This document discusses techniques used for hunting and analyzing malware on Mac systems. It describes common commands used by attackers for reconnaissance, backdoor installation, persistence, cleanup, and lateral movement. Specific indicators are also provided, such as backdoor file names and IP addresses. Hunting involves understanding the process tree and difficulties in detection given legitimate system tools are also used by attackers.