북한 해킹 조직 APT37(리퍼,Reaper) 추측 서울 ADEX 2025 노린 악성코드 분석(2025.7.18)
2025-08-01 • Sakai • North Korean hacking organization APT37 (Reaper) speculation, malware analysis targeting Seoul ADEX 2025 (July 18, 2025) •
A Seoul ADEX 2025-themed LNK is assessed as suspected APT37 activity and likely RoKRAT. The shortcut poses as a PDF for an international UAV and defense exhibition, runs PowerShell through Pester.bat, shows a decoy document, and retrieves staged components from unmannedsystemstechnology.org. The script renames payloads to resemble VLC files, creates a scheduled task named NewErrorReport for minute-based persistence, and deletes traces after execution. The lure points to possible targeting of airshow or defense-related users in South Korea, although the source does not confirm specific victims.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | 760bbec57ef20807abebecfbc6fa345… | 2025-08-01 | 2025-08-01 |
| HASH | 3516c5883806bb7bcfa0d22d849e4b2d | 2025-08-01 | 2025-08-01 |
| HASH | 58fd1c515658865318a8075db4bbb2c… | 2025-08-01 | 2025-08-01 |
| DOMAIN | unmannedsystemstechnology.org | 2025-08-01 | 2025-08-01 |
| DOMAIN | mannedsystemstechnology.org | 2025-08-01 | 2025-08-01 |