216.73.217.176

Analysis of APT Group's Use of Malicious LNK Files to Deliver RokRat Attack

· Published 29/04/2024 18:40 · Modified 01/05/2024 23:06

Export JSON

Essential information

Published
29/04/2024 18:40
Modified
01/05/2024 23:06
Tags
apt cloud korea lnk rokrat
Related entities
3 observables, 1 intrusion sets (apt), 13 techniques (mitre), 1 malware

Description

The report details a recent cyber attack campaign by the -C-28 (ScarCruft) group, known for targeting organizations in and Asia. The campaign utilized a malicious file disguised as a document related to a 'North Korean Human Rights Expert Debate' to deliver the remote access trojan. When executed, the file deployed a series of PowerShell scripts to download and execute the encrypted payload from a Dropbox link. Detailed analysis of the attack flow and malware components is provided, highlighting the group's persistent use of services and evolving evasion techniques.

External references