| Rule ID | Malware Name | Add | Mod | Virustotal | Hybrid Analysis | ObjSee
nikolay-n
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python2.7 | |
| # -*- coding: utf-8 -*- | |
| import os | |
| import sys | |
| import subprocess | |
| import shutil | |
| import time | |
| python_bin = "/System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python" | |
| last_bundle_path = subprocess.check_output(['mdfind', "kMDItemCFBundleIdentifier == com.malwarebytes.mbam.frontend.launcher"]).strip("\n") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python2.7 | |
| # -*- coding: utf-8 -*- | |
| import Foundation | |
| import AppKit | |
| import WebKit | |
| import Quartz | |
| import ctypes | |
| from PyObjCTools import AppHelper | |
| from objc import _objc, nil, super, pyobjc_unicode, registerMetaDataForSelector |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from Foundation import NSBundle | |
| import objc | |
| BIT_WIDTH = 32 | |
| INT_MAX = 2**(BIT_WIDTH-1)-1 | |
| MobileKeyBag = NSBundle.bundleWithPath_('/System/Library/PrivateFrameworks/MobileKeyBag.framework') | |
| objc.loadBundleFunctions(MobileKeyBag, globals(), [('MKBDeviceGetGracePeriod', '@@')]) | |
| grace = MKBDeviceGetGracePeriod({}); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from ctypes import CDLL, c_int, c_double | |
| from Quartz import CGMainDisplayID | |
| main_display_id = CGMainDisplayID() | |
| CoreDisplay = CDLL("/System/Library/Frameworks/CoreDisplay.framework/CoreDisplay") | |
| CoreDisplay.CoreDisplay_Display_SetUserBrightness.argtypes = [c_int, c_double] | |
| CoreDisplay.CoreDisplay_Display_GetUserBrightness.argtypes = [c_int] |
nikolay-n
/ scanner.py
Created
December 4, 2020 17:19
Wiggle permissions error fix "wiggle/agent/scanner.py"
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import pathlib | |
| import logging | |
| from agent.importer import add | |
| class Scanner(object): | |
| def __init__(self, directories, model, sysroot='/', block_list=None): | |
| self.directories = map(pathlib.Path, directories) |
nikolay-n
/ defsmon.py
Last active
October 29, 2022 14:26
Defaults Monitor - tool to sniff defaults keys and values using unified log
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python2.7 | |
| # -*- coding: utf-8 -*- | |
| ''' | |
| Defaults Monitor - tool to sniff defaults keys and values using unified log | |
| to launch use standard python 2.7, eg python2.7 ./defsmon.py | |
| ''' | |
| import os |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| syscall = 0 | |
| exit = 1 | |
| fork = 2 | |
| read = 3 | |
| write = 4 | |
| open = 5 | |
| close = 6 | |
| wait4 = 7 | |
| link = 9 | |
| unlink = 10 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| a = 0 | |
| s = 1 | |
| d = 2 | |
| f = 3 | |
| h = 4 | |
| g = 5 | |
| z = 6 | |
| x = 7 | |
| c = 8 | |
| v = 9 |
nikolay-n
/ check_pkgs.sh
Created
January 14, 2021 13:12
Simple tool to find and check pkgs, if there are pkgutil crash reports in ~/Library/Logs/DiagnosticReports
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| exec 3>&2 | |
| trap 'exec 2>>/dev/null' DEBUG | |
| exec 2>&3 | |
| for pkg in $(mdfind "kMDItemContentTypeTree=public.archive" | grep -E "\.pkg$" | sort | uniq) | |
| do | |
| if [[ -f "$pkg" ]] | |
| then |