← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
RustDoor and Koi Stealer for macOS Used by North Korea-Linked Threat Actor to Target the Cryptocurrency Sector
WHITE Tr1sa111 2025-02-27 Modified: 2025-03-28
25
IOCs
MEDIUM VOLUME
koi stealerstudio helperrustdoor c2cryptocurrenciesmacosaptrust
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Koi Stealer
Indicators of Compromise (15 / 25 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 17064520feaf5804aa725e123b24fd0f73f8afc9b7f4361650cd11ddf4ee768f 2025-02-27
FileHash-SHA256 27fcc3278afbbec44737e9f72666946607fea819f5b1cb9fbbe268037a561f0b 2025-02-27
FileHash-SHA256 76f96a35b6f638eed779dc127f29a5b537ffc3bb7accc2c9bfab5a2120ea6bc9 2025-02-27
FileHash-SHA256 77361f7ef25a0185636a0fc6deff2e9986720223da9d6b1494f671082105bebb 2025-02-27
FileHash-SHA256 8be62324fe5af009c12fb9afc8d4f47d12c98ea680bff490b3f5e0c72c8f9617 2025-02-27
FileHash-SHA256 8f0e2b8b3e07f5761066cb00bc0db10d68c56ada8c054e9f07990cc1ac5ae962 2025-02-27
FileHash-SHA256 97abafff549ea21797c135c965c5e4a46a44ec7353b2edd293e8a22d5954b6aa 2025-02-27
FileHash-SHA256 a5b7ddd12539ce3e8c08bed5855ddcea3217d41d7d4c58fcc1a7e01336b38912 2025-02-27
FileHash-SHA256 a900ec81363358ef26bcdf7827f6091af44c3f1001bc8f52b766c9569b56faa5 2025-02-27
FileHash-SHA256 adde2970b40634e91b9ef8520f8e50eaa7901a65f9230e65d7995ac1a47700ef 2025-02-27
FileHash-SHA256 b5119a49830a2044f406645c261e54ab335c9b1e1ed320df758405a8147fae88 2025-02-27
FileHash-SHA256 b5412375477a180608bf410f5cb36b4a0949bee7663648a06879f42be9a3b6bc 2025-02-27
FileHash-SHA256 baa676b671e771bf04b245e648f49516b338e1f49cbd9b4d237cc36d57ab858d 2025-02-27
FileHash-SHA256 c379f4ab29a49d4bccb232c8551d1b8b01e64440ea495bbabef9010a519516c3 2025-02-27
FileHash-SHA256 c42b103b42d7e9817f93cb66716b7bf2e4fe73a405e0fbbae0806ce8b248a304 2025-02-27
References (1)
↗ https://unit42.paloaltonetworks.com/macos-malware-targets-crypto-sector/