← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
RustDoor and GateDoor: A New Pair of Weapons Disguised as Legitimate Software by Suspected Cybercriminal
WHITE ShadowSindicate AlienVault 2024-02-21 Modified: 2024-03-22
122
IOCs
HIGH VOLUME
This report analyzes new macOS and Windows malware named RustDoor and GateDoor that are disguised as legitimate software updates. The malware communicates with C2 servers and can steal information, download files, and execute commands. The malware infrastructure appears related to the ShadowSyndicate cybercrime group.
macOSwindowsbackdoorloaderrustgolang
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
RustDoor GateDoor
Indicators of Compromise (34 / 122 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 05a8583f36599b5bc93fa3c349e89434 MD5 of 238b546e2a1afc230f88b98dce1be6bf442b0b807e364106c0b28fe18db2ce66 2024-02-21
FileHash-MD5 088779125434ad77f846731af2ed6781 MD5 of 2acd053b854545d381866d471a711d860e84a38cb9f2e13983a74c4044080dc2 2024-02-21
FileHash-MD5 0fe0212fc5dc82bd7b9a8b5d5b338d22 MD5 of e86963c94f3c1de1ccfffaa4d192d39881a24df8b175c00fd64a4e076826b76b 2024-02-21
FileHash-MD5 186be45570f13f94b8de82c98eaa8f4f MD5 of f11b0f67f76b7d49511a6212921901afae5b7ecd2bbc718a3d70f6ccb524903a 2024-02-21
FileHash-MD5 1dbc26447c1eaa9076e65285c92f7859 MD5 of b0665afbd99baf586899abae457f702962503afb855f4bda58cf070ca1c69956 2024-02-21
FileHash-MD5 28bdd46d8609512f95f1f1b93c79d277 MD5 of bd1b0c5e48f4aa7595ef3e7dd125d0b95d39d647e480bd3c0c6ff7229d52f800 2024-02-21
FileHash-MD5 30b27b765878385161ca1ee71726a5c6 MD5 of 00b66c1e7e483da6cbcc0d94f01b9fca245fb052ef8e958e21abcb0880aff37f 2024-02-21
FileHash-MD5 3c780bcfb37a1dfae5b29a9e7784cbf5 MD5 of 996921573bc8d2618eaf4b7532fc1b46074fe5cdc317f5a751fc70b5371362a3 2024-02-21
FileHash-MD5 3e23308d074d8bd4ffdb5e21e3aa8f22 MD5 of b4991bc670ba62c77ffec0a2fe3c445085de822ce8b282265cb24cfbae951ae0 2024-02-21
FileHash-MD5 44fcf7253bcf0102811e50a4810c4e41 MD5 of f9a4f04d7222afbbadbf2cb417ee9e70733e1dcc2af94ec3cc9b6308a3216f93 2024-02-21
FileHash-MD5 52a9d67745f153465fac434546007d3a MD5 of 20b986b24d86d9a06746bdb0c25e21a24cb477acb36e7427a8c465c08d51c1e4 2024-02-21
FileHash-MD5 5d0c62da036bbe375cb10659de1929e3 MD5 of c93feb701e04cac4c6ed805d529378351e500ca1178958862d9e24c9f8723518 2024-02-21
FileHash-MD5 5fcc12eaba8185f9d0ddecafae8fd2d1 MD5 of e96c13667bccd6c6c38d9797b15642bfea19080f9bc90d944e7ae6abfb4c64be 2024-02-21
FileHash-MD5 62d2b3d2be3744dc705a9ae935580972 MD5 of 93e5e5199b1af664c5cdd8bdc64ae9c04b0f6600d22612368c4239af79d0c81f 2024-02-21
FileHash-MD5 68e0facbf541a2c014301346682ef9ca MD5 of 4a59e2fe11ed9136d96a985448b34957ee5861adc9c1a52de4ad65880875dfdb 2024-02-21
