aka: APT 37, Group 123, Group123, InkySquid, Operation Daybreak, Operation Erebus, Reaper Group, Reaper, Red Eyes, Ricochet Chollima, ScarCruft, Venus 121, ATK4, G0067, Moldy Pisces
APT37 has likely been active since at least 2012 and focuses on targeting the public and private sectors primarily in South Korea. In 2017, APT37 expanded its targeting beyond the Korean peninsula to include Japan, Vietnam and the Middle East, and to a wider range of industry verticals, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare entities
2022-07-18 ⋅ Palo Alto Networks Unit 42 ⋅ Unit 42
@online{42:20220718:moldy:593ab77,
author = {Unit 42},
title = {{Moldy Pisces}},
date = {2022-07-18},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/atoms/moldypisces/},
language = {English},
urldate = {2022-07-29}
}
Moldy Pisces
RokRAT APT37 |
2022-04-28 ⋅ PWC ⋅ PWC UK
@techreport{uk:20220428:cyber:c43873f,
author = {PWC UK},
title = {{Cyber Threats 2021: A Year in Retrospect (Annex)}},
date = {2022-04-28},
institution = {PWC},
url = {https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-annex-download.pdf},
language = {English},
urldate = {2022-04-29}
}
Cyber Threats 2021: A Year in Retrospect (Annex)
Cobalt Strike Conti PlugX RokRAT Inception Framework Red Menshen |
2021-12-06 ⋅ cyble ⋅ Cyble
@online{cyble:20211206:apt37:e9b1bba,
author = {Cyble},
title = {{APT37 Using a New Android Spyware, Chinotto}},
date = {2021-12-06},
organization = {cyble},
url = {https://blog.cyble.com/2021/12/06/apt37-using-a-new-android-spyware-chinotto/},
language = {English},
urldate = {2021-12-07}
}
APT37 Using a New Android Spyware, Chinotto
Chinotto |
2021-11-29 ⋅ Kaspersky ⋅ GReAT
@online{great:20211129:scarcruft:986e7f4,
author = {GReAT},
title = {{ScarCruft surveilling North Korean defectors and human rights activists}},
date = {2021-11-29},
organization = {Kaspersky},
url = {https://securelist.com/scarcruft-surveilling-north-korean-defectors-and-human-rights-activists/105074/},
language = {English},
urldate = {2021-12-07}
}
ScarCruft surveilling North Korean defectors and human rights activists
Chinotto Chinotto PoorWeb |
2021-08-24 ⋅ Volexity ⋅ Damien Cash, Josh Grunzweig, Steven Adair, Thomas Lancaster
@online{cash:20210824:north:aab532f,
author = {Damien Cash and Josh Grunzweig and Steven Adair and Thomas Lancaster},
title = {{North Korean BLUELIGHT Special: InkySquid Deploys RokRAT}},
date = {2021-08-24},
organization = {Volexity},
url = {https://www.volexity.com/blog/2021/08/24/north-korean-bluelight-special-inkysquid-deploys-rokrat/},
language = {English},
urldate = {2021-08-31}
}
North Korean BLUELIGHT Special: InkySquid Deploys RokRAT
RokRAT |
2021-08-17 ⋅ Volatility Labs ⋅ Damien Cash, Josh Grunzweig, Matthew Meltzer, Steven Adair, Thomas Lancaster
@online{cash:20210817:north:e84fb02,
author = {Damien Cash and Josh Grunzweig and Matthew Meltzer and Steven Adair and Thomas Lancaster},
title = {{North Korean APT37 / InkySquid Infects Victims Using Browser Exploits}},
date = {2021-08-17},
organization = {Volatility Labs},
url = {https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/},
language = {English},
urldate = {2021-08-20}
}
North Korean APT37 / InkySquid Infects Victims Using Browser Exploits
APT37 |
2021-07-14 ⋅ Medium s2wlab ⋅ Jaeki Kim
@online{kim:20210714:matryoshka:6c8d267,
author = {Jaeki Kim},
title = {{Matryoshka : Variant of ROKRAT, APT37 (Scarcruft)}},
date = {2021-07-14},
organization = {Medium s2wlab},
url = {https://medium.com/s2wlab/matryoshka-variant-of-rokrat-apt37-scarcruft-69774ea7bf48},
language = {English},
urldate = {2021-07-20}
}
Matryoshka : Variant of ROKRAT, APT37 (Scarcruft)
RokRAT |
