S0240Windows

S0240ROKRAT

Platforms
1
ATT&CK
14.1
References
5

Description

[ROKRAT](https://attack.mitre.org/software/S0240) is a cloud-based remote access tool (RAT) used by [APT37](https://attack.mitre.org/groups/G0067) to target victims in South Korea. [APT37](https://attack.mitre.org/groups/G0067) has used ROKRAT during several campaigns from 2016 through 2021.(Citation: Talos ROKRAT)(Citation: Talos Group123)(Citation: Volexity InkySquid RokRAT August 2021)

Platforms· 1

Windows

References

  1. https://attack.mitre.org/software/S0240
  2. https://blog.talosintelligence.com/2017/04/introducing-rokrat.html
  3. https://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html
  4. https://www.volexity.com/blog/2021/08/24/north-korean-bluelight-special-inkysquid-deploys-rokrat/
  5. https://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
NavRAT
Software
Bandook
Actor
APT37
Software
RATAttack
Software
UBoatRAT
Software
gh0st RAT
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.