North Korean Threat Actors Deploy Flutter-Based Malware to Target macOS Users – Active IOCs

2024-11-13 Rewterz

https://www.rewterz.com/threat-advisory/north-korean-threat-actors-deploy-flutter-based-malware-to-target-macos-users-active-iocs

Thumbnail for North Korean Threat Actors Deploy Flutter-Based Malware to Target macOS Users – Active IOCs

North Korean threat actors are described as testing or deploying macOS malware embedded in Flutter applications, including a Minesweeper-themed lure named "New Updates in Crypto Exchange (2024-08-28)." The malware uses Dart payloads, compromised Apple developer IDs, and a C2 at mbupdate.linkpc.net to process reversed AppleScript commands. Variants written in Golang and Python show the operators experimenting with multiple runtimes to obscure activity. The source says attribution to a specific group is not confirmed, but infrastructure overlaps suggest possible links to BlueNoroff and cryptocurrency-focused social engineering.

Indicators of Compromise

Type Value First Seen Last Seen
HASH ea0e8ea3aab4e93e2536dada37599e22 2024-11-13 2024-11-13
HASH 9803e2946f19710f4f78cf5c3fea520… 2024-11-13 2024-11-13
HASH c47932089c8db6bca6a2bb4173b74ca5 2024-11-13 2024-11-13
HASH 435db426ea6410309487b2a1b3565e4… 2024-11-13 2024-11-13
HASH ab0a04e2a492fe19410ba395879a6c9… 2024-11-13 2024-11-13
HASH e96a23042a0ed4217d6a90b2ecdcee2… 2024-11-13 2024-11-13
HASH f3d0b74410e6eb732579ba55b4e79fd… 2024-11-13 2024-11-13
HASH a5a530fdecf65f6a48db6c496957116… 2024-11-13 2024-11-13
HASH 18c274cd1ea6a140a574327df01d9980 2024-11-13 2024-11-13
HASH 7c3f2e37aca9730e11a771fcd756963a 2024-11-13 2024-11-13
HASH f819817aad90aadfbb36d23cb4ee6234 2024-11-13 2024-11-13
HASH f6357545c0ed118d0763ff6da8e04493 2024-11-13 2024-11-13
HASH d4bcc74e261c5c5f5672b4e101965d8d 2024-11-13 2024-11-13
HASH 97b973d5efb2d2930286a4ba85dd3ae4 2024-11-13 2024-11-13
HASH d62198d7d26bea9cebd71b2f04b02fe… 2024-11-13 2024-11-13
HASH 55a746c1d61cd4db4018c468749e61c… 2024-11-13 2024-11-13
HASH bfd3f0046b4c4221dfb5ae459c7ec34… 2024-11-13 2024-11-13
HASH 6817c88c299241643864cf35800d71d2 2024-11-13 2024-11-13
HASH 7cb8a9db65009f780d4384d5eaba7a7… 2024-11-12 2024-11-13
HASH dd38d7097a3359dc0d1c999225286a2… 2024-11-12 2024-11-13
HASH 0b9b61d0fffd52e6c37df37dfdffefc… 2024-11-12 2024-11-13
HASH 90e0e88e5b180eb1663c2b2cfe9f307… 2024-11-12 2024-11-13
HASH 9598e286142af837ee252de720aa550… 2024-11-12 2024-11-13
HASH a12ad8d16da974e2c1e9cfe6011082b… 2024-11-12 2024-11-13
HASH eadfafb35db1611350903c7a7668973… 2024-11-12 2024-11-13
HASH 6fa932f4eb5171affb7f82f88218cca… 2024-11-12 2024-11-13
HASH ee22e7768e0f4673ab954b2dd542256… 2024-11-12 2024-11-13
DOMAIN mbupdate.linkpc.net 2024-11-12 2024-11-13

Related Reports

« Back