2021-05-07 ⋅ TEAMT5 ⋅ Jhih-Lin Kuo, Zih-Cing Liao
@techreport{kuo:20210507:we:cd620c1,
author = {Jhih-Lin Kuo and Zih-Cing Liao},
title = {{"We Are About to Land": How CloudDragon Turns a Nightmare Into Reality}},
date = {2021-05-07},
institution = {TEAMT5},
url = {https://i.blackhat.com/asia-21/Friday-Handouts/as-21-Kuo-We-Are-About-To-Land-How-CloudDragon-Turns-A-Nightmare-Into-Reality.pdf},
language = {English},
urldate = {2021-09-14}
}
"We Are About to Land": How CloudDragon Turns a Nightmare Into Reality
FlowerPower Appleseed BabyShark GoldDragon NavRAT |
2021-02-18 ⋅ PTSecurity ⋅ PTSecurity
@online{ptsecurity:20210218:httpswwwptsecuritycomwwenanalyticsantisandboxtechniques:d616c1f,
author = {PTSecurity},
title = {{https://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques/}},
date = {2021-02-18},
organization = {PTSecurity},
url = {https://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques/},
language = {English},
urldate = {2021-02-25}
}
https://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques/
Poet RAT Gravity RAT Ketrican Okrum OopsIE Remcos RogueRobinNET RokRAT SmokeLoader |
2021-01-06 ⋅ Malwarebytes ⋅ Hossein Jazi
@online{jazi:20210106:retrohunting:65f1492,
author = {Hossein Jazi},
title = {{Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat}},
date = {2021-01-06},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2021/01/retrohunting-apt37-north-korean-apt-used-vba-self-decode-technique-to-inject-rokrat/},
language = {English},
urldate = {2021-01-11}
}
Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat
RokRAT |
2020-12-15 ⋅ Trend Micro ⋅ William Gamazo Sanchez
@online{sanchez:20201215:who:c723930,
author = {William Gamazo Sanchez},
title = {{Who is the Threat Actor Behind Operation Earth Kitsune?}},
date = {2020-12-15},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/20/l/who-is-the-threat-actor-behind-operation-earth-kitsune-.html},
language = {English},
urldate = {2020-12-16}
}
Who is the Threat Actor Behind Operation Earth Kitsune?
Freenki Loader SLUB |
2020-12-08 ⋅ AhnLab ⋅ AhnLab ASEC Analysis Team
@online{team:20201208:2021:e29d0dc,
author = {AhnLab ASEC Analysis Team},
title = {{“「2021 평화∙통일 이야기 공모전」 참가 신청서” 제목의 한글문서 유포 (APT 추정)}},
date = {2020-12-08},
organization = {AhnLab},
url = {https://asec.ahnlab.com/ko/18796/},
language = {Korean},
urldate = {2020-12-14}
}
“「2021 평화∙통일 이야기 공모전」 참가 신청서” 제목의 한글문서 유포 (APT 추정)
PoorWeb |
2020-11-16 ⋅ ReversingLabs ⋅ Robert Simmons
@online{simmons:20201116:poorweb:ef09841,
author = {Robert Simmons},
title = {{PoorWeb - Hitching a Ride on Hangul}},
date = {2020-11-16},
organization = {ReversingLabs},
url = {https://blog.reversinglabs.com/blog/poorweb-exploiting-document-formats},
language = {English},
urldate = {2020-11-18}
}
PoorWeb - Hitching a Ride on Hangul
PoorWeb |
2020-06-16 ⋅ IBM ⋅ IBM Security X-Force® Incident Responseand Intelligence Services (IRIS)
@online{iris:20200616:cloud:e15a0d5,
author = {IBM Security X-Force® Incident Responseand Intelligence Services (IRIS)},
title = {{Cloud ThreatLandscape Report 2020}},
date = {2020-06-16},
organization = {IBM},
url = {https://www.ibm.com/downloads/cas/Z81AVOY7},
language = {English},
urldate = {2020-06-17}
}
Cloud ThreatLandscape Report 2020
QNAPCrypt RokRAT |
2020-05-21 ⋅ PICUS Security ⋅ Süleyman Özarslan
@online{zarslan:20200521:t1055:4400f98,
author = {Süleyman Özarslan},
title = {{T1055 Process Injection}},
date = {2020-05-21},
organization = {PICUS Security},
url = {https://www.picussecurity.com/blog/picus-10-critical-mitre-attck-techniques-t1055-process-injection},
language = {English},
urldate = {2020-06-03}
}
T1055 Process Injection
