ioc[.]one - OSINT Cyber Threat Intelligence Database

APT-C-28（ScarCruft）组织利用恶意文档投递RokRat攻击活动分析

Tags

attack-pattern:

Show in Graph

Common Information

Type	Value
UUID	4ddadd92-1c51-4712-a9b1-77d3cfb93450
Fingerprint	82bbef7f05fb4bff
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 22, 2022, 3:06 a.m.
Added to db	June 5, 2023, 2:19 p.m.
Last updated	Nov. 17, 2024, 6:45 p.m.
Headline	APT-C-28（ScarCruft）组织利用恶意文档投递RokRat攻击活动分析
Title	APT-C-28（ScarCruft）组织利用恶意文档投递RokRat攻击活动分析
Detected Hints/Tags/Attributes	18/1/20

Source URLs

	Redirection	Url
Details	Source	https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247560490&idx=2&sn=dea1339adf5f213c133ce015185c6b3c&chksm=9f8d7d22a8faf434be944540373f3cb3cacfe65c00491854cdc0a43734df8dd65b6a33916dfc&scene=58&subscene=0#rd

URL Provider

Details	Provider	Source level domain
Details	qq.com	mp.weixin.qq.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	265	✔	360数字安全	https://wechat2rss.xlab.app/feed/85e7bf4fe192ded1a15f130aa43ac306d227f61b.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	434	medium.com
Details	File	2	사례비_지급의뢰서.doc
Details	File	3	c:\windows\avp.exe
Details	File	3	c:\windows\clisve.exe
Details	File	1	如果当前系统运行了360tray.exe
Details	File	2	kb400928_doc.exe
Details	md5	1	BF757D55D6B48EC73851540CA7FE9315
Details	md5	1	752F1932D21F8D95E35B6778DDEFBC79
Details	sha1	2	8a50a4ee479d9ba2f5525fa899420b30296e3ed8
Details	sha1	1	0ee5120ecd0e8f07cb7e2af11c9d403d01ace38f
Details	sha256	3	12ecabf01508c40cfea1ebc3958214751acfb1cd79a5bf2a4b42ebf172d7381b
Details	sha256	1	9970e502a2db3cecb5109b28d6f26e004f73d9cc64d5a6c75a91d66514576d64
Details	Threat Actor Identifier - APT-C	15	APT-C-28
Details	Threat Actor Identifier - APT	277	APT37
Details	Url	11	https://api.onedrive.com/v1.0/shares/u
Details	Url	1	https://www.malwarebytes.com/blog/news/2021/01/retrohunting-apt37-north-korean-apt-used-vba-self-decode-technique-to-inject-rokrat
Details	Url	1	https://medium.com/s2wblog/matryoshka-variant-of-rokrat-apt37-scarcruft-69774ea7bf48
Details	Windows Registry Key	4	HKLM\System\CurrentControlSet\Services\mssmbios\Data\SMBiosData
Details	Windows Registry Key	493	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	582	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run