Everyday is lazarus.dayβ

RE:archive | APT37's ROKRAT HWP Object Linking and Embedding

2024-03-01, 0x0v1
#APT37 #RokRAT


Please note: The sample covered in this report is from 2022. I have covered this sample for archiving purposes and does not pertain to a known recent threat campaign, though the techniques covered may still apply.
This project, aims to cover the reverse engineering of malware and exploits of historic or prior campaigns by APT groups. Of course, were possible, I want to cover malware and exploits of current samples, but sometimes this is not possible. Either, it's too sensitive to disclose, it wasn't found in my network of people or the sample has not been published. So much of content produced by TI corporations on malware samples is either high-level, abstracted or sometimes does not disclose samples for reverse engineering. Along my travels, I'm often revisiting old samples to understand TTPs or evolutions. Retrohunting, is also retroreverse engineering I say.
I came across this brief report I wrote back in 2022 …

[email protected]