BlackEnergy Cardinal RAT Downdelph Emotet Kazuar RokRAT SOUNDBITE |
2020-03-30 ⋅ Kaspersky SAS ⋅ Seongsu Park
@techreport{park:20200330:behind:7c5548e,
author = {Seongsu Park},
title = {{Behind the Mask of ScarCruft}},
date = {2020-03-30},
institution = {Kaspersky SAS},
url = {https://github.com/ssp4rk/slides/blob/master/2019SAS_Behind_of_the_Mask_of_ScarCruft.pdf},
language = {English},
urldate = {2020-03-31}
}
Behind the Mask of ScarCruft
RokRAT |
2020-03-04 ⋅ CrowdStrike ⋅ CrowdStrike
@techreport{crowdstrike:20200304:2020:818c85f,
author = {CrowdStrike},
title = {{2020 CrowdStrike Global Threat Report}},
date = {2020-03-04},
institution = {CrowdStrike},
url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf},
language = {English},
urldate = {2020-07-24}
}
2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
2020-03-03 ⋅ PWC UK ⋅ PWC UK
@techreport{uk:20200303:cyber:1f1eef0,
author = {PWC UK},
title = {{Cyber Threats 2019:A Year in Retrospect}},
date = {2020-03-03},
institution = {PWC UK},
url = {https://www.pwc.co.uk/cyber-security/assets/cyber-threats-2019-retrospect.pdf},
language = {English},
urldate = {2020-03-03}
}
Cyber Threats 2019:A Year in Retrospect
KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA |
2020-02-19 ⋅ Lexfo ⋅ Lexfo
@techreport{lexfo:20200219:lazarus:f293c37,
author = {Lexfo},
title = {{The Lazarus Constellation A study on North Korean malware}},
date = {2020-02-19},
institution = {Lexfo},
url = {https://blog.lexfo.fr/ressources/Lexfo-WhitePaper-The_Lazarus_Constellation.pdf},
language = {English},
urldate = {2020-03-11}
}
The Lazarus Constellation A study on North Korean malware
FastCash AppleJeus BADCALL Bankshot Brambul Dtrack Duuzer DYEPACK ELECTRICFISH HARDRAIN Hermes HOPLIGHT Joanap KEYMARBLE Kimsuky MimiKatz MyDoom NACHOCHEESE NavRAT PowerRatankba RokRAT Sierra(Alfa,Bravo, ...) Volgmer WannaCryptor |
2019-10-28 ⋅ Tencent ⋅ Tencent
@online{tencent:20191028:analysis:094d588,
author = {Tencent},
title = {{Analysis of Suspected Group123 (APT37) Attacks on Chinese and Korean Foreign Traders}},
date = {2019-10-28},
organization = {Tencent},
url = {https://s.tencent.com/research/report/831.html},
language = {Chinese},
urldate = {2019-12-18}
}
Analysis of Suspected Group123 (APT37) Attacks on Chinese and Korean Foreign Traders
Unidentified 067 |
2019-08-12 ⋅ Kindred Security ⋅ Kindred Security
@online{security:20190812:overview:0726c0a,
author = {Kindred Security},
title = {{An Overview of Public Platform C2’s}},
date = {2019-08-12},
organization = {Kindred Security},
url = {https://kindredsec.wordpress.com/2019/08/12/an-overview-of-public-platform-c2s/},
language = {English},
urldate = {2021-07-20}
}
An Overview of Public Platform C2’s
HTML5 Encoding LOWBALL Makadocs MiniDuke RogueRobinNET RokRAT |
2019-08-01 ⋅ Kaspersky Labs ⋅ GReAT
@online{great:20190801:trends:5e25d5b,
author = {GReAT},
title = {{APT trends report Q2 2019}},
date = {2019-08-01},
organization = {Kaspersky Labs},
url = {https://securelist.com/apt-trends-report-q2-2019/91897/},
language = {English},
urldate = {2020-08-13}
}
APT trends report Q2 2019
ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy |
2019-05-13 ⋅ Kaspersky Labs ⋅ GReAT
@online{great:20190513:scarcruft:eb8bb1c,
author = {GReAT},
title = {{ScarCruft continues to evolve, introduces Bluetooth harvester}},
date = {2019-05-13},
organization = {Kaspersky Labs},
url = {https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/},
language = {English},
urldate = {2019-12-20}
}
ScarCruft continues to evolve, introduces Bluetooth harvester
Konni RokRAT UACMe APT37 |
2019-05-10 ⋅ Fortiguard ⋅ FortiGuard
@online{fortiguard:20190510:activity:4b58c05,
