RokRAT

Description

(Carbon Black) ROKRAT is a Remote Access Trojan (RAT). ROKRAT provides attackers with numerous capabilities to introduce additional tools and malware onto a network, exfiltrate data, harvest credentials, as well as capture screenshots of the victim system. The latest variants of ROKRAT use internet cloud solutions such as PCloud, Dropbox, and Yandex as a command and control (C2) channel.

Names

Name
RokRAT

Type

Reconnaissance
Backdoor
Keylogger
Credential stealer
Info stealer
Exfiltration
Downloader

Information

https://www.carbonblack.com/2018/02/27/threat-analysis-rokrat-malware/
http://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/002/191/original/Talos_RokRatWhitePaper.pdf
http://blog.talosintelligence.com/2017/04/introducing-rokrat.html
http://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html
https://www.intezer.com/apt37-final1stspy-reaping-the-freemilk/
http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/rokrat-analysis/
https://research.checkpoint.com/2023/chain-reaction-rokrats-missing-link/
https://threatmon.io/reverse-engineering-rokrat-a-closer-look-at-apt37s-onedrive-based-attack-vector/

Mitre Attack

https://attack.mitre.org/software/S0240/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.rokrat

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:ROKRAT

Other Information

Uuid

1339c5d9-ed14-42ef-b70d-58de896c5d42

Last Card Change

2023-06-21

Threat Intelligence Garden

Explorer

RokRAT

RokRAT

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks