{
	"id": "4ceb89f7-65cc-42f8-a5b7-0a8038844166",
	"created_at": "2026-04-06T01:30:39.299313Z",
	"updated_at": "2026-04-10T03:21:07.560945Z",
	"deleted_at": null,
	"sha1_hash": "03722399fd326ae29ca89a1b486bbc98ef9f5ca8",
	"title": "OSX/Flashback.K sample + Mac OS malware study set (30+ older samples)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 69372,
	"plain_text": "OSX/Flashback.K sample + Mac OS malware study set (30+ older\r\nsamples)\r\nArchived: 2026-04-06 01:07:28 UTC\r\nUpdate April 12, 2012  Added another binary sv.4 - with plist fle (edited to remove userid)\r\nOSX Flashback malware has been in the news a lot after Kaspersky's announcement about\r\n600,000 botnet \"Kaspersky Lab Confirms Flashfake / Flashback Botnet Infected more than 600,000 Mac OS X\r\nComputers, Describes Ramifications and Remedies \"\r\nF-Secure removal procedure \r\nFlashback checker (check if your computer/vm is infected)\r\nET signature\r\nalert tcp $HOME_NET any -\u003e $EXTERNAL_NET $HTTP_PORTS\r\n(msg:\"ET TROJAN OSX/Flashback.K/I User-Agent\";\r\nflow:established,to_server; content:\" WOW64|3b| rv|3a|9.0.1|3b| sv|3a|\";\r\nhttp_header; content:\" id|3a|\"; http_header; within:6; reference:url,f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml;\r\nreference:url,vms.drweb.com/virus/?i=1816029; reference:url,f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml;\r\nclasstype:trojan-activity; sid:2014534; rev:3;)\r\nDownload\r\nPlease email me if you need the password scheme\r\nDownload OSX/Flashback.K C898CDE665DB8D62FEA634C28E284139\r\nDownload recent OSX Contagio samples\r\nDownload the historical MacOS malware set\r\nUpdate April 12, 2012  Download  5616687FAC5D040AE65CB1B08717A6AA\r\nhttp://contagiodump.blogspot.com/2012/04/osxflashbackk-sample-mac-os-malware.html\r\nPage 1 of 4\n\nFile information\nUpdate April 12, 2012\ncom.sun.jsched.plist (from ~/Library/LaunchAgents/com.sun.jsched.plist\n\nPlist file contents (user name replaced with USERNAME)\n?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\nLabelcom.sun.jschedProgramArguments/Users/USERNAME/.jschedRunAtLoadStartInterval4212StandardErrorPath/dev/nullStandardOutPath/dev/null .jsched from Users/USERNAME/.jsched. If you must have UUID, email me.\nSize: 59844\nMD5: 5616687FAC5D040AE65CB1B08717A6AA\n DOMAINS and UA from 5616687FAC5D040AE65CB1B08717A6AA\n2012-Apr-10 12:38:16\nclient: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1; sv:4; id:4341D6B3-97DC-58F3-A696-\nD8AAE9EC1A08) Gecko/20100101 Firefox/9.0.1 (uuid changed)\n174.129.221.183\nrfffnahfiywyd.com\nrfffnahfiywyd.net\nrfffnahfiywyd.info\nrfffnahfiywyd.in\nrfffnahfiywyd.kz\ncvsqsmuiaaiyh.com\ncvsqsmuiaaiyh.net\ncvsqsmuiaaiyh.info\ncvsqsmuiaaiyh.in\nhttp://contagiodump.blogspot.com/2012/04/osxflashbackk-sample-mac-os-malware.html\nPage 2 of 4\n\ncvsqsmuiaaiyh.kz\r\nscfoijdccqtmj.com\r\nscfoijdccqtmj.net\r\nscfoijdccqtmj.info\r\nscfoijdccqtmj.in\r\nscfoijdccqtmj.kz\r\nEnd of Update April 12, 2012\r\n============================\r\nOSX/Flashback.K\r\nSize: 59844\r\nMD5:  C898CDE665DB8D62FEA634C28E284139\r\nOther malware recent\r\n2011 Olyx Backdoor 93a9b55bb66d0ff80676232818d5952f - Contagio\r\n2011 MacDefender fb6f092624d48fe9a496c50f615b424b27cf3515 \r\nand MacProtector 1f8e9cd3f0717a85b96f350e4f4a539a - Contagio\r\n2010 OSX/Boonana.A facebook trojan  7a04e9185daf9551edd90e7bff2daa8e and\r\n2533F62C321117C46D6DF6122C3009BD - Contagio\r\nHistorical MacOS malware set\r\n        1992        Virus.Mac.Code252.a        F446DEB312A955713B97DB2169165CF5\r\n        1992        Virus.Mac.Init1984.a        