Share this page!

Enter Twitter Thread URL to Unroll

Needs to be the full URL like: https://twitter.com/threadreaderapp/status/1644127596119195649

How to get URL link on Twitter App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Twitter author Profile picture
@unknown
Apr 12 6 tweets 3 min read Twitter logo Read on Twitter
We’ve identified further, clear connections between #RambleOn Android malware and #APT37.

In 2022 we uncovered a new novel Android malware campaign targeting journalists working on the advocacy of NK human rights at @nknewsorg.

Ref: interlab.or.kr/archives/2567

🧵1/6
Last month @S2W_Official published additional research on #RambleOn, finding other variants of it and highlighting code similarities between a 2017 campaign operated by #APT37 which used a Android variant of #Rokrat Malware

2/6
Note: @S2W_Official Renamed RambleOn malware to Culumus. Reasons for which are unknown.

3/6
After some additional research and historic sample gathering, we have identified a clear and progressive iteration of #ROKRAT Malware evolving into being used as the stage two payload in #RambleOn starting in 2018.

4/6
In addition, we’ve found near exact code correlations between these payloads progressively from 2017 till 2023.

5/6
Next week we will release these findings. We are confident that based on these that RambleOn has been an operation of APT37 and began by evolving ROKRAT in 2018.

6/6

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Twitter author

Twitter author Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @

Twitter author Profile picture
Apr 13
@hypen1117 Hey Hypen. Thanks kindly for your message. Great to have civil discussion on it! Like I said, I don’t think it really matters. I value your teams research more than this matter, you have done a great thing to society by finding differing versions of RambleOn 1/
@hypen1117 Our analysis was a finding of novel malware that was impacting journalists at that present moment. We found RambleOn then imminently went to work on working with big tech to implement detections and mitigations for it, to better defend society and those at risk 2/
@hypen1117 We didn’t intent to perform a retro hunt at that time, we haven’t the resources for that. So, at that time, we hadn’t had scope of previous versions or correlation with other samples. Your teams research did this, which is amazing and an honorary effort to society 3/
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(