author = {FortiGuard},
title = {{Activity Summary - Week Ending May 10, 2019}},
date = {2019-05-10},
organization = {Fortiguard},
url = {https://fortiguard.com/resources/threat-brief/2019/05/10/fortiguard-threat-intelligence-brief-may-10-2019},
language = {English},
urldate = {2019-11-28}
}
Activity Summary - Week Ending May 10, 2019
PoorWeb |
2019-02-25 ⋅ One Night in Norfolk ⋅ Kevin Perlow
@online{perlow:20190225:how:d4a68d6,
author = {Kevin Perlow},
title = {{How To: Analyzing a Malicious Hangul Word Processor Document from a DPRK Threat Actor Group}},
date = {2019-02-25},
organization = {One Night in Norfolk},
url = {https://norfolkinfosec.com/how-to-analyzing-a-malicious-hangul-word-processor-document-from-a-dprk-threat-actor-group/},
language = {English},
urldate = {2020-05-19}
}
How To: Analyzing a Malicious Hangul Word Processor Document from a DPRK Threat Actor Group
NavRAT |
2019 ⋅ Council on Foreign Relations ⋅ Cyber Operations Tracker
@online{tracker:2019:37:fade066,
author = {Cyber Operations Tracker},
title = {{APT 37}},
date = {2019},
organization = {Council on Foreign Relations},
url = {https://www.cfr.org/interactive/cyber-operations/apt-37},
language = {English},
urldate = {2019-12-20}
}
APT 37
APT37 |
2019 ⋅ MITRE ⋅ MITRE ATT&CK
@online{attck:2019:apt37:b488fef,
author = {MITRE ATT&CK},
title = {{Group description: APT37}},
date = {2019},
organization = {MITRE},
url = {https://attack.mitre.org/groups/G0067/},
language = {English},
urldate = {2019-12-20}
}
Group description: APT37
APT37 |
2018-11-16 ⋅ Kim Yejun
@online{yejun:20181116:return:31caa6a,
author = {Kim Yejun},
title = {{Return to ROKRAT!! (feat. FAAAA...Sad...)}},
date = {2018-11-16},
url = {http://v3lo.tistory.com/24},
language = {Japanese},
urldate = {2019-11-26}
}
Return to ROKRAT!! (feat. FAAAA...Sad...)
RokRAT |
2018-10-03 ⋅ Intezer ⋅ Jay Rosenberg
@online{rosenberg:20181003:apt37:93a9100,
author = {Jay Rosenberg},
title = {{APT37: Final1stspy Reaping the FreeMilk}},
date = {2018-10-03},
organization = {Intezer},
url = {https://www.intezer.com/apt37-final1stspy-reaping-the-freemilk/},
language = {English},
urldate = {2020-01-09}
}
APT37: Final1stspy Reaping the FreeMilk
Final1stSpy RokRAT |
2018-10-01 ⋅ Palo Alto Networks Unit 42 ⋅ Josh Grunzweig
@online{grunzweig:20181001:nokki:b458c95,
author = {Josh Grunzweig},
title = {{NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT}},
date = {2018-10-01},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2018/10/unit42-nokki-almost-ties-the-knot-with-dogcall-reaper-group-uses-new-malware-to-deploy-rat/},
language = {English},
urldate = {2019-12-20}
}
NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT
Nokki |
2018-10-01 ⋅ Bleeping Computer ⋅ Ionut Ilascu
@online{ilascu:20181001:report:67e6316,
author = {Ionut Ilascu},
title = {{Report Ties North Korean Attacks to New Malware, Linked by Word Macros}},
date = {2018-10-01},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/report-ties-north-korean-attacks-to-new-malware-linked-by-word-macros/},
language = {English},
urldate = {2019-12-20}
}
Report Ties North Korean Attacks to New Malware, Linked by Word Macros
APT37 |
2018-09-27 ⋅ Palo Alto Networks Unit 42 ⋅ Josh Grunzweig, Bryan Lee
@online{grunzweig:20180927:new:d33c053,
author = {Josh Grunzweig and Bryan Lee},
title = {{New KONNI Malware attacking Eurasia and Southeast Asia}},
date = {2018-09-27},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/},
language = {English},
urldate = {2019-12-20}
}
New KONNI Malware attacking Eurasia and Southeast Asia
Nokki |
2018-07-10 ⋅ Kaspersky Labs ⋅ GReAT
@online{great:20180710:trends:4651c7b,
author = {GReAT},
