⚠️Today : 0 critical vulnerabilities | 0 high vulnerabilities | 1 medium vulnerabilities | 0 low vulnerabilities - You can now download lists of IOCs here !

Analysis of Cyber Reconnaissance Activities Behind APT37 Threats

Nov. 6, 2024, 11:35 a.m.

Tags
north korea
rokrat
cyber espionage
reconnaissance
spear-phishing
lnk files
2024-11-06
web beacons
External References
Description

The report analyzes the covert cyber reconnaissance activities of the state-sponsored APT37 group targeting South Korea. The group uses spear-phishing emails with malicious LNK files to deploy the RoKRAT malware, collecting sensitive information from victims' devices. The attackers employ various tactics to evade detection, including web beacons for initial reconnaissance and cloud storage services for command and control. The report highlights the group's evolving techniques, use of VPN servers, and specific targeting of individuals in fields related to North Korea. It emphasizes the need for enhanced endpoint security solutions to detect and respond to such sophisticated threats.

Date

Published: Nov. 6, 2024, 11:12 a.m.

Created: Nov. 6, 2024, 11:12 a.m.

Modified: Nov. 6, 2024, 11:35 a.m.

Indicators

b1025baa59609708315326fe4279d8113f7af3f292470ef42c33fccbb8aa3e56

61.97.243.2

175.214.194.61

158.247.249.129

158.247.219.10

141.164.62.19

141.164.60.110

108.181.52.236

108.181.52.235

108.181.52.234

108.181.52.229

108.181.52.169

108.181.52.231

108.181.50.58

223.104.236.114

http://navarar.com/files/

http://filedownloadserve.com/download/

navarar.com

kakaofilestorage.com

filedownloadserve.com

Download all indicators here!

Attack Patterns

ROKRAT - S0240

APT37

T1074

T1059.001

T1571

T1189

T1114

T1105

T1083

T1102

T1204

T1027

T1566

CVE-2022-41128

Additional Informations

Media

Defense

Education

Government