🚨SlowMist TI Alert🚨 A new variant of the #RoKRAT malware used by the #APT37 group has been identified — featuring advanced evasion tactics: 🔹Dual-layer XOR-encrypted shellcode injection 🔹Steganography: malicious code hidden in image files 🔹Fileless execution techniques 🔹Process injection via mspaint.exe and notepad.exe 🔹Cloud storage APIs (Dropbox, Yandex, pCloud) abused as C2 🔹DLL side-loading and multi-stage decoding logic Its techniques carry global relevance. Stay vigilant!⚠️ 📎Source: Genians Security Center 🔗https://www.genians.co.kr/en/blog/threat_intelligence/rokrat_shellcode_steganographic #APT #RoKRAT #CyberThreats #Malware #Threat(SlowMist)