Our analysis uncovered that the macOS version of MiMi loads two malicious executables that are both samples of the oRAT malware, while the Windows version loads a recent 64-bit version of the PlugX malware. We discuss the technical details of both malware families in relation to their use by Earth Berberoka in a blog entry.