SYMBOLCOMMON_NAMEaka. SYNONYMS

APT37  (Back to overview)

aka: APT 37, ATK4, G0067, Group 123, Group123, InkySquid, Moldy Pisces, Operation Daybreak, Operation Erebus, Reaper, Reaper Group, Red Eyes, Ricochet Chollima, ScarCruft, Venus 121

APT37 has likely been active since at least 2012 and focuses on targeting the public and private sectors primarily in South Korea. In 2017, APT37 expanded its targeting beyond the Korean peninsula to include Japan, Vietnam and the Middle East, and to a wider range of industry verticals, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare entities


Associated Families
apk.chinotto apk.kevdroid win.poorweb win.unidentified_067 win.bluelight win.chinotto win.final1stspy win.freenki win.goldbackdoor win.nokki win.open_carrot win.poohmilk win.rokrat win.starcruft win.konni

References
2024-02-21DCSOJiro Minier, Johann Aydinbas, Kritika Roy, Olivia Hayward
To Russia With Love: Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer
Konni
2023-12-27Wezard4uSakai
Malicious code impersonating the National Tax Service created by Konni
Konni
2023-11-10NSFOCUSNSFOCUS
The New APT Group DarkCasino and the Global Surge in WinRAR 0-Day Exploits
Cobalt Strike Konni DarkCasino Opal Sleet
2023-09-250x0v1Ovi
REArchive: Reverse engineering APT37’s GOLDBACKDOOR dropper
GOLDBACKDOOR
2023-08-07SentinelOneAleksandar Milenkoski, Tom Hegel
Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company
OpenCarrot
2023-06-06Security IntelligenceAgnes Ramos-Beauchamp, Claire Zaboeva, Joshua Chung, Melissa Frydrych
ITG10 Likely Targeting South Korean Entities of Interest to the Democratic People’s Republic of Korea (DPRK)
RokRAT
2023-05-01Check Point ResearchCheck Point Research
Chain Reaction: RokRAT's Missing Link
Amadey RokRAT
2023-04-26AhnLabbghjmun
RokRAT Malware Distributed Through LNK Files (*.lnk): RedEyes (ScarCruft)
RokRAT
2023-03-28ThreatMonSeyit Sigirci (@h3xecute), ThreatMon Malware Research Team
Chinotto Backdoor Technical Analysis of the APT Reaper’s Powerful Weapon
Chinotto
2023-03-23Medium s2wlabBLKSMTH, S2W TALON
Scarcruft Bolsters Arsenal for targeting individual Android devices
RambleOn RokRAT
2023-03-21ZscalerNaveen Selvan, Sudeep Singh
The Unintentional Leak: A glimpse into the attack vectors of APT37
Chinotto
2023-03-16SekoiaThreat & Detection Research Team
Peeking at Reaper’s surveillance operations
Chinotto
2023-01-27ThorCERTDongwook Kim, Seulgi Lee, Taewoo Lee
TTPs #9: Analyzing Attack Strategies to Monitor Individuals' Daily Lives
Chinotto
2023-01-01ThreatMonSeyit Sigirci (@h3xecute), ThreatMon Malware Research Team
The Konni APT Chronicle: Tracing Their Intelligence-Driven Attack Chain
Konni
2023-01-01ThreatMonSeyit Sigirci (@h3xecute), ThreatMon Malware Research Team
Reverse Engineering RokRAT: A Closer Look at APT37’s Onedrive-Based Attack Vector
RokRAT
2022-12-05KISAKrCERT
TTPs#9: Analyzing the attack strategy monitoring the daily life of individuals
Chinotto
2022-09-28Twitter (@ESETresearch)ESET Research
Twitter Thread linking CloudMensis to RokRAT / ScarCruft
CloudMensis RokRAT
2022-09-06cocomelonccocomelonc
Malware development tricks: parent PID spoofing. Simple C++ example.
Cobalt Strike Konni
2022-07-23BleepingComputerBill Toulas
North Korean hackers attack EU targets with Konni RAT malware
Konni
2022-07-20Securonix Threat LabsD. Iuzvyk, O. Kolesnikov, T. Peck
STIFF#BIZON Detection Using Securonix – New Attack Campaign Observed Possibly Linked to Konni/APT37 (North Korea) - Securonix
