Happy Tuesday everyone! #APT37 is the topic of today's #readoftheday, specifically ThreatMon takes a deep-dive into the #RokRat malware, which is a remote access trojan (RAT). Enjoy and Happy Hunting!

Link to article in the comments!

***AS usual I am going to leave one of the MITRE ATT&CK blank. I would like to see if any of you that see this can help FILL in that blank! If so, leave your thoughts in the comments OR send me a DM!***

Notable MITRE ATT&CK TTPs:
TA0007 - Discovery
T1087 - Account Discovery
T1083 - File and Directory Discovery
T1018 - Remote System Discovery
T1082 - System Information Discovery

TA0009 - Collection
T[What technique covers the threat actor capturing information under the TEMP folder?] - Good luck!

TA0011 - Command And Control
T1071.001 - Application Layer Protocol: Web Protocols

TA0002 - Execution
T1059.003 - Command and Scripting Interpreter: Windows Command Shell

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

Gli hacker nordcoreani ora rubano i dati delle vittime tramite file MP3

I #ricercatori di sicurezza della società di sicurezza Check Point hanno scoperto che la banda nordcoreana #ScarCruft utilizza file #LNK per consegnare il #trojan #RAT #RokRAT dal luglio 2022.

#redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #privacy #infosecurity

https://www.redhotcyber.com/post/gli-hacker-nordcoreani-ora-rubano-i-dati-delle-vittime-tramite-file-mp3/

ScarCruft, the North Korean threat group behind #RokRAT #malware, has adapted to the blocking of macros by using oversized LNK files.

https://thehackernews.com/2023/05/north-koreas-scarcruft-deploys-rokrat.html

#infosec #hacking #cybersecurity