Blog | G5 Cyber Security

ROKRAT Reloaded

Talos published 2 articles concerning South Korean threats earlier this year. The first one was about the use of a malicious HWP document which dropped downloaders used to retrieve malicious payloads on several compromised websites. The second one was the analysis and discovery of the ROKRAT malware. This month, Talos discovered a new version of the malware. It contains the same reconnaissance code used; similar PDB pattern that the “Evil New Years” samples used; it uses cloud platform as C&C but not exactly the same. This version uses pcloud, box, dropbox and yandex. It also shares code with Freenki, a downloader used in the FreeMilk campaign.”]

Source: https://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html

Exit mobile version