← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
RustDoor and Koi Stealer for macOS Used by North Korea-Linked Threat Actor to Target the Cryptocurrency Sector
WHITE RustDoor CyberHunter_NL 2025-02-26 Modified: 2025-03-28
30
IOCs
MEDIUM VOLUME
Palo Alto Networks research has identified two new variants of malware targeting macOS, as well as a previously undocumented variant of a similar family family known as Koi Stealer, used by a North Korean threat actor.
koi stealercortex xdrrustdoorc2 serverunitfigureapplescriptpalo altonetworksstudiomalwarediscordallianceinfostealerrustdownloadmachoredline stealerstealersteamsentinelbluenoroffnullmixerrustbucketwindowswindows koimacoskoi
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
RustBucket Windows RustDoor Windows Koi macOS Koi
Indicators of Compromise (3 / 30 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 457b0b1ab814a830ee2f658eb501face MD5 of 76f96a35b6f638eed779dc127f29a5b537ffc3bb7accc2c9bfab5a2120ea6bc9 2025-02-26
FileHash-MD5 701165265b73f90942b7000ba39cfe5c MD5 of baa676b671e771bf04b245e648f49516b338e1f49cbd9b4d237cc36d57ab858d 2025-02-26
FileHash-MD5 d2da2dc24f73f66f3fbe62784262378b MD5 of a900ec81363358ef26bcdf7827f6091af44c3f1001bc8f52b766c9569b56faa5 2025-02-26
References (1)
↗ https://unit42.paloaltonetworks.com/macos-malware-targets-crypto-sector/