Spear-phishing emails are spreading the Nimza loader, which some say may be used to download Cobalt Strike. The TA800 threat group is distributing the malware loader via ongoing, highly-targeted spear-phish emails. The malware loader is unique in that it is written in the Nim programming language, which is uncommon for malware in the threat landscape, except in rare cases. Researchers say malware developers may be using Nim to avoid detection by defense teams who may not be familiar with the language.
Source: https://threatpost.com/nim-based-malware-loader-spreads-via-spear-phishing-emails/164643/