect_MACOS_8283b86	AMCleaner, AMC, GT32SupportGeeks, AdvancedMacCleaner	2112 2020-01-23	2112 2020-01-23	🔗	🔗
XProtect_MACOS_b264ff6	AMCleaner, AMC, GT32SupportGeeks, AdvancedMacCleaner	2112 2020-01-23	2112 2020-01-23	🔗	🔗
XProtect_MACOS_f3edc61	AMCleaner, AMC, GT32SupportGeeks, AdvancedMacCleaner	2112 2020-01-23	2112 2020-01-23	🔗	🔗
XProtect_MACOS_489e70f	Genieo, Grader	2116 2020-03-19	2136 2020-11-20	🔗	🔗
XProtect_MACOS_c592675	Pirrit	2116 2020-03-19	2116 2020-03-19	🔗n	🔗
XProtect_MACOS_30445d1		2121 2020-05-14	2136 2020-11-20
XProtect_MACOS_51f7dde	RefogKeylogger, RefogMonitor, Refog	2121 2020-05-14	2121 2020-05-14	🔗	🔗
XProtect_MACOS_7f5b902		2121 2020-05-14	2136 2020-11-20
XProtect_MACOS_a291b70		2121 2020-05-14	2121 2020-05-14
XProtect_MACOS_2b3d4cb	NukeSped	2125 2020-07-07	2125 2020-07-07	🔗	🔗		🔗
XProtect_MACOS_3ea93d1		2125 2020-07-07	2125 2020-07-07
XProtect_MACOS_61ee022		2125 2020-07-07	2136 2020-11-20
XProtect_MACOS_6cb9746	MacRansom, EvilQuest, Filecoder, ThiefQuest	2125 2020-07-07	2136 2020-11-20	🔗	🔗
XProtect_MACOS_8032420	Adload, MaxOfferDeal	2125 2020-07-07	2136 2020-11-20	🔗	🔗
XProtect_MACOS_8340d93		2125 2020-07-07	2125 2020-07-07
XProtect_MACOS_8d038b3	Lazarus, NukeSped	2125 2020-07-07	2125 2020-07-07	🔗	🔗
XProtect_MACOS_b17a97e	Lazarus, NukeSped	2125 2020-07-07	2125 2020-07-07	🔗	🔗
XProtect_MACOS_bb90861		2125 2020-07-07	2136 2020-11-20
XProtect_MACOS_bd64115		2125 2020-07-07	2125 2020-07-07
XProtect_MACOS_c723519		2125 2020-07-07	2125 2020-07-07
XProtect_MACOS_cb4abc2	Lazarus, NukeSped, Dacls	2125 2020-07-07	2125 2020-07-07	🔗	🔗	🔗
XProtect_MACOS_e4644f7		2125 2020-07-07	2125 2020-07-07
XProtect_MACOS_f4a3a92		2125 2020-07-07	2125 2020-07-07
XProtect_MACOS_fa6a259	Lazarus, NukeSped, Mata	2125 2020-07-07	2125 2020-07-07	🔗	🔗	🔗
XProtect_MACOS_2070d41	XCSSET	2126 2020-07-13	2136 2020-11-20	🔗	🔗	🔗
XProtect_MACOS_260ae81		2127 2020-07-23	2127 2020-07-23
XProtect_MACOS_580a1bc		2127 2020-07-23	2127 2020-07-23
XProtect_MACOS_449a7ed	Bundlore	2131 2020-09-17	2131 2020-09-17	🔗	🔗
XProtect_MACOS_71915a8		2131 2020-09-17	2131 2020-09-17
XProtect_MACOS_a9ea9b4	Bundlore	2131 2020-09-17	2131 2020-09-17	🔗	🔗
XProtect_MACOS_d444820		2131 2020-09-17	2131 2020-09-17
XProtect_MACOS_1c119be		2134 2020-10-29	2134 2020-10-29
XProtect_MACOS_1f26189		2134 2020-10-29	2134 2020-10-29
XProtect_MACOS_6e7d4c2	MacSearch, Ketin, Genieo	2134 2020-10-29	2134 2020-10-29	🔗	🔗
XProtect_MACOS_8f20223		2134 2020-10-29	2134 2020-10-29
XProtect_MACOS_d4735e3		2134 2020-10-29	2136 2020-11-20
XProtect_MACOS_e3548bb		2134 2020-10-29	2134 2020-10-29
XProtect_MACOS_1373c52	Adload, Synataeb	2136 2020-11-20	2136 2020-11-20	🔗	🔗
XProtect_MACOS_e16be2c	Pirrit	2137 2020-11-17	2137 2020-11-17	🔗	🔗

Sources:
https://github.com/knightsc/XProtect
https://digitasecurity.com/xplorer/signatures/
https://objective-see.com/malware.html
https://www.hybrid-analysis.com/

🙏 If you have samples to share, please post links in a comments.