BlueNoroff's RustBucket MacOS Malware
Contents
Verticals Targeted: Financial
Executive Summary
North Korea nexus threat actor group BlueNoroff was recently observed using malware to target MacOS systems. Dubbed RustBucket, the malware can be used to communicate with the C2 to download and execute additional payloads.
Key Takeaways
- North Korea nexus threat actor group BlueNoroff was recently observed using malware to target MacOS systems.
- Dubbed RustBucket, the malware can be used to communicate with the C2 to download and execute additional payloads.
- RustBucket is a multistage malware.
What is RustBucket?
Jamf Threat Labs recently reported on RustBucket, a multistage malware targeting MacOS devices. RustBucket is being used by the threat actor group BlueNoroff. RustBucket is a multi-stage tool that can be used to communicate with the C2 to download and execute additional payloads.
Stage One
The Stage One malware is an AppleScript file contained in an unsigned application known as Internal PDF Viewer.app. In order for the infection to be successful, the user must …
Executive Summary
North Korea nexus threat actor group BlueNoroff was recently observed using malware to target MacOS systems. Dubbed RustBucket, the malware can be used to communicate with the C2 to download and execute additional payloads.
Key Takeaways
- North Korea nexus threat actor group BlueNoroff was recently observed using malware to target MacOS systems.
- Dubbed RustBucket, the malware can be used to communicate with the C2 to download and execute additional payloads.
- RustBucket is a multistage malware.
What is RustBucket?
Jamf Threat Labs recently reported on RustBucket, a multistage malware targeting MacOS devices. RustBucket is being used by the threat actor group BlueNoroff. RustBucket is a multi-stage tool that can be used to communicate with the C2 to download and execute additional payloads.
Stage One
The Stage One malware is an AppleScript file contained in an unsigned application known as Internal PDF Viewer.app. In order for the infection to be successful, the user must …
IoC
3d41cd5199dbd6cefcc78d53bb44a2ecbea716de2bc8e547ead7c2aebd9925f0
7981ebf35b5eff8be2f3849c8f3085b9cec10d9759ff4d3afd46990520de0407
8e234482db790fa0a3d2bf5f7084ec4cfb74bffd5f6cbdc5abdbc1350f58e3fe
Bea33fb3205319868784c028418411ee796d6ee3dfe9309f143e7e8106116a49
7981ebf35b5eff8be2f3849c8f3085b9cec10d9759ff4d3afd46990520de0407
8e234482db790fa0a3d2bf5f7084ec4cfb74bffd5f6cbdc5abdbc1350f58e3fe
Bea33fb3205319868784c028418411ee796d6ee3dfe9309f143e7e8106116a49