Rustbucket

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
RustBucket is a malicious software (malware) campaign that was first uncovered in 2021 and attributed to BlueNoroff, a North Korea-linked Advanced Persistent Threat (APT) group. The malware is known for its ability to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. RustBucket primarily targets macOS devices, spreading its malicious payload via an app disguised as a PDF viewer. In April 2024, the security firm Jamf observed BlueNoroff using a new macOS malware variant, dubbed RustBucket. In July 2023, researchers from Elastic Security Labs spotted a new variant of the RustBucket Apple macOS malware. A subsequent discovery in December 2023 revealed a new Trojan attacking macOS users, also associated with the BlueNoroff APT group and their ongoing RustBucket campaign. This discovery included a new type of malicious loader targeting macOS, which experts believe is linked to the RustBucket campaign. Another malware, ObjCShellz, was identified as part of the RustBucket campaign due to its similarities with other RustBucket variants. The Lazarus Group, another North Korean hacker collective, has reportedly leveraged a key component of the RustBucket campaign, SwiftLoader, to distribute the KANDYKORN malware. SentinelOne, a cybersecurity company, has confirmed protection for its customers from both KandyKorn and RustBucket malware. The RustBucket campaign is characterized by its deployment of a backdoored version of a PDF reader app called SwiftLoader, further solidifying its focus on macOS systems.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Objcshellz
3
ObjCShellz is a lightweight but advanced malware written in Objective-C, identified by researchers from Jamf Threat Labs in November 2023. This malicious software is designed to infiltrate macOS systems and enable remote execution of commands by attackers. It is characterized by its advanced obfusca
Kandykorn
2
KandyKorn is a new strain of malware that has recently been identified as an emerging threat to the technology sector, particularly targeting blockchain engineers. The malicious software, which is designed to infiltrate and damage computer systems, often enters undetected through suspicious download
Swiftloader
2
SwiftLoader is a sophisticated malware that functions as a PDF viewer to lure unsuspecting victims. It was initially used in the RustBucket campaign, where it served as a second-stage malware, infecting systems through seemingly innocent downloads such as documents sent to targets. Notably, SwiftLoa
Reconnaissance General Bureau Rgb
1
The Reconnaissance General Bureau (RGB) is a North Korean military intelligence agency identified as a threat actor responsible for various cyberattacks. RGB is associated with hacking groups known as the "Lazarus Group," "Bluenoroff," and "Andariel," which are recognized as agencies or controlled e
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Macos
Malware
Jamf
Apt
Backdoor
Payload
Windows
Loader
Korean
Papercut
Tp
Cybercrime
Sentinelone
Reconnaissance
Dropper
Phishing
State Sponso...
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
BluenoroffUnspecified
5
BlueNoroff, a threat actor closely associated with the notorious Lazarus Group, has been actively involved in malicious cyber activities primarily targeting financial institutions and cryptocurrency businesses. Known for its sophisticated attacks on banks, casinos, fintech companies, POST software,
Lazarus GroupUnspecified
1
The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large-
RgbUnspecified
1
RGB, a threat actor with ties to North Korea, has been involved in a range of malicious cyber activities. The group was designated by the Office of Foreign Assets Control (OFAC) on January 2, 2015, under Executive Order 13687 for being a controlled entity of the North Korean government. In addition
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Swiftloader Securepdf viewer.appUnspecified
1
None
Source Document References
Information about the Rustbucket Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
7 months ago
Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea
CERT-EU
8 months ago
BlueNoroff: New Malware Attacking MacOS Users
CERT-EU
8 months ago
BlueNoroff: new Trojan attacking macOS users – GIXtools
CERT-EU
8 months ago
New BlueNoroff loader for macOS
CERT-EU
8 months ago
North Korean Hackers Now Merging macOS Malware Strains
CERT-EU
8 months ago
North Korean hackers evolve their techniques by mixing malware from previous campaigns
CERT-EU
8 months ago
DPRK hackers take aim at macOS by blending malware
CERT-EU
8 months ago
DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads
DARKReading
8 months ago
macOS Malware Mix & Match: North Korean APTs Stir Up Fresh Attacks
CERT-EU
8 months ago
N. Korean Hackers ‘Mixing’ macOS Malware Tactics to Evade Detection
Securityaffairs
8 months ago
North Korea-linked APT Sapphire Sleet targets IT job seekers
CERT-EU
8 months ago
Unveiling ObjCShellz: BlueNoroff's Latest macOS Malware
CERT-EU
8 months ago
New 'ObjCShellz' malware allows hackers to remotely control a Mac
CERT-EU
8 months ago
BlueNoroff APT Targets macOS with new RustBucket Malware Variant
CERT-EU
8 months ago
Lazarus-Linked BlueNoroff APT Targets macOS with ObjCShellz Malware
Securityaffairs
8 months ago
North Korea-linked APT BlueNoroff used new macOS malware ObjCShellz
CERT-EU
8 months ago
North Korea-linked APT BlueNoroff used new macOS malware ObjCShellz
CERT-EU
9 months ago
North Korea-linked BlueNoroff's macOS malware variant targets financial firms
CERT-EU
9 months ago
BlueNoroff hackers backdoor Macs with new ObjCShellz malware
DARKReading
9 months ago
North Korea's BlueNoroff APT Debuts 'Dumbed Down' macOS Malware