BlueNoroff strikes again with new macOS malware [Wednesday, November 8, 2023]

BlueNoroff strikes again with new macOS malware [Wednesday, November 8, 2023]
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/ATTACK-REPORT-LOGO-2.png
Report

BlueNoroff strikes again with new macOS malware

Description :
Researchers have identified a new malware variant attributed to the BlueNoroff APT group. BlueNoroff’s campaigns are financially motivated, frequently targeting cryptocurrency exchanges, venture capital firms and banks.

Published :
2023-11-08T14:06:32.646Z

Created :
2023-11-08T14:06:32.646Z

Modified :
2023-11-08T14:29:51.722Z

Tags

  • bluenoroff
  • c2 server
  • rustbucket

Indicators

IPv4s :
  • 104.168.214.151
URLs :
  • http://swissborg.blog/zxcv/bnm
  • http://swissborg.blog/ghjk/yuio
  • http://swissborg.blog/qwertyuiop/asdfghjkl
  • http://swissborg.blog/tx/10299301992/hash
Domains :
  • asset.crypto-ecosystem.world
  • blockfi.loans
  • daiwa.azure-defender.cloud
  • recent.bico-news.blog
  • crypto.blockchainworld.info
  • cnbc.crypto-ecosystem.world
  • bico.tokentracking.info
  • cryptyk.info
  • gumi-cryptos.loan
  • swissborg.blog
  • defi.smart-contracts.blog
Hashes :
  • internal-server.nextera.capital
  • internal.daiwa.ventures
  • docs.panteracapital.ventures
Attacks Pattern :
  • T1552
  • T1036
  • T1496
  • T1059
External References :

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.