Hackread.comNorth Korea-linked ScarCruft is using spear-phishing with RokRAT malware to spy on academics, dubbed the #HanKookPhantom campaign.
Read: https://hackread.com/north-korea-scarcruft-target-academics-rokrat-malware/
TechNaduScarCruft (APT37) is running Operation HanKook Phantom โ phishing South Korean academics w/ RokRAT malware.
๐น LNK loaders + fileless PowerShell
๐น Exfil via Dropbox & GDrive
๐น Goal: espionage & persistence
๐ฌ Should academia ramp up defenses to enterprise SOC levels, or is that unrealistic?
Follow @technadu for more threat intel.
#CyberSecurity #APT37 #ScarCruft #RokRAT #Phishing #ThreatIntel
securityaffairs#North #Koreaโs #APT37 deploys #RokRAT in new phishing campaign against academics
https://securityaffairs.com/181782/hacking/north-koreas-apt37-deploys-rokrat-in-new-phishing-campaign-against-academics.html
#securityaffairs #hacking #malware
https://securityaffairs.com/181782/hacking/north-koreas-apt37-deploys-rokrat-in-new-phishing-campaign-against-academics.html
#securityaffairs #hacking #malware
The Threat CodexRoKRAT Shellcode and Steganographic Threats: Analysis and EDR Response Strategies
#RoKRAT
https://www.genians.co.kr/en/blog/threat_intelligence/rokrat_shellcode_steganographic
#RoKRAT
https://www.genians.co.kr/en/blog/threat_intelligence/rokrat_shellcode_steganographic
lazarusholic"RokRAT Malware Using Malicious Hangul (.HWP) Documents" published by Ahnlab. #RokRAT, #DPRK, #CTI https://asec.ahnlab.com/en/89130/
"์
์ฑ ํ๊ธ(.HWP) ๋ฌธ์๋ฅผ ์ด์ฉํ RokRAT ์
์ฑ์ฝ๋ ์ ํฌ ์ฃผ์" published by Ahnlab. #RokRAT, #DPRK, #CTI https://asec.ahnlab.com/ko/89116/
"๋๋ถ๊ด๊ณ์๋ฅผ ๋
ธ๋ฆฌ๋ ๋ถํ ํดํน ๋จ์ฒด ๋ฆฌํผ(Reaper)์์ ๋ง๋ ์
์ฑ์ฝ๋-๊ตญ๊ฐ์ ๋ณด์ ๋ฐฉ์ฒฉ ์๊ณ .lnk(2025.6.3)" published by Sakai. #APT37, #LNK, #RokRAT, #DPRK, #CTI https://wezard4u.tistory.com/429506
๋๋ถ๊ด๊ณ์๋ฅผ ๋ ธ๋ฆฌ๋ ๋ถํ ํดํน ๋จ์ฒด ๋ฆฌํผ(Reaper)์์ ๋ง๋ ์ ์ฑ์ฝ๋-๊ตญ๊ฐ์ ๋ณด์ ๋ฐฉ์ฒฉ ์๊ณ .lnk(2025.6.3)
์ค๋์ ์ค๋๊ฐ๋ง์ ๋ถํ ํดํน ๋จ์ฒด ๋ฆฌํผ(Reaper,APT 37) ์์ ๋ง๋ ์ ์ฑ์ฝ๋์ธ ๊ตญ๊ฐ์ ๋ณด์ ๋ฐฉ์ฒฉ ์๊ณ .lnk์ ๋ํด ์์๋ณด๊ฒ ์ต๋๋ค.RoKRAT์ ๋ํ๋ฏผ๊ตญ์์ ๋๋ถ๊ด๊ณ์ ๋ถ๋ค์ ๋์์ผ๋ก ํ๋ ๊ฒ์ด ํน์ง์ด ์์ผ๋ฉฐ ๋๋ถ ์ธ๊ถ๋จ์ฒด, ๋ถํ ์ทจ์ฌ ๊ธฐ์,ํ๋ถ๋ฏผ,๋๋ถ ๊ดํ ๋ํ๊ต์๋ ํฌํจ์ด ๋ฉ๋๋ค.ํ์ผ๋ช :๊ตญ๊ฐ์ ๋ณด์ ๋ฐฉ์ฒฉ ์๊ณ .lnk์ฌ์ด์ฆ:52 MBMD5:f6d72abf9ca654a20bbaf23ea1c10a55SHA-1:543e3b4b74257c3ffcd45dcdd8c842489a82bc07SHA-256:90bf1f20f962d04f8ae3f936d0f9046da28a75fa2fb37f267ff0453f272c60a0์ ๋๋ค.์ ์ฑ์ฝ๋ PowerShell ์ฝ๋StringData{ namestring: ..
"Analysis of APT37 Attack Case Disguised as a Think Tank for National Security Strategy in South Korea (Operation. ToyBox Story)" published by Genians. #APT37, #LNK, #ToyBoxStory, #RokRAT, #DPRK, #CTI https://www.genians.co.kr/en/blog/threat_intelligence/toybox-story
"ํ๊ตญ ๊ตญ๊ฐ์๋ณด์ ๋ต ์ฑํฌํฑํฌ ์์ฅ APT37 ๊ณต๊ฒฉ ์ฌ๋ก ๋ถ์ (์์ ๋ช
. ํ ์ด๋ฐ์ค ์คํ ๋ฆฌ)" published by Genians. #APT37, #LNK, #RokRAT, #ToyBoxStory, #DPRK, #CTI https://www.genians.co.kr/blog/threat_intelligence/toybox-story
ํ๊ตญ ๊ตญ๊ฐ์๋ณด์ ๋ต ์ฑํฌํฑํฌ ์์ฅ APT37 ๊ณต๊ฒฉ ์ฌ๋ก ๋ถ์ (์์ ๋ช . ํ ์ด๋ฐ์ค ์คํ ๋ฆฌ)
25๋ 3์, APT37 ๊ทธ๋ฃน์ด ๋๋กญ๋ฐ์ค๋ฅผ ์ ์ฉํด LNK๊ฐ ํฌํจ๋ ์์ถ ํ์ผ์ ์ ํฌํ์ต๋๋ค. LNK ํ์ผ์ ์ ์ฑ ์ฝ๋๋ฅผ ์ฝ์ ํ ๋ค RoKRAT์ ํ์ผ๋ฆฌ์ค ๋ฐฉ์์ผ๋ก ์คํํ๋ ์ ๋ต์ ๊ตฌ์ฌํ์ผ๋ฉฐ, ํ์ผ ์คํ ์ โtoyโ ํค์๋๊ฐ ํฌํจ๋ ์ถ๊ฐ ์ ์ฑ ์ฝ๋๊ฐ ์๋ํ๋๋ก ์ค๊ณํ์ต๋๋ค.
