Observes Targeted Attacks Amid FBI Warnings

Sept. 17, 2024, 2:59 p.m.

Tags
malware
backdoor
infostealer
northkorea
2024-09-17
socialengineering
rustdoor
thiefbucket
cryptoindustry
External References
Description

The report details targeted attacks observed by Jamf Threat Labs that align with FBI warnings about the Democratic People's Republic of Korea (DPRK) targeting individuals in the crypto industry through social engineering tactics for malware delivery. It outlines attack scenarios involving malicious coding challenges and techniques to install backdoor malware, steal credentials, and maintain persistence. Analysis of the malware's capabilities, updates, and command-and-control infrastructure is provided.

Date

Published: Sept. 17, 2024, 1:55 p.m.

Created: Sept. 17, 2024, 1:55 p.m.

Modified: Sept. 17, 2024, 2:59 p.m.

Indicators

https://taurihostmetrics.com/cloud/zsh_env

https://taurihostmetrics.com/cloud/VisualStudioHelper

Download all indicators here!

Attack Patterns

Thiefbucket

Rustdoor

Democratic People's Republic of Korea (DPRK)

T1546.003

T1547.010

T1505.002

T1610

T1589.001

T1589

T1021.001

T1059.006

T1137

T1059.005

T1497.001

T1059.001

T1547.001

T1059.007

T1056.001

T1592

Additional Informations

Technology

Finance