InkySquid

Threat Actor updated 7 months ago (2024-05-04T20:53:53.262Z)

Download STIX

Preview STIX

InkySquid, also known as ScarCruft and APT37, is a threat actor believed to be associated with North Korea. This group has been identified as the exclusive user of RokRAT, a closed-source malware family. The actions of this group are monitored by cybersecurity firms such as Volexity, which uses the name InkySquid to refer to this particular actor. The activities of InkySquid have been linked to cyber threats and malicious actions, posing significant security concerns for targeted systems. The attribution of the activity to InkySquid is based on the unique patterns and tools associated with their operations. One notable tool is RokRAT, a backdoor malware that was previously attributed to ScarCruft/APT37, now known as InkySquid. This malware is not openly available and is believed to be used exclusively by this group, further supporting the attribution. Volexity's tracking and analysis of InkySquid's activities have provided substantial evidence linking the threat actor to the malicious activities described. Their use of specific malware like RokRAT, coupled with distinct operational patterns, has led to the broad consensus in the cybersecurity community about their identity and activities. As such, InkySquid represents a significant cybersecurity threat with potential ties to state-sponsored activities.

Description last updated: 2023-10-11T01:30:12.904Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The ROKRAT Malware is associated with InkySquid. RokRAT is a form of malware that has been utilized in cyber-espionage campaigns primarily targeting South Korean entities. It is typically delivered via phishing emails containing ZIP file attachments, which contain LNK files disguised as Word documents. When the LNK file is activated, a PowerShell	has used	2

Source Document References

Information about the InkySquid Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Preview	Source Link	CreatedAt	Title
	MITRE	2 years ago	North Korean APT InkySquid Infects Victims Using Browser Exploits
	MITRE	2 years ago	North Korean BLUELIGHT Special: InkySquid Deploys RokRAT