OSX_OCEANLOTUS.D (a45904b5-0ada-4567-be4c-947146c7f574)
OSX_OCEANLOTUS.D is a macOS backdoor used by APT32. First discovered in 2015, APT32 has continued to make improvements using a plugin architecture to extend capabilities, specifically using .dylib files. OSX_OCEANLOTUS.D can also determine it's permission level and execute according to access type (root or user).[Unit42 OceanLotus 2017][TrendMicro MacOS April 2018][Trend Micro MacOS Backdoor November 2020]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| APT32 (c0fe9859-e8de-4ce1-bc3c-b489e914a145) | Tidal Groups | OSX_OCEANLOTUS.D (a45904b5-0ada-4567-be4c-947146c7f574) | Tidal Software | 1 |