DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads [Monday, November 27, 2023]

DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads [Monday, November 27, 2023]
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/ATTACK-REPORT-LOGO-2.png
Report

DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads

Description :
North Korean-aligned threat actors targeting macOS have had a busy 2023, with two major campaigns noted so far: RustBucket and KandyKorn.

Published :
2023-11-27T17:09:35.109Z

Created :
2023-11-27T17:09:35.109Z

Modified :
2023-11-27T17:31:46.928Z

Tags

  • macos
  • rustbucket
  • kandykorn
  • sugarloader
  • hloader

Indicators

IPv4s :
  • 142.11.209.144
  • 23.254.226.90
  • 104.168.214.151
  • 192.119.64.43
Domains :
  • tp-globa.xyz
  • on-global.xyz
  • swissborg.blog
Hashes :
  • 8bfa4fe0534c0062393b6a2597c3491f7df3bf2eabfe06544c53bdf1f38db6d4
  • 8a8de435d71cb0b0ae6d4b15d58b7c85ce3ef8f06b24266c52b2bc49217be257
  • 2ade7f8def7eceba3e8f0e5d29d0a19626bfc595aeb1ed95b7404210569c6304
  • 2360a69e5fd7217e977123c81d3dbb60bf4763a9dae6949bc1900234f7762df1
  • 927b3564c1cf884d2a05e1d7bd24362ce8563a1e9b85be776190ab7f8af192f6
  • 3ea2ead8f3cec030906dcbffe3efd5c5d77d5d375d4a54cca03bfe8a6cb59940
Attacks Pattern :
  • TA0003
  • T1094
  • T1564
  • T1496
  • T1219
  • T1059
External References :

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.