Digita Security

Cybersecurity solutions for the

  • modern
  • mobile
  • independent
  • innovative
  • enterprising

macOS workforce

4.29.2017 ( Version 2090 )

XProtect_OSX_Dok_A


OSX/Dok is a malware dropper capable of installing different malware payloads, including those that intercept http and https web traffic [1]. Recent variants have been observed in 2017 [2].

References:
  1. https-traffic/
  2. https://blog.malwarebytes.com/threat-analysis/2017/05/another-osx-dok-dropper-found-installing-new-backdoor

Sample Hashes (VT links):
4131d4737fe8dfe66d407bfd0a0df18a4a77b89347471cc012da8efc93c661a5