RE:archive | APT37's ROKRAT HWP Object Linking and Embedding
Tags
| country: | North Korea Japan South Korea |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Model Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Software - T1592.002 Vulnerabilities - T1588.006 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 8234cc81-58b2-4b7c-b7a3-778328303c70 |
| Fingerprint | acfd19d12daf0681 |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | March 1, 2024, midnight |
| Added to db | Aug. 31, 2024, 10:55 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | RE:archive | APT37's ROKRAT HWP Object Linking and Embedding |
| Title | RE:archive | APT37's ROKRAT HWP Object Linking and Embedding |
| Detected Hints/Tags/Attributes | 73/3/32 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.0x0v1.com/rearchive-rokrat-hwp/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 427 | ✔ | [0x0v1] | https://www.0x0v1.com/rss | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 25 | daum.net |
|
| Details | Domain | 3 | work3.b4a.app |
|
| Details | Domain | 3 | www.nec.go.kr |
|
| Details | Domain | 80 | infosec.exchange |
|
| Details | Domain | 2 | 0x0v1.com |
|
| Details | Domain | 1 | ay4.name |
|
| Details | Domain | 339 | system.net |
|
| Details | Domain | 19 | ahnlab.com |
|
| Details | Domain | 285 | microsoft.net |
|
| Details | Domain | 107 | system.management |
|
| Details | 1 | kopo1scom98@daum.net |
||
| Details | 1 | 0v1@infosec.exchange |
||
| Details | File | 1 | 327.bat |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 16 | zipfile.zip |
|
| Details | File | 44 | payload.bin |
|
| Details | File | 291 | user32.dll |
|
| Details | File | 1 | hhbrgof6.tmp |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 76 | download.html |
|
| Details | File | 59 | csc.exe |
|
| Details | File | 26 | cvtres.exe |
|
| Details | File | 57 | system.dll |
|
| Details | File | 10 | automation.dll |
|
| Details | File | 11 | system.core |
|
| Details | File | 1 | c:\users\louise\a ppdata\local\temp\uzicvxsd\uzicvxsd.dll |
|
| Details | File | 9 | 0.cs |
|
| Details | sha256 | 1 | 5fec6e533fb9741997530a3d43b60ee44e2e6dc0fd443ef135b9d311b73d92a8 |
|
| Details | IPv4 | 1 | 52.87.80.2 |
|
| Details | Threat Actor Identifier - APT | 277 | APT37 |
|
| Details | Url | 1 | https://work3.b4a.app/download.html?id=88&search=tuh3m0xez3npqzr4terfd2zhsnzasgt1zed |
|
| Details | Url | 1 | https://work3.b4a.app/download.html?id=88&search=tuh3m0xez3npqzr4terfd2zhsnzasgt1zedgawjhvxflazkwyudwewzieglimli1tg5safltegw= |