"Analysis of APT37 Attack Case Disguised as a Think Tank for National Security Strategy in South Korea (Operation. ToyBox Story)" published by Genians. #APT37, #LNK, #ToyBoxStory, #RokRAT, #DPRK, #CTI https://www.genians.co.kr/en/blog/threat_intelligence/toybox-story

"한국 국가안보전략 싱크탱크 위장 APT37 공격 사례 분석 (작전명. 토이박스 스토리)" published by Genians. #APT37, #LNK, #RokRAT, #ToyBoxStory, #DPRK, #CTI https://www.genians.co.kr/blog/threat_intelligence/toybox-story

"한글 문서로 위장한 두 공격 그룹의 악성코드 비교" published by Logpresso. #APT37, #Konni, #RokRAT, #LNK, #DPRK, #CTI https://logpresso.com/ko/blog/2025-04-17-cti-report-vol11

"북한 해킹 단체 APT37(Reaper)에서 만든 악성코드-한국군사학논총(2025.3.26)" published by Sakai. #APT37, #LNK, #RokRAT, #DPRK, #CTI https://wezard4u.tistory.com/429443

"학술논문으로 위장하여 유포 중인 RokRAT 악성코드 주의!" published by ESTSecurity. #LNK, #RokRAT, #DPRK, #CTI https://alyacofficialblog.tistory.com/5545

"APT37 - RokRat" published by ZW01f. #APT37, #LNK, #RokRAT, #DPRK, #CTI https://zw01f.github.io/malware%20analysis/apt37/

"한글 문서로 위장한 두 공격 그룹의 악성코드 비교" published by Logpresso. #APT37, #Konni, #LNK, #RokRAT, #DPRK, #CTI https://logpresso.com/ko/blog/2025-03-04-comparison-of-malware-disguised-as-a-hangul-document

"APT-C-28（ScarCruft）组织利用无文件方式投递RokRat的攻击活动分析" published by Qihoo360. #APT-C-28, #RokRAT, #DPRK, #CTI https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247505583&idx=1&sn=8ed8a00690db7f06260546c6a5142380

"Targeted Threats Research - South & North Korea (a breakdown of 3 years of threat research in Korea)" published by 0x0v1. #APT37, #CVE-2022-41128, #Kimsuky, #RambleOn, #RokRAT, #UCID902, #DPRK, #CTI https://www.0x0v1.com/targeted-threats-research-south-north-korea/

Ziel sind vor allem südkoreanische Menschenrechtsaktivisten und politische Einrichtungen in Europa. #CyberSecurity #ScarCruft #RokRAT #ZeroDay

Die nordkoreanische Hackergruppe ScarCruft startet eine neue Cyber-Überwachungskampagne, die eine Zero-Day-Schwachstelle im Internet Explorer ausnutzt, um RokRAT-Malware zu verbreiten. Über 'Toast'-Pop-up-Werbung wird der Schadcode ohne Benutzerinteraktion ausgeführt. Ziel sind vor allem südkoreanische Menschenrechtsaktivisten und politische Einrichtungen in Europa. #CyberSecurity #ScarCruft #RokRAT #ZeroDay

"Introduction to the North Korea-backed Scarcruft ROKRAT Malware Cluster" published by S2W. #CloudMensis, #RokRAT, #ScarCruft, #DPRK, #CTI https://www.s2w.inc/en/resource/detail/678

"APT37 aka ScarCruft or RedEyes – Active IOCs" published by Rewterz. #APT37, #RokRAT, #DPRK, #CTI https://www.rewterz.com/threat-advisory/apt37-aka-scarcruft-or-redeyes-active-iocs-37073

"북한 APT 리퍼(Reaper)에서 만든 탈북민 사칭 한국해양수산연수원 타겟 인것으로 추측이 되는 악성코드-정보접근권.lnk(2024.11.1)" published by Sakai. #APT37, #RokRAT, #LNK, #DPRK, #CTI https://wezard4u.tistory.com/429316

#Internet_Explorer に #ゼロデイ脆弱性 ､ #北朝鮮 のサイバー攻撃者が悪用 | TECH+ (テックプラス)
影響と対策. この #サイバー攻撃 で配布された #マルウェア ｢ #RokRAT ｣ の亜種は、Windowsスタートアップを使用して永続性を確保する …
https://news.mynavi.jp/techplus/article/20241021-3047008/

"Unmasking CVE-2024-38178: The Silent Threat of Windows Scripting Engine" published by S2W. #APT37, #CVE-2024-38178, #RokRAT, #DPRK, #CTI https://medium.com/s2wblog/unmasking-cve-2024-38178-the-silent-threat-of-windows-scripting-engine-91ad954dbf83

🔥 One click, and chaos begins!

#NorthKorean #APT group ScarCruft has been linked to the exploitation of a zero-day Windows flaw (CVE-2024-38178), targeting unpatched Internet Explorer Mode in Edge, infecting devices with #RokRAT malware.

https://thehackernews.com/2024/10/north-korean-scarcruft-exploits-windows.html

#infosec

"ASEC과 국가사이버안보센터(NCSC), 합동 보고서 배포 및 Microsoft 브라우저 0-DAY 발견 (CVE-2024-38178)" published by Ahnlab. #CVE-2024-38178, #CodeonToast, #TA-RedAnt, #RokRAT, #DPRK, #CTI https://asec.ahnlab.com/ko/83876/

"DPRK-Research" published by errbody. #Konni, #RokRAT, #Kimsuky, #ScarCruft, #CTI, #OSINT, #LAZARUS https://github.com/errbody/DPRK-Research

"LNK File Disguised as Certificate Distributing RokRAT Malware" published by Ahnlab. #RokRAT, #LNK, #RedEyes, #CTI, #OSINT, #LAZARUS https://asec.ahnlab.com/en/65076/