golby
@golby.bsky.social
macOS Threat and Detections Researcher @ Jamf
September 24, 2025 at 1:26 PM
It's sooo good. It was killing me to know what the Never Enough transition to track 2 was all about and it did not disappoint.
June 7, 2025 at 11:19 AM
It's sooo good. It was killing me to know what the Never Enough transition to track 2 was all about and it did not disappoint.
Related paths:
/Users/Shared/com.apple.xssooxxagent
/Library/LaunchDaemons/com.apple.xssooxxagent.plist
/tmp/.fseventsd
C2 URLs:
hXXp://download.termius.info/bn.log.enc
hXXp://download.termius.info/bn.log.md5
Jamf threat labs tracks this as ZuRu malware www.jamf.com/blog/jtl-mal...
/Users/Shared/com.apple.xssooxxagent
/Library/LaunchDaemons/com.apple.xssooxxagent.plist
/tmp/.fseventsd
C2 URLs:
hXXp://download.termius.info/bn.log.enc
hXXp://download.termius.info/bn.log.md5
Jamf threat labs tracks this as ZuRu malware www.jamf.com/blog/jtl-mal...
May 23, 2025 at 7:59 PM
Related paths:
/Users/Shared/com.apple.xssooxxagent
/Library/LaunchDaemons/com.apple.xssooxxagent.plist
/tmp/.fseventsd
C2 URLs:
hXXp://download.termius.info/bn.log.enc
hXXp://download.termius.info/bn.log.md5
Jamf threat labs tracks this as ZuRu malware www.jamf.com/blog/jtl-mal...
/Users/Shared/com.apple.xssooxxagent
/Library/LaunchDaemons/com.apple.xssooxxagent.plist
/tmp/.fseventsd
C2 URLs:
hXXp://download.termius.info/bn.log.enc
hXXp://download.termius.info/bn.log.md5
Jamf threat labs tracks this as ZuRu malware www.jamf.com/blog/jtl-mal...
Related hashes:
de8aca685871ade8a75e4614ada219025e2d6fd7 (Termius9.5.0.dmg)
7087be726590e35285c891dc60acec826a0c03d5 (Termius_final.dmg)
fa9b89d4eb4d47d34f0f366750d55603813097c1 (com.apple.xssooxxagent - persistent downloader)
a7a9b0f8cc1c89f5c195af74ce3add74733b15c0 (.fseventsd - Khepri)
de8aca685871ade8a75e4614ada219025e2d6fd7 (Termius9.5.0.dmg)
7087be726590e35285c891dc60acec826a0c03d5 (Termius_final.dmg)
fa9b89d4eb4d47d34f0f366750d55603813097c1 (com.apple.xssooxxagent - persistent downloader)
a7a9b0f8cc1c89f5c195af74ce3add74733b15c0 (.fseventsd - Khepri)
May 23, 2025 at 7:58 PM
Related hashes:
de8aca685871ade8a75e4614ada219025e2d6fd7 (Termius9.5.0.dmg)
7087be726590e35285c891dc60acec826a0c03d5 (Termius_final.dmg)
fa9b89d4eb4d47d34f0f366750d55603813097c1 (com.apple.xssooxxagent - persistent downloader)
a7a9b0f8cc1c89f5c195af74ce3add74733b15c0 (.fseventsd - Khepri)
de8aca685871ade8a75e4614ada219025e2d6fd7 (Termius9.5.0.dmg)
7087be726590e35285c891dc60acec826a0c03d5 (Termius_final.dmg)
fa9b89d4eb4d47d34f0f366750d55603813097c1 (com.apple.xssooxxagent - persistent downloader)
a7a9b0f8cc1c89f5c195af74ce3add74733b15c0 (.fseventsd - Khepri)