This blog was authored byWarren MercerandPaul Rascagnereswith contributions fromMatthew Molyett.
A few weeks ago, Talos published research on aKorean MalDoc. As we previously discussed this actor is quick to cover their tracks and very quickly cleaned up their compromised hosts. We believe the compromised infrastructure was live for a mere matter of hours during any campaign. We identified a new campaign, again leveraging a malicious Hangul Word Processor (HWP) document. After analyzing the final payload, we determined the winner was... a Remote Administration Tool, which we have named ROKRAT.
Read More >>