APT37
Aliases: InkySquid, ScarCruft, Reaper, Group123, TEMP.Reaper, Ricochet Chollima
APT37 is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also in Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and other parts of the Middle East. APT37 has also been linked to the following campaigns between 2016-2018: Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, Are you Happy?, FreeMilk, North Korean Human Rights, and Evil New Year 2018. North Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name Lazarus Group instead of tracking clusters or subgroups.
Open interactive actor investigation
ATT&CK techniques
Registry Run Keys / Startup FolderT1120
Peripheral Device DiscoveryT1059.006
PythonT1105
Ingress Tool TransferT1071.001
Web ProtocolsT1027.003
SteganographyT1102.002
Bidirectional CommunicationT1082
System Information DiscoveryT1204.002
Malicious FileT1036.001
Invalid Code SignatureT1548.002
Bypass User Account ControlT1033
System Owner/User DiscoveryT1555.003
Credentials from Web BrowsersT1529
System Shutdown/RebootT1005
Data from Local SystemT1559.002
Dynamic Data ExchangeT1106
Native APIT1203
Exploitation for Client ExecutionT1055
Process InjectionT1027
Obfuscated Files or InformationT1189
Drive-by CompromiseT1057
Process DiscoveryT1059
Command and Scripting InterpreterT1059.003
Windows Command ShellT1566.001
Spearphishing AttachmentT1123
Audio CaptureT1059.005
Visual BasicT1053.005
Scheduled TaskT1561.002
Disk Structure Wipe