Analysis of Cyber Reconnaissance Activities Behind APT37 Threats
Nov. 6, 2024, 11:35 a.m.
Tags
External References
Description
The report analyzes the covert cyber reconnaissance activities of the state-sponsored APT37 group targeting South Korea. The group uses spear-phishing emails with malicious LNK files to deploy the RoKRAT malware, collecting sensitive information from victims' devices. The attackers employ various tactics to evade detection, including web beacons for initial reconnaissance and cloud storage services for command and control. The report highlights the group's evolving techniques, use of VPN servers, and specific targeting of individuals in fields related to North Korea. It emphasizes the need for enhanced endpoint security solutions to detect and respond to such sophisticated threats.
Date
Published: Nov. 6, 2024, 11:12 a.m.
Created: Nov. 6, 2024, 11:12 a.m.
Modified: Nov. 6, 2024, 11:35 a.m.
Indicators
b1025baa59609708315326fe4279d8113f7af3f292470ef42c33fccbb8aa3e56
61.97.243.2
175.214.194.61
158.247.249.129
158.247.219.10
141.164.62.19
141.164.60.110
108.181.52.236
108.181.52.235
108.181.52.234
108.181.52.229
108.181.52.169
108.181.52.231
108.181.50.58
223.104.236.114
http://navarar.com/files/
http://filedownloadserve.com/download/
navarar.com
kakaofilestorage.com
filedownloadserve.com
Attack Patterns
ROKRAT - S0240
APT37
T1074
T1059.001
T1571
T1189
T1114
T1105
T1083
T1102
T1204
T1027
T1566
CVE-2022-41128
Additional Informations
Media
Defense
Education
Government