| ID | Votes | Profile Description |
|---|---|---|
| ROKRAT | 3 | RokRAT is a sophisticated malware that has been used by the cyber-espionage group ScarCruft, primarily to target South Korean media and research organizations. The malware is typically delivered via phishing emails with ZIP file attachments containing LNK files disguised as Word documents. However, |
| BLUELIGHT | 1 | The BLUELIGHT malware, first observed in early 2021, was used as the final payload in a multistage attack. This attack involved a watering-hole assault on a South Korean online newspaper, an Internet Explorer exploit, and another ScarCruft backdoor. The attack process included multiple components li |
| Final1stspy | 1 | Final1stspy is a previously unreported malware family that has been discovered and named based on a pdb string found in the malware. This harmful software, designed to exploit and damage computer systems, is closely related to the NOKKI and DOGCALL malware families, used as a deployment mechanism fo |
| Rambleon | 1 | RambleOn is a newer version of the ROKRAT malware, specifically designed for Android devices. ROKRAT, also known as DOGCALL, has been a favored tool of cyber attackers and has evolved over time to be compatible with various platforms including macOS (CloudMensis) and Android (RambleOn). This demonst |
| NOKKI | 1 | NOKKI is a malicious software (malware) that was first identified in January 2018, with activities traced throughout the year. It originated from an investigation into a new malware family named NOKKI, which showed significant code overlap and other ties to KONNI, a previously identified malware. Th |
| Cloudmensis | 1 | CloudMensis, a form of malware specifically designed to exploit macOS systems, was first brought to light by ESET in July 2022. The software infiltrates devices primarily through email attachments, causing significant security breaches once inside. Once installed, CloudMensis works diligently to ide |
| KONNI | 1 | Konni is a malware, short for malicious software, that poses a significant threat to computer systems and data. It's designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Konni can wreak havoc by stealin |
| Reaper | 1 | Reaper, also known as APT37, Inky Squid, RedEyes, or ScarCruft, is a threat actor group attributed to North Korea. It deploys ROKRAT, a malicious tool that has been used in cyber exploitation since the 1970s. This group is also tied to the NOKKI malware family, which originated from research surroun |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Bluelight Malware | Unspecified | 1 | The Bluelight malware is a harmful software program designed to exploit and damage computer systems. It was identified by Volexity in a recent investigation, where it was found being delivered to a victim alongside another malware, RokRAT. The Bluelight malware infiltrates systems through suspicious |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| APT37 | Unspecified | 1 | APT37, also known as ScarCruft, Reaper, or Group123, is a threat actor suspected to be linked to North Korea. It primarily targets South Korea but has also extended its activities to Japan, Vietnam, and the Middle East, focusing on various industry verticals such as chemicals, electronics, manufactu |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
No associations to display |
| Source | CreatedAt | Title |
|---|---|---|
| MITRE | a year ago | NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT |
| MITRE | a year ago | North Korean BLUELIGHT Special: InkySquid Deploys RokRAT |
| Checkpoint | a year ago | Chain Reaction: ROKRAT’s Missing Link - Check Point Research |
| CERT-EU | a year ago | North Korea's ScarCruft Deploys RokRAT Malware via LNK File Infection Chains |