LABScon Replay | InkySquid: The Missing Arsenal
Contents
InkySquid (aka Group123, APT37) is an infamous threat actor linked to North Korea that has been active for at least 10 years. This actor is known to use social engineering in order to breach targets and exploit n-day vulnerabilities in Hangul Word Processor (HWP), as well as browser-based technologies.
One of the most documented intrusion sets used by this actor is RoKRAT, a Windows RAT using cloud providers as C2 servers. In this presentation, Paul Rascagneres discusses a macOS port of RoKRAT. Paul describes the internal mechanisms and different espionage features of the malware, as well as built-in attempts to bypass macOS security features and embedded exploit code based on n-day exploits.
InkySquid: The Missing Arsenal: Audio automatically transcribed by Sonix
InkySquid: The Missing Arsenal: this mp4 audio file was automatically transcribed by Sonix with the best speech-to-text algorithms. This transcript may contain errors.
Speaker1:
Yeah. First of all, I'm really impressed to be here …
One of the most documented intrusion sets used by this actor is RoKRAT, a Windows RAT using cloud providers as C2 servers. In this presentation, Paul Rascagneres discusses a macOS port of RoKRAT. Paul describes the internal mechanisms and different espionage features of the malware, as well as built-in attempts to bypass macOS security features and embedded exploit code based on n-day exploits.
InkySquid: The Missing Arsenal: Audio automatically transcribed by Sonix
InkySquid: The Missing Arsenal: this mp4 audio file was automatically transcribed by Sonix with the best speech-to-text algorithms. This transcript may contain errors.
Speaker1:
Yeah. First of all, I'm really impressed to be here …