Konni Opal Sleet
2022-07-18Palo Alto Networks Unit 42Unit 42
Moldy Pisces
RokRAT APT37
2022-05-02cocomelonccocomelonc
Malware development: persistence - part 3. COM DLL hijack. Simple C++ example
Agent.BTZ Ave Maria Konni Mosquito TurlaRPC
2022-04-28PWCPWC UK
Cyber Threats 2021: A Year in Retrospect (Annex)
Cobalt Strike Conti PlugX RokRAT Inception Framework Red Menshen
2022-04-21StairwellSilas Cutler
The ink-stained trail of GOLDBACKDOOR
GOLDBACKDOOR
2022-01-26MalwarebytesRoberto Santos
KONNI evolves into stealthier RAT
Konni
2022-01-12BleepingComputerIonut Ilascu
Hackers take over diplomat's email, target Russian deputy minister
Konni
2022-01-05LumenDanny Adamitis, Steve Rudd
New Konni Campaign Kicks Off the New Year by Targeting Russian Ministry of Foreign Affairs
Konni
2022-01-03Cluster25Cluster25
North Korean Group “KONNI” Targets The Russian Diplomatic Sector With New Versions Of Malware Implants
Konni
2021-12-06cybleCyble
APT37 Using a New Android Spyware, Chinotto
Chinotto
2021-11-29KasperskyGReAT
ScarCruft surveilling North Korean defectors and human rights activists
Chinotto Chinotto PoorWeb
2021-09-06cocomelonccocomelonc
AV engines evasion for C++ simple malware: part 2
Agent Tesla Amadey Anchor AnchorMTea Carbanak Carberp Cardinal RAT Felixroot Konni Loki Password Stealer (PWS) Maze
2021-08-24VolexityDamien Cash, Josh Grunzweig, Steven Adair, Thomas Lancaster
North Korean BLUELIGHT Special: InkySquid Deploys RokRAT
RokRAT
2021-08-20MalwarebytesHossein Jazi
New variant of Konni malware used in campaign targetting Russia
Konni
2021-08-17Volatility LabsDamien Cash, Josh Grunzweig, Matthew Meltzer, Steven Adair, Thomas Lancaster
North Korean APT37 / InkySquid Infects Victims Using Browser Exploits
BLUELIGHT APT37
2021-07-14Medium s2wlabJaeki Kim
Matryoshka : Variant of ROKRAT, APT37 (Scarcruft)
RokRAT
2021-02-18PTSecurityPTSecurity
https://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques/
Poet RAT Gravity RAT Ketrican Okrum OopsIE Remcos RogueRobinNET RokRAT SmokeLoader
2021-01-06MalwarebytesHossein Jazi
Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat
RokRAT
2020-12-15Trend MicroWilliam Gamazo Sanchez
Who is the Threat Actor Behind Operation Earth Kitsune?
Freenki Loader SLUB Earth Kitsune
2020-12-08AhnLabAhnLab ASEC Analysis Team
“「2021 평화∙통일 이야기 공모전」 참가 신청서” 제목의 한글문서 유포 (APT 추정)
PoorWeb
2020-11-16ReversingLabsRobert Simmons
PoorWeb - Hitching a Ride on Hangul
PoorWeb
2020-08-14Department of Homeland SecurityUS-CERT
Alert (AA20-227A): Phishing Emails Used to Deploy KONNI Malware
Konni
2020-06-16IBMIBM Security X-Force® Incident Responseand Intelligence Services (IRIS)
Cloud ThreatLandscape Report 2020
QNAPCrypt RokRAT
2020-05-21PICUS SecuritySüleyman Özarslan
T1055 Process Injection
BlackEnergy Cardinal RAT Downdelph Emotet Kazuar RokRAT SOUNDBITE
2020-03-30Kaspersky SASSeongsu Park
Behind the Mask of ScarCruft
RokRAT
2020-03-04CrowdStrikeCrowdStrike
2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER
2020-03-03PWC UKPWC UK
Cyber Threats 2019:A Year in Retrospect
KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle
2020-02-19LexfoLexfo
The Lazarus Constellation A study on North Korean malware
FastCash AppleJeus BADCALL Bankshot Brambul Dtrack Duuzer DYEPACK ELECTRICFISH HARDRAIN Hermes HOPLIGHT Joanap KEYMARBLE Kimsuky MimiKatz MyDoom NACHOCHEESE NavRAT PowerRatankba RokRAT Sierra(Alfa,Bravo, ...) Volgmer WannaCryptor
2020-01-27CyberIntCyberInt
Konni Malware 2019 Campaign
Konni
2020-01-04Medium d-hunterDoron Karmi
