OBTS_v6_jBradley_fSaljooki.pdf (21 MB)

Objective by the Sea material presents a macOS-focused RustBucket reversing case in the context of Lazarus and BlueNoroff activity. The talk describes Lazarus as a North Korean state-sponsored group active on macOS and BlueNoroff as a financially motivated subgroup associated with bank, SWIFT, cryptocurrency, and venture-capital targeting. The RustBucket discovery chain involved an unsigned compiled AppleScript app named Internal PDF Viewer that executed curl, unzip, and open, fetched a second stage into /Users/Shared, and used a PDF as a trigger for a down-and-execute function. The analysis highlights social engineering around investment or document themes, Rust executable reversing challenges, and macOS process-tree telemetry as useful defensive evidence for tracking multi-stage malware execution.