indicatorfilename
~/Library/Application Support/iCloud/icloudz
- First seen
- 2026-05-13
- Last seen
- 2026-05-13
- Sightings
- 1
Posts referencing this indicator
- Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise
Reflective code loader backdoor deployed by the services binary.