IOC pivotioc · sha-256
b3de3f9309b2f320738772353eb724a0782a1fc2c912483c036c303389307e2e
KP · DPRKAPT37confidence · high
RokRAT (DOGCALL) backdoor sample documented by Cisco Talos in 'ROKRAT Reloaded' (November 2017). RokRAT abuses legitimate cloud services (pCloud, Box, Dropbox, Yandex) as C2 and is consistently attributed to APT37 / ScarCruft / Reaper / Group 123 (DPRK MSS).
- family
- RokRAT
- first seen
- Nov 15, 2017
- publisher
- Cisco Talos