EDD3A891DA59A0A3CD8E880F175DAFCD\r\n        1994        Virus.Mac.Init29.a        66CE0EAF0175D9113CE1D06FCD459FD0\r\n        2000        Virus.Mac.Init9403.a        F8DC251414AE7B61535DAE3E740BE9EC\r\n        2000        Virus.Mac.Mdef.a            A7A6389FC1B557A3271984B543E62419\r\n        2000        Virus.Mac.Mdef.c        CA9ADCA2E776C2B814D775F1F495665F\r\n        2000        Virus.Mac.Mdef.d        D934045683902939454B8B73DE839241\r\n        2000        Virus.Mac.Mdef.e        92305C6780AB3286AEC6660652C29A26\r\n        2000        Virus.Mac.Nvir.a        D80E0F45387447504435ADD8572FECEC\r\n        2000        Virus.Mac.Nvir.b        36A0E2A4C6A3166FC017A0CDA942157C\r\n        2000        Virus.Mac.Wdef.a            0B1565AE48EA70FC620308A357F261DA\r\n        2000        Virus.Mac.Wdef.b        9A223E402D4121E8E421ABCA0BC05820\r\n        2000        Virus.Mac.Zuc.a        1425EB1FDEE4B1835E0AC2AE031501EB\r\n        2000        Virus.Mac.Zuc.b        9B750CFE7B7730B30DC4A93A56A2D4F0\r\n        2000        Virus.Mac.Zuc.c        4B4A8F711957BB37A2747CA7036189E7\r\n        2001        Virus.Mac.Simpsons.a        3EDF7343D6A5DCD6AE748482B90386AA\r\n        2002        Virus.Mac.Init666.a        14BECD6024A447F0B3A927E968F11127\r\n        2005        irus.Mac.Sevendust.b        1AF001A295BDDECE107BEA633A4110A8\r\n        2005        Virus.Mac.Cdef.a        E256064B76351A3C37937843EC439F61\r\n        2005        Virus.Mac.ChinaTalk.a        A68E971FCD602161701E3E139A3B1BC1\r\nhttp://contagiodump.blogspot.com/2012/04/osxflashbackk-sample-mac-os-malware.html\r\nPage 3 of 4\n\n2005        Virus.Mac.Code1.a        EE86680A66BD953E309CD5A461010D29\r\n        2005        Virus.Mac.MacMag.a        329E85AF8A6D719AA088E8195021A0B8\r\n        2005        Virus.Mac.MacMag.b        29A126B98C43AD3FB96659719E8479CE\r\n        2005        Virus.Mac.Scores.a        F96F50C90C591BF45B96E9EB40ECCA44\r\n        2005        Virus.Mac.Sevendust.a        18B3A5437E6E6448AC80D10139AEE099\r\n        2005        Virus.Mac.Sevendust.d        860F251EE934B10EACD5559E6BAD2285\r\n        2005        Virus.Mac.Sevendust.e       9898A5F12B06BEB87CA18C61309FA36A\r\n        2005        Virus.Mac.T4.a            ED9008767028E449AB8938C02D2E3EF8\r\n        2007        Worm.OSX.Niqtana.a        2C25908053ECC1474D2FB2C530EA5CFA\r\n        2008        Backdoor.Mac.Hovdy.b      FED713CAC7012D25F60B236E6DDCF513\r\n        2008        Trojan-PSW.OSX.Corpref.a        DF464DE7A6EB04FEB95504D74F7505DA\r\n        2009        Trojan-Downloader.OSX.Jahlav.a  FB79A75A6152EF47BBF88AE8544545CC\r\n        200x        Exploit.Mac.Small.c        3DC01743FB42E917E9F9EDE5009F10CD\r\n        200x        Virus.Mac.Flag.a            E3F82C900CD71C070CAAF0B09EA02900\r\n        200x        Virus.Mac.Anti.a        62CC37E947C425A3BB2CB15544D2EF9E\r\nSource: http://contagiodump.blogspot.com/2012/04/osxflashbackk-sample-mac-os-malware.html\r\nhttp://contagiodump.blogspot.com/2012/04/osxflashbackk-sample-mac-os-malware.html\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"http://contagiodump.blogspot.com/2012/04/osxflashbackk-sample-mac-os-malware.html"
	],
	"report_names": [
		"osxflashbackk-sample-mac-os-malware.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775439039,
	"ts_updated_at": 1775791267,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/03722399fd326ae29ca89a1b486bbc98ef9f5ca8.pdf",
		"text": "https://archive.orkl.eu/03722399fd326ae29ca89a1b486bbc98ef9f5ca8.txt",
		"img": "https://archive.orkl.eu/03722399fd326ae29ca89a1b486bbc98ef9f5ca8.jpg"
	}
}