North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware
Tags
attack-pattern: Data Cloud Services - T1021.007 Exploits - T1587.004 Exploits - T1588.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID ce384697-737c-479a-8042-d41355df5761
Fingerprint 14caf91b8e2e35c5
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 16, 2024, 4:20 p.m.
Added to db Oct. 16, 2024, 2:16 p.m.
Last updated Nov. 12, 2024, 11:52 a.m.
Headline North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware
Title North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware
Detected Hints/Tags/Attributes 43/1/5
Source URLs
Redirection Url
Details Source https://thehackernews.com/2024/10/north-korean-scarcruft-exploits-windows.html
URL Provider
Details Provider Source level domain
Details thehackernews.com thehackernews.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 118 The Hacker News https://feeds.feedburner.com/TheHackersNews 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 44 
cve-2024-38178
Details CVE 22 
cve-2020-1380
Details CVE 29 
cve-2022-41128
Details File 29 
jscript9.dll
Details Threat Actor Identifier - APT 277 
APT37