A Look Into Konni 2019 Campaign
Konni
2019-10-28TencentTencent
Analysis of Suspected Group123 (APT37) Attacks on Chinese and Korean Foreign Traders
Unidentified 067
2019-08-19EST SecurityEast Security Response Center
Konni APT organization emerges as an attack disguised as Russian document
Konni
2019-08-12Kindred SecurityKindred Security
An Overview of Public Platform C2’s
HTML5 Encoding LOWBALL Makadocs MiniDuke RogueRobinNET RokRAT
2019-08-01Kaspersky LabsGReAT
APT trends report Q2 2019
ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy
2019-05-13Kaspersky LabsGReAT
ScarCruft continues to evolve, introduces Bluetooth harvester
Konni RokRAT UACMe APT37
2019-05-10FortiguardFortiGuard
Activity Summary - Week Ending May 10, 2019
PoorWeb
2019-01-01MITREMITRE ATT&CK
Group description: APT37
APT37
2019-01-01Council on Foreign RelationsCyber Operations Tracker
APT 37
APT37
2018-11-16Kim Yejun
Return to ROKRAT!! (feat. FAAAA...Sad...)
RokRAT
2018-10-03IntezerJay Rosenberg
APT37: Final1stspy Reaping the FreeMilk
Final1stSpy RokRAT
2018-10-01Palo Alto Networks Unit 42Josh Grunzweig
NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT
Nokki
2018-10-01Bleeping ComputerIonut Ilascu
Report Ties North Korean Attacks to New Malware, Linked by Word Macros
APT37
2018-09-27Palo Alto Networks Unit 42Bryan Lee, Josh Grunzweig
New KONNI Malware attacking Eurasia and Southeast Asia
Nokki
2018-07-10Kaspersky LabsGReAT
APT Trends Report Q2 2018
LightNeuron PoorWeb
2018-04-05Palo Alto Networks Unit 42Ruchna Nigam
Reaper Group’s Updated Mobile Arsenal
KevDroid
2018-04-02Cisco TalosJungsoo An, Paul Rascagnères, Vitor Ventura, Warren Mercer
Fake AV Investigation Unearths KevDroid, New Android Malware
KevDroid PubNubRAT
2018-02-27VMWare Carbon BlackJared Myers
Threat Analysis: ROKRAT Malware
RokRAT
2018-02-21Twitter (@mstoned7)CHA Minseok
Tweet on DPRK APT groups
APT37
2018-02-20FireEyeFireEye
APT37 (REAPER) The Overlooked North Korean Actor
PoorWeb RokRAT APT37
2018-02-20FireEyeFireEye
APT37 (Reaper): The Overlooked North Korean Actor
APT37
2018-01-16Cisco TalosPaul Rascagnères, Warren Mercer
Korea In The Crosshairs
Freenki Loader RokRAT APT37
2018-01-16Cisco TalosJungsoo An, Paul Rascagnères, Warren Mercer
Korea In The Crosshairs
Freenki Loader PoohMilk Loader RokRAT APT37
2017-11-28CiscoJungsoo An, Paul Rascagnères, Warren Mercer
ROKRAT Reloaded
RokRAT
2017-10-05Palo Alto Networks Unit 42Esmid Idrizovic, Juan Cortes
FreeMilk: A Highly Targeted Spear Phishing Campaign
Freenki Loader PoohMilk Loader
2017-10-05Palo Alto Networks Unit 42Esmid Idrizovic, Juan Cortes
FreeMilk: A Highly Targeted Spear Phishing Campaign
APT37
2017-08-15FortinetJasper Manuel
A Quick Look at a New KONNI RAT Variant
Konni
2017-07-06Cisco TalosPaul Rascagnères
New KONNI Campaign References North Korean Missile Capabilities
Konni
2017-07-01vallejo.ccvallejocc
Analysis of new variant of Konni RAT
Konni
2017-05-03Cisco TalosPaul Rascagnères
KONNI: A Malware Under The Radar For Years
Konni
2017-04-03Cisco TalosMatthew Molyett, Paul Rascagnères, Warren Mercer
Introducing ROKRAT
RokRAT
2017-01-01Cisco TalosPaul Rascagnères, Warren Mercer
Introducing ROKRAT
RokRAT
2016-06-17Kaspersky LabsAnton Ivanov, Costin Raiu
Operation Daybreak
StarCruft APT37
2016-06-17ThreatpostMichael Mimoso
ScarCruft APT Group Used Latest Flash Zero Day in Two Dozen Attacks
APT37
2016-06-14Kaspersky LabsCostin Raiu
CVE-2016-4171 – Adobe Flash Zero-day used in targeted attacks
APT37

Credits: MISP Project