Analysis of malicious HWP cases of 'APT37' group distributed through K messenger
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The report details a sophisticated APT attack targeting South Korea, utilizing spear-phishing techniques and malicious HWP files distributed through a popular Korean messenger service. The APT37 group exploited trust-based tactics, using compromised accounts to spread malware through group chats. The malicious files contained OLE objects that executed PowerShell commands and shellcode, ultimately deploying the RoKRAT malware. This file-less attack method allowed for information gathering and potential remote control of infected systems. The attackers used pCloud for data exfiltration and command-and-control communication. The report emphasizes the importance of endpoint detection and response (EDR) systems to combat such evolving threats.
OPENCTI LABELS :
powershell,spear-phishing,rokrat,ole,file-less,pcloud,hwp,k messenger
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Analysis of malicious HWP cases of 'APT37' group distributed through K messenger