ROKRAT Reloaded
released on 2017-11-28 @ 12:38:36 PM
Earlier this year, Talos published 2 articles concerning South Korean threats. The first one was about the use of a malicious HWP document which dropped downloaders used to retrieve malicious payloads on several compromised websites. One of the website was a compromised government website. We named this case "Evil New Years". The second one was about the analysis and discovery of the ROKRAT malware.