The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN.
Two apparently separate North Korean crypto theft campaigns targeting macOS users appear to be linked as threat actors mix and match droppers and payloads.