Skuggaheimar/Threat Intelligence/RustDoor
RUSTDOOR
RUSTDOOR
MACOS MALWARE
DPRK
Threat IntelligenceMalwareJune 25, 202515 min read

RustDoor: Threat Intelligence Profile

Rust-based macOS backdoor

Scroll

RustDoor (macOS) (also known as RustDoor, RustBucket) is a macos malware active since 2024. Rust-based macOS backdoor. Key characteristics include: Rust-based, targets crypto/finance employees, fake job interviews delivery, DPRK attribution suspected.

Overview & Background

Rust-based macOS backdoor. First identified in 2024, this threat is attributed to DPRK (suspected).

Threat Assessment

RustDoor remains an active threat. Organizations should implement detection rules and monitor for indicators associated with this macos malware.

Technical Analysis

RustDoor employs the following capabilities and techniques:

MITRE ATT&CK Mapping

TacticTechniqueUsage
Initial AccessT1566.001 Phishing AttachmentCommon delivery vector
ExecutionT1204.002 Malicious FileUser-triggered execution
PersistenceT1547.001 Registry Run KeysAutostart persistence
Defense EvasionT1027 Obfuscated FilesPayload obfuscation
C2T1071.001 Web ProtocolsHTTP/HTTPS C2

Detection & Defense

Defend Against RustDoor

Mjolnir Security provides detection and response capabilities against RustDoor and similar threats.

Threat DetectionIncident ResponseThreat HuntingMDR ServicesThreat Intelligence
  • Proactive Threat Hunting Hunt for RustDoor indicators and TTPs within your environment.
  • Threat Intelligence Monitor RustDoor campaigns and infrastructure changes.
  • 24/7 Incident Response Rapid containment and forensic investigation. Call +1 833 403 5875.
Written by: Mjolnir Security  |  Published: June 25, 2025
Related Reports
Malware

RedLine Stealer: Cybercrime Empire

Read Report →
Malware

Cobalt Strike: Adversary's Arsenal

Read Report →