APT37 그룹의 신종 RokRAT 악성코드 분석 보고서
2025-01-07 • Nurilab • Cyber threat report on APT37, RokRAT •
NuriLab analyzes a new RokRAT malware report associated with APT37, a North Korea-linked threat group also discussed alongside Kimsuky, Moonstone Sleet, and Lazarus in the source context. The report says APT37 impersonates North Korea-related experts and uses spear phishing against people and organizations connected to North Korea issues. It is relevant for defenders tracking RokRAT delivery, APT37 social-engineering themes, and DPRK collection activity against regional policy and specialist communities.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | bb83597cdf057db754def79d3f94b6c… | 2024-11-14 | 2025-01-07 |
| HASH | 5b44285747891464c496aa477e450f10 | 2024-11-14 | 2025-01-07 |
| HASH | 73417ded382af2e0f3fca04d8d07679… | 2024-11-14 | 2025-01-07 |
Related Actors
Related Reports
Shares tag: APT37 • Shares 3 IOCs
Shares tags: APT37, RokRAT
Shares tags: APT37, RokRAT
Shares tags: APT37, RokRAT
2025-02-10 •
70% Match
Targeted Threats Research - South & North Korea (a breakdown of 3 years of threat research in Korea)
0x0v1
Shares tags: APT37, RokRAT
Shares tags: APT37, RokRAT