Here is a mac virus deconstruction:
A possible IOC detection relevance:
exists (it as trimmed string) whose(it contains "82.163.143.135" OR it contains "82.163.142.137") of following texts of firsts "nameserver " of lines containing "nameserver " of files "/etc/resolv.conf"