title = {{APT Trends Report Q2 2018}},
date = {2018-07-10},
organization = {Kaspersky Labs},
url = {https://securelist.com/apt-trends-report-q2-2018/86487/},
language = {English},
urldate = {2019-12-20}
}
APT Trends Report Q2 2018
LightNeuron PoorWeb |
2018-05-31 ⋅ Cisco Talos ⋅ Warren Mercer, Paul Rascagnères, Jungsoo An
@online{mercer:20180531:navrat:bf68765,
author = {Warren Mercer and Paul Rascagnères and Jungsoo An},
title = {{NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea}},
date = {2018-05-31},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2018/05/navrat.html?m=1},
language = {English},
urldate = {2020-01-08}
}
NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea
NavRAT |
2018-04-05 ⋅ Palo Alto Networks Unit 42 ⋅ Ruchna Nigam
@online{nigam:20180405:reaper:d4da0f8,
author = {Ruchna Nigam},
title = {{Reaper Group’s Updated Mobile Arsenal}},
date = {2018-04-05},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2018/04/unit42-reaper-groups-updated-mobile-arsenal/},
language = {English},
urldate = {2019-12-20}
}
Reaper Group’s Updated Mobile Arsenal
KevDroid |
2018-04-02 ⋅ Cisco Talos ⋅ Warren Mercer, Paul Rascagnères, Vitor Ventura, Jungsoo An
@online{mercer:20180402:fake:f803f5b,
author = {Warren Mercer and Paul Rascagnères and Vitor Ventura and Jungsoo An},
title = {{Fake AV Investigation Unearths KevDroid, New Android Malware}},
date = {2018-04-02},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2018/04/fake-av-investigation-unearths-kevdroid.html},
language = {English},
urldate = {2020-01-06}
}
Fake AV Investigation Unearths KevDroid, New Android Malware
KevDroid PubNubRAT |
2018-02-27 ⋅ VMWare Carbon Black ⋅ Jared Myers
@online{myers:20180227:threat:11a58a0,
author = {Jared Myers},
title = {{Threat Analysis: ROKRAT Malware}},
date = {2018-02-27},
organization = {VMWare Carbon Black},
url = {https://www.carbonblack.com/2018/02/27/threat-analysis-rokrat-malware/},
language = {English},
urldate = {2019-10-23}
}
Threat Analysis: ROKRAT Malware
RokRAT |
2018-02-21 ⋅ Twitter (@mstoned7) ⋅ CHA Minseok
@online{minseok:20180221:dprk:5de56c6,
author = {CHA Minseok},
title = {{Tweet on DPRK APT groups}},
date = {2018-02-21},
organization = {Twitter (@mstoned7)},
url = {https://twitter.com/mstoned7/status/966126706107953152},
language = {English},
urldate = {2020-01-09}
}
Tweet on DPRK APT groups
APT37 |
2018-02-20 ⋅ FireEye ⋅ FireEye
@techreport{fireeye:20180220:apt37:bc54ada,
author = {FireEye},
title = {{APT37 (REAPER) The Overlooked North Korean Actor}},
date = {2018-02-20},
institution = {FireEye},
url = {https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf},
language = {English},
urldate = {2021-11-03}
}
APT37 (REAPER) The Overlooked North Korean Actor
PoorWeb RokRAT APT37 |
2018-02-20 ⋅ FireEye ⋅ FireEye
@online{fireeye:20180220:apt37:2ca8466,
author = {FireEye},
title = {{APT37 (Reaper): The Overlooked North Korean Actor}},
date = {2018-02-20},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2018/02/apt37-overlooked-north-korean-actor.html},
language = {English},
urldate = {2019-12-20}
}
APT37 (Reaper): The Overlooked North Korean Actor
APT37 |
2018-01-16 ⋅ Cisco Talos ⋅ Warren Mercer, Paul Rascagnères
@online{mercer:20180116:korea:02f4c3c,
author = {Warren Mercer and Paul Rascagnères},
title = {{Korea In The Crosshairs}},
date = {2018-01-16},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html},
language = {English},
urldate = {2020-04-06}
}
Korea In The Crosshairs
Freenki Loader RokRAT APT37 |
2018-01-16 ⋅ Cisco Talos ⋅ Warren Mercer, Paul Rascagnères, Jungsoo An
@online{mercer:20180116:korea:f462331,
author = {Warren Mercer and Paul Rascagnères and Jungsoo An},
