APT-C-28(ScarCruft)组织利用恶意LNK文件投递RokRat攻击的活动分析

2024-04-23 Qihoo360 Analysis of APT-C-28 (ScarCruft) Campaign Using Malicious LNK Files to Deliver RokRat Attacks

https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247498025&idx=1&sn=336c94786f14060ae5c583dc8c77370b

Thumbnail for APT-C-28(ScarCruft)组织利用恶意LNK文件投递RokRat攻击的活动分析

360 Advanced Threat Research attributed a RokRat delivery campaign to APT-C-28, also known as ScarCruft, APT37, Reaper, or Group123. The attackers used a malicious LNK file disguised as a North Korean human-rights expert debate lure to download and run RokRat, a cloud-based remote access tool used for long-running intelligence theft against South Korean and other Asian targets.

Indicators of Compromise

Type Value First Seen Last Seen
HASH 0af3b744c9d5deeb1697ce2a3565624b 2024-04-23 2025-02-19
HASH 47e54ee76620aa2f50dfcc120e60bb2… 2024-04-23 2024-04-23
HASH 4e231f708755a69af49c8de135a8e25e 2024-04-23 2024-04-23
HASH c280fc3538bfe163c981a89d7509823… 2024-04-23 2024-04-23
HASH d11d3032e7c38fa314a55ac4b5e61c5d 2024-04-23 2024-04-23
HASH a9cbb1927b391173265ff7a4fdefed5… 2024-04-23 2024-04-23
HASH 3fd02c7057ef1324ad74714a7fc4b00… 2024-04-23 2024-04-23

Related Actors

Related Reports

« Back