IOC Radar
SHA1MediumSignal 77/100

2d746dda85805c79b5f6ea376f97d9b2f547da5d

Location
Korea, Democratic People's Republic ofKorea, Democratic People's Republic of
First Seen
Mar 24, 2025
Last Seen
Mar 3, 2026
Mar 24
First Seen
463d ago
Mar 3
Last Seen
119d ago
8
Reports
source reports
77%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
77%
Signal Score
77 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

63 techniques

Feed Intelligence Summary

8 reports77% confidence
8
Source reports
77%
Confidence score
Category tags
abuseactive scanningappleaptarmbackdoorbankingbca ltdbluenoroffbotnetbrute forcec2c2 servercasecommand and controlcommunication protocolcontagious interviewcredential accesscredential harvestingcredential stealingcredential stuffingcredit card servicescryptobotcryptocurrency theftcryptocurrency threatscryptojackingcrystaldata encryptiondata exfiltrationdistributed attacksdprkdprk aptdprk threat actorencrypted communicationfile-hashfinancefinancial servicesfinancial technologyftpgoogie llchttp scannerindicatorinformation technologyinfostealeringress tool transferit infrastructurejsonjson structurekeyloggerkimsukykorea, democratic people's republic ofkoreanlateral movementlaunchagentlazarusmacmachmachomacosmacsmalicious softwaremalwaremultiple threat actorsnetwork probingnetwork protocolnetwork scanningnetwork securitynextnimnim implantnim programming languagenimdoornimdoor malwarenorth korean aptpayment processingprocess injectionprotocol exploitationransomwarereconnaissanceremote accessremote access trojanremote servicesresearchedresource hijackingroot troyroot troy v4rustsigintsocial engineeringsoftware developmentsoftware update attackssh attackstealersupply chain attackswiftt1021t1021.001t1021.002t1027t1036t1036.005t1040t1041t1046t1053t1053.003t1053.005t1055t1055.001t1056t1056.001t1057t1059t1059.001t1059.002t1059.004t1071t1071.001t1076t1077t1078t1102t1104t1105t1106t1110t1110.002t1112t1113t1115t1133t1136t1140t1189t1190t1202t1204t1486t1496t1499.002t1499.003t1543t1543.001t1547t1547.001t1555t1561t1563t1565t1566t1566.001t1573t1573.002t1588t1595t1595.001t1595.002t1595.003telnet threattrojan malwarewealth managementweb trafficx8664x86_64xscreenzoom extensionzoom meetingzoom sdk

Activity Timeline

1 total obs
Mar 3Mar 3

Threat Activity Heatmap

· Peak: 2026-03-03
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
77
SIGNAL
Signal Score
77%
Confidence
8
Reports
First seenMar 24, 2025
Last seenMar 3, 2026

VirusTotal

Not checked

WHOIS

description
Mach-O 64-bit arm64 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|PIE>
references
https://www.sentinelone.com/labs/macos-nimdoor-dprk-threat-actors-target-web3-and-crypto-platforms-with-nim-based-malware, https://www.huntress.com/blog/inside-bluenoroff-web3-intrusion-analysis, https://www.sentinelone.com/labs/macos-nimdoor-dprk-threat-actors-target-web3-and-crypto-platforms-with-nim-based-malware/, Cyber Threat Advisory - NimDoor DPRK's Nim-Based Malware Campaign Targets Web3 & Crypto.pdf, https://bazaar.abuse.ch/export/csv/recent/, https://news.mefiltraron.com/p/edicion-especial-como-domar-un-chollima, https://bazaar.abuse.ch/sample/469fd8a280e89a6edd0d704d0be4c7e0e0d8d753e314e9ce205d7006b573865f/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 8 threat reports