{
	"id": "d03419d5-1eb6-44c1-b930-19f07608ff96",
	"created_at": "2026-04-06T00:16:07.991955Z",
	"updated_at": "2026-04-10T13:11:56.354907Z",
	"deleted_at": null,
	"sha1_hash": "90bf8189113c10ffc932807588c7f1c7c0b7628a",
	"title": "What does APT Activity Look Like on MacOS?",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 95539,
	"plain_text": "What does APT Activity Look Like on MacOS?\r\nBy Published by jaron.bradley on November 14, 2021November 14, 2021\r\nPublished: 2021-11-14 · Archived: 2026-04-05 18:35:17 UTC\r\nRelated Posts\r\nDetecting SSH Activity via Process Monitoring\r\nDetecting SSH Activity via Process Monitoring During my time as a threat hunter, I’ve seen many intrusions start\r\nvia SSH access using legitimate credentials. Now you might be thinking why on earth are users enabling Read\r\nmore\r\nIncident Response With TrueTree\r\nDownload TrueTree Incident Response With TrueTree TrueTree is an open-source tool designed by me for threat\r\nhunters, incident responders, or anyone in between. If you read part one of this blog post, you know that Read\r\nmore\r\nhttps://themittenmac.com/what-does-apt-activity-look-like-on-macos/\r\nPage 1 of 2\n\nThe TrueTree Concept\r\nDownload TrueTree The TrueTree Concept The process tree is incredibly important when it comes to threat\r\nhunting. It doesn’t matter what platform you’re on. Every action that occurs on the operating system can be tied\r\nRead more\r\nSource: https://themittenmac.com/what-does-apt-activity-look-like-on-macos/\r\nhttps://themittenmac.com/what-does-apt-activity-look-like-on-macos/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://themittenmac.com/what-does-apt-activity-look-like-on-macos/"
	],
	"report_names": [
		"what-does-apt-activity-look-like-on-macos"
	],
	"threat_actors": [],
	"ts_created_at": 1775434567,
	"ts_updated_at": 1775826716,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/90bf8189113c10ffc932807588c7f1c7c0b7628a.pdf",
		"text": "https://archive.orkl.eu/90bf8189113c10ffc932807588c7f1c7c0b7628a.txt",
		"img": "https://archive.orkl.eu/90bf8189113c10ffc932807588c7f1c7c0b7628a.jpg"
	}
}