FileHash-MD5 690a097b0eea384b02e013c1c0410189 MD5 of f59fcbb11a66b6596c2cca926c54e0a4114687769e726c39f2a918dc9e332eff 2024-02-21
FileHash-MD5 6aaba581bcef3ac97ea98ece724b9092 MD5 of 449cc50caf2f4b85c6425fea809aa662b80f17821a8f3dc47fe8586ee56bd1dc 2024-02-21
FileHash-MD5 6dd3a3e4951d34446fe1a5c7cdf39754 MD5 of 5763ab1ccadc2724d6ec728926eb4dc574a6005a8456a65035dee5edb3cc2a0a 2024-02-21
FileHash-MD5 795f0c68528519ea292f3eb1bd8c632e MD5 of 481a279e15f808d695da233f690a0e3eb15d9b90fce42b9edb1ee296af6289d7 2024-02-21
FileHash-MD5 835ebf367e769eeaaef78ac5743a47ca MD5 of a69d91cf565e717662d0470183cced3350ba0bb4f91d2ced3f089af3a707c5c3 2024-02-21
FileHash-MD5 90a517c3dab8ceccf5f1a4c0f4932b1f MD5 of a9d299edf6b3bc1c98185e1c22ba7326f3ad6cba73ca00565330d5c3da50e02c 2024-02-21
FileHash-MD5 925239817d59672f61b8332f690c6dd6 MD5 of 146f804dd4653429cf94f43d7d6c981d00809a09b5864e52e9c22df90df29c70 2024-02-21
FileHash-MD5 97cd4fc94c59121f903f2081df1c9981 MD5 of 6ea00e7d945e78f28d6043bb5d304e0f56d22ab104c9c74e77d1f8572dc17809 2024-02-21
FileHash-MD5 9c6b7f388abec945120d95d892314ea7 MD5 of 01534a1849b197c03eb23c27d16ace7fc99778eeaa24953154e4f41afc712032 2024-02-21
FileHash-MD5 b2bdd1d32983c35b3b1520d83d89d197 MD5 of 11c998005bcce297b6a0595b97281aca7a587b6bc1e6aa414609812108b3328c 2024-02-21
FileHash-MD5 b67bba781e5cf006bd170a0850a9f2d0 MD5 of fe565f4296570a89893828cdd61c6421cf745bab220e21cebce226863d5772a0 2024-02-21
FileHash-MD5 b67f6e534d5cca654813bd9e94a125b9 MD5 of c30f634f56000e87c9c4258174ec09ee5bd67d29eca4e78f63c34f976b0272d8 2024-02-21
FileHash-MD5 bc394c859fc379900f5648441b33e5fd MD5 of 43609c813c3084532073a22f24e931f24c04e118dcd972c6c8f0428637d9c0ff 2024-02-21
FileHash-MD5 bcbbf7a5f7ccff1932922ae73f6c65b7 MD5 of 9a3a9238d0f043d7b806bc138c955112b698ce1161d2bf6c194b1747d6d7cd00 2024-02-21
FileHash-MD5 bdd4972e570e069471a4721d76bb5efb MD5 of 312eaabd6f7f6c2f3453b8ea331f10016bda2de9b92b1ea521a40ac373aa05fe 2024-02-21
FileHash-MD5 bde0e001229884404529773b68bb3da0 MD5 of 82e88d4203ac35ce4516e937412f60ec48e0ebabf55c1a2531bd16a22da14f05 2024-02-21
FileHash-MD5 cf54cba05efee9e389e090b3fd63f89b MD5 of 698cab82b340f4d67d598dea480daa3a8c96ccaf0c778b36b7073c81c4c71760 2024-02-21
FileHash-MD5 d898aef7bb69cae3c54a6646a7aed93d MD5 of 8aad26c42b61e34c7fa67b4b1937cd391662f2176e350d01c57efcd6c660ba40 2024-02-21
FileHash-MD5 f5774aca722e0624daf67a2da5ec6967 MD5 of d505835c635e8ee29297ca628330b805965439ddc14d50a19bc088b5c123149b 2024-02-21
References (1)
↗ https://medium.com/s2wblog/rustdoor-and-gatedoor-a-new-pair-of-weapons-disguised-as-legitimate-software-by-suspected-34c94e558b40