title = {{Korea In The Crosshairs}},
date = {2018-01-16},
organization = {Cisco Talos},
url = {http://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html},
language = {English},
urldate = {2020-01-06}
}
Korea In The Crosshairs
Freenki Loader PoohMilk Loader RokRAT APT37 |
2017-11-28 ⋅ Cisco ⋅ Warren Mercer, Paul Rascagnères, Jungsoo An
@online{mercer:20171128:rokrat:dec34fb,
author = {Warren Mercer and Paul Rascagnères and Jungsoo An},
title = {{ROKRAT Reloaded}},
date = {2017-11-28},
organization = {Cisco},
url = {http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html},
language = {English},
urldate = {2019-11-22}
}
ROKRAT Reloaded
RokRAT |
2017-10-05 ⋅ Palo Alto Networks Unit 42 ⋅ Juan Cortes, Esmid Idrizovic
@online{cortes:20171005:freemilk:1c7eb5d,
author = {Juan Cortes and Esmid Idrizovic},
title = {{FreeMilk: A Highly Targeted Spear Phishing Campaign}},
date = {2017-10-05},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/unit42-freemilk-highly-targeted-spear-phishing-campaign/},
language = {English},
urldate = {2020-01-08}
}
FreeMilk: A Highly Targeted Spear Phishing Campaign
APT37 |
2017-10-05 ⋅ Palo Alto Networks Unit 42 ⋅ Juan Cortes, Esmid Idrizovic
@online{cortes:20171005:freemilk:a929f1b,
author = {Juan Cortes and Esmid Idrizovic},
title = {{FreeMilk: A Highly Targeted Spear Phishing Campaign}},
date = {2017-10-05},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/},
language = {English},
urldate = {2019-12-20}
}
FreeMilk: A Highly Targeted Spear Phishing Campaign
Freenki Loader PoohMilk Loader |
2017-04-03 ⋅ Cisco Talos ⋅ Warren Mercer, Paul Rascagnères, Matthew Molyett
@online{mercer:20170403:introducing:d17f359,
author = {Warren Mercer and Paul Rascagnères and Matthew Molyett},
title = {{Introducing ROKRAT}},
date = {2017-04-03},
organization = {Cisco Talos},
url = {http://blog.talosintelligence.com/2017/04/introducing-rokrat.html},
language = {English},
urldate = {2020-01-09}
}
Introducing ROKRAT
RokRAT |
2017 ⋅ Cisco Talos ⋅ Warren Mercer, Paul Rascagnères
@techreport{mercer:2017:introducing:04e2ff1,
author = {Warren Mercer and Paul Rascagnères},
title = {{Introducing ROKRAT}},
date = {2017},
institution = {Cisco Talos},
url = {http://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/002/191/original/Talos_RokRatWhitePaper.pdf},
language = {English},
urldate = {2019-12-20}
}
Introducing ROKRAT
RokRAT |
2016-06-17 ⋅ Kaspersky Labs ⋅ Costin Raiu, Anton Ivanov
@online{raiu:20160617:operation:2dfcedd,
author = {Costin Raiu and Anton Ivanov},
title = {{Operation Daybreak}},
date = {2016-06-17},
organization = {Kaspersky Labs},
url = {https://securelist.com/operation-daybreak/75100/},
language = {English},
urldate = {2019-12-20}
}
Operation Daybreak
StarCruft APT37 |
2016-06-17 ⋅ Threatpost ⋅ Michael Mimoso
@online{mimoso:20160617:scarcruft:4b357f7,
author = {Michael Mimoso},
title = {{ScarCruft APT Group Used Latest Flash Zero Day in Two Dozen Attacks}},
date = {2016-06-17},
organization = {Threatpost},
url = {https://threatpost.com/scarcruft-apt-group-used-latest-flash-zero-day-in-two-dozen-attacks/118642/},
language = {English},
urldate = {2019-10-28}
}
ScarCruft APT Group Used Latest Flash Zero Day in Two Dozen Attacks
APT37 |
2016-06-14 ⋅ Kaspersky Labs ⋅ Costin Raiu
@online{raiu:20160614:cve20164171:6d0a7c9,
author = {Costin Raiu},
title = {{CVE-2016-4171 – Adobe Flash Zero-day used in targeted attacks}},
date = {2016-06-14},
organization = {Kaspersky Labs},
url = {https://securelist.com/cve-2016-4171-adobe-flash-zero-day-used-in-targeted-attacks/75082/},
language = {English},
urldate = {2019-12-20}
}
CVE-2016-4171 – Adobe Flash Zero-day used in targeted attacks
APT37 |