---------------------------------------------

Indicators of Compromise

---------------------------------------------

SHA256	                                                                Path                                            New Detection 

9518906dc416de6c6a5d17479244cf698b062c1d6b4425d86ee6895ce66c7c39	 	                                        Coinminer.MacOS.MALXMR.H
fe3700a52e86e250a9f38b7a5a48397196e7832fd848a7da3cc02fe52f49cdcf	/tmp/lauth	                                Coinminer.MacOS.MALXMR.H
fabe0b41fb5bce6bda8812197ffd74571fc9e8a5a51767bcceef37458e809c5c	/usr/local/bin/com.adobe.acc.localhost	        Coinminer.MacOS.MALXMR.H
a2909754783bb5c4fd6955bcebc356e9d6eda94f298ed3e66c7e13511275fbc4	/usr/local/bin/com.adobe.acc.network	        Trojan.MacOS.PADZER.MSMH321
b1fff5d501e552b535639aedaf4e5c7709b8405a9f063afcff3d6bbccffec725	/usr/local/bin/com.adobe.acc.installer.v1	Coinminer.MacOS.MALXMR.H

SHA256	                                                                Path                                            Detection

cbad9d6fd5b7d2e8860735e02f3bc54b9fc0d044df508f2293a60f2741ed7a66	 	                                        PUA.MacOS.PURPLEPROXY.MANP
ae66f7568a0f724eaa850cf7f405bdcc2ac15062d50380a30db553b21ef535c9	lauth 	                                        PUA.MacOS.PURPLEPROXY.MANP
b2e135c6c6c3851599b436c172f84a301ad9646f7f4a4ac6c268c135925cd538	com.apple.acc.network*	                        PUA.MacOS.PURPLEPROXY.MANP
71135661f2993363083768c8d1cb070bbdd9299f57b4d06197ebfc2c534847ce	com.apple.acc.installer.v1	                PUA.MacOS.PURPLEPROXY.MANP
cc483d9aa67048f7249f970337e329280b5ceb05053796ea44476e153e392686	 	                                        OSX_CoinMiner.PFL
ee0a287d2923c57ac96e30f0da015f1e01c93c5c806aeb91e680c56aa6df1266	lauth	                                        OSX_CoinMiner.PFL
**	                                                                {random1}*	                                PUA.MacOS.PURPLEPROXY.MSGEM20
**	                                                                com.adobe.launchd.{random}	                Trojan.MacOS.PADZER.MSMEK20
f24da6301f95432a63eb98f8954e1da6f7275b73d0bde76052d66a6d2e587df5	 	                                        OSX_CoinMiner.PFL
4f81a3be98daf39ff27d3db7f9d9155ba564f7ad8f5e7f22600ad2326b29d8d6	lauth	                                        Trojan.MacOS.PADZER.RSMSMEL20
**	                                                                {random1}*	                                PUA.MacOS.PURPLEPROXY.MSGEM20
**	                                                                com.adobe.launchd.{random}	                Trojan.MacOS.PADZER.MSMEK20
42f982cde3d7aa9c5b86abe6c94119f7e4351fe84fe5ede41a1f1f2e0ab45be0	 	                                        PUA.MacOS.PURPLEPROXY.MANP
5c3d0bbb99e120adf610537fbaf6f2ba28d7e64b69ce7229bc0a95986d41a49b	lauth	                                        PUA.MacOS.PURPLEPROXY.MANP
ba81cca31a45f01b9ae6bf704b7af7c26fb3e882cfeca1264f79ac276e3ee783	com.apple.acc.installer.v1	                PUA.MacOS.PURPLEPROXY.MANP
b2e135c6c6c3851599b436c172f84a301ad9646f7f4a4ac6c268c135925cd538	com.apple.acc.network*	                        PUA.MacOS.PURPLEPROXY.MANP
3028436248053280a93c3bedbefa65cacaf6e805e98a9bde09d858db974aab09	 	                                        OSX_CoinMiner.PFL
85bc3d47a36469146f38a58f4d282b71acb16063600a58e3feb0fece933ae860	lauth	                                        Trojan.MacOS.PADZER.MANP
c0c4826e513239094c63382b5a726e056ae7f7759abc56bf807748ecfbfbb284	Adobe Photoshop 2020	                        Trojan.MacOS.Padzer.MANP
**	                                                                {random1}*	                                PUA.MacOS.PURPLEPROXY.MSGEM20
**	                                                                {random2}	                                Trojan.MacOS.PADZER.MSMEK20

NOTES:
* - modified i2pd
** - sample had variable sha256 value due to padded 0 bytes to increase the size of the file.