North Korean BLUELIGHT Special: InkySquid Deploys RokRAT
2021-08-24 • Volexity •
https://www.volexity.com/blog/2021/08/24/north-korean-bluelight-special-inkysquid-deploys-rokrat/
RokRAT is a closed-source malware family believed to be used exclusively by the North Korean APT37 threat actor, which Volexity tracks as InkySquid. This threat actor compromised a news portal to use recently patched browser exploits to deliver a custom malware family known as BLUELIGHT. RokRAT is a backdoor previously attributed to use by ScarCruft/APT37, which is also known as InkySquid. In this case, it was a system belonging to an individual who is a frequent target of North Korean threat actors.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | 19ee7d139908a889d08508dd4225f2d… | 2021-08-24 | 2021-08-24 |
| HASH | ff080176ab9e51ace68dbe3a5662916… | 2021-08-24 | 2021-08-24 |
| HASH | 9d2e5f9274b25740131f3b6139e3c3ce | 2021-08-24 | 2021-08-24 |
| DOMAIN | 636478154616-bt8kmnrg1l6oml3ipv… | 2021-08-24 | 2021-08-24 |
Related Actors
Related Reports
Shares tags: InkySquid, BLUELIGHT • Same author: Volexity • Published within a week
Shares tag: InkySquid • Same author: Volexity
Shares tag: RokRAT
Shares tag: RokRAT
Shares tag: RokRAT
Shares tag: RokRAT