IOC Radar
SHA1HighVerifiedSignal 30/100

ee3795f6418fc0cacbe884a8eb803498c2b5776f

Location
Korea, Democratic People's Republic ofKorea, Democratic People's Republic of
First Seen
Jul 6, 2025
Last Seen
Jan 26, 2026
Jul 6
First Seen
348d ago
Jan 26
Last Seen
144d ago
4
Reports
source reports
30%
Confidence
high
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
30%
Signal Score
30 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

33 techniques

Feed Intelligence Summary

4 reports30% confidence
4
Source reports
30%
Confidence score
Category tags
active scanningaptbankingbrute forcecasecommunication protocolcredential accesscredential stuffingcredit card servicescryptocurrency threatscryptojackingcrystaldata encryptiondata exfiltrationdprk aptdprk threat actorencrypted communicationfile-hashfinancefinancial servicesfinancial technologyftpgoogie llchttp scannerindicatorinformation technologyinfostealerit infrastructurejsonjson structurekorea, democratic people's republic oflateral movementlaunchagentmachomacosmalicious softwaremalwaremultiple threat actorsnetwork probingnetwork protocolnetwork scanningnetwork securitynimnimdoornimdoor malwarepayment processingprocess injectionprotocol exploitationransomwarereconnaissanceremote accessremote servicesresearchedresource hijackingrustsigintsoftware developmentssh attackt1021t1021.001t1021.002t1027t1040t1046t1053t1055t1055.001t1059t1059.001t1071.001t1076t1077t1078t1105t1110t1110.002t1189t1190t1486t1496t1499.002t1543.001t1547t1563t1565t1566t1573.002t1595t1595.001t1595.002t1595.003telnet threatwealth managementweb trafficx8664

Activity Timeline

1 total obs
Jan 26Jan 26

Threat Activity Heatmap

· Peak: 2026-01-26
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreLow Risk
30
SIGNAL
Signal Score
30%
Confidence
4
Reports
First seenJul 6, 2025
Last seenJan 26, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

references
https://www.sentinelone.com/labs/macos-nimdoor-dprk-threat-actors-target-web3-and-crypto-platforms-with-nim-based-malware, https://www.sentinelone.com/labs/macos-nimdoor-dprk-threat-actors-target-web3-and-crypto-platforms-with-nim-based-malware/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 11 months ago · Last seen 4 months ago
Appeared in 4 threat reports