| SYMBOL | COMMON_NAME | aka. SYNONYMS |
APT37 has likely been active since at least 2012 and focuses on targeting the public and private sectors primarily in South Korea. In 2017, APT37 expanded its targeting beyond the Korean peninsula to include Japan, Vietnam and the Middle East, and to a wider range of industry verticals, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare entities
| 2021-02-18 ⋅ PTSecurity ⋅ https://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques/ Poet RAT Gravity RAT Ketrican Okrum OopsIE Remcos RogueRobinNET RokRAT SmokeLoader |
| 2021-01-06 ⋅ Malwarebytes ⋅ Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat RokRAT |
| 2020-12-15 ⋅ Trend Micro ⋅ Who is the Threat Actor Behind Operation Earth Kitsune? Freenki Loader SLUB |
| 2020-06-16 ⋅ IBM ⋅ Cloud ThreatLandscape Report 2020 QNAPCrypt RokRAT |
| 2020-05-21 ⋅ PICUS Security ⋅ T1055 Process Injection BlackEnergy Cardinal RAT Downdelph Emotet Kazuar RokRAT SOUNDBITE |
| 2020-03-30 ⋅ Kaspersky SAS ⋅ Behind the Mask of ScarCruft RokRAT |
| 2020-03-04 ⋅ CrowdStrike ⋅ 2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Ransomware Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot vidar Winnti ANTHROPOID SPIDER Anunak APT31 APT39 BlackTech BuhTrap Charming Kitten CLOCKWORD SPIDER DOPPEL SPIDER Gamaredon Group Leviathan MONTY SPIDER Mustang Panda NARWHAL SPIDER NOCTURNAL SPIDER Pinchy Spider Pirate Panda Salty Spider SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER |
| 2020-03-03 ⋅ PWC UK ⋅ Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare Axiom |
| 2020-02-19 ⋅ Lexfo ⋅ The Lazarus Constellation A study on North Korean malware FastCash AppleJeus BADCALL Bankshot Brambul Dtrack Duuzer DYEPACK ELECTRICFISH HARDRAIN Hermes HOPLIGHT Joanap KEYMARBLE Kimsuky MimiKatz MyDoom NACHOCHEESE NavRAT PowerRatankba RokRAT Sierra(Alfa,Bravo, ...) Volgmer WannaCryptor |
| 2019-10-28 ⋅ Tencent ⋅ Analysis of Suspected Group123 (APT37) Attacks on Chinese and Korean Foreign Traders Unidentified 067 |
| 2019-08-12 ⋅ Kindred Security ⋅ An Overview of Public Platform C2’s HTML5 Encoding LOWBALL Makadocs MiniDuke RogueRobinNET RokRAT |
| 2019-08-01 ⋅ Kaspersky Labs ⋅ APT trends report Q2 2019 ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy Microcin |
| 2019-05-13 ⋅ Kaspersky Labs ⋅ ScarCruft continues to evolve, introduces Bluetooth harvester Konni RokRAT UACMe APT37 |
| 2019-02-25 ⋅ One Night in Norfolk ⋅ How To: Analyzing a Malicious Hangul Word Processor Document from a DPRK Threat Actor Group NavRAT |
| 2019 ⋅ Council on Foreign Relations ⋅ APT 37 APT37 |
| 2019 ⋅ MITRE ⋅ Group description: APT37 APT37 |
| 2018-11-16 ⋅ Return to ROKRAT!! (feat. FAAAA...Sad...) RokRAT |
| 2018-10-03 ⋅ Intezer ⋅ APT37: Final1stspy Reaping the FreeMilk Final1stSpy RokRAT |
| 2018-10-01 ⋅ Palo Alto Networks Unit 42 ⋅ NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT Nokki |
| 2018-10-01 ⋅ Bleeping Computer ⋅ Report Ties North Korean Attacks to New Malware, Linked by Word Macros APT37 |
| 2018-09-27 ⋅ Palo Alto Networks Unit 42 ⋅ New KONNI Malware attacking Eurasia and Southeast Asia Nokki |
| 2018-05-31 ⋅ Cisco Talos ⋅ NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea NavRAT |
| 2018-04-05 ⋅ Palo Alto Networks Unit 42 ⋅ Reaper Group’s Updated Mobile Arsenal KevDroid |
| 2018-04-02 ⋅ Cisco Talos ⋅ Fake AV Investigation Unearths KevDroid, New Android Malware KevDroid PubNubRAT |
| 2018-02-27 ⋅ VMWare Carbon Black ⋅ Threat Analysis: ROKRAT Malware RokRAT |
| 2018-02-21 ⋅ Twitter (@mstoned7) ⋅ Tweet on DPRK APT groups APT37 |
| 2018-02-20 ⋅ FireEye ⋅ APT37 (REAPER) The Overlooked North Korean Actor RokRAT APT37 |
| 2018-02-20 ⋅ FireEye ⋅ APT37 (Reaper): The Overlooked North Korean Actor APT37 |
| 2018-01-16 ⋅ Cisco Talos ⋅ Korea In The Crosshairs Freenki Loader RokRAT APT37 |
| 2018-01-16 ⋅ Cisco Talos ⋅ Korea In The Crosshairs Freenki Loader PoohMilk Loader RokRAT APT37 |
| 2017-11-28 ⋅ Cisco ⋅ ROKRAT Reloaded RokRAT |
| 2017-10-05 ⋅ Palo Alto Networks Unit 42 ⋅ FreeMilk: A Highly Targeted Spear Phishing Campaign Freenki Loader PoohMilk Loader |
| 2017-10-05 ⋅ Palo Alto Networks Unit 42 ⋅ FreeMilk: A Highly Targeted Spear Phishing Campaign APT37 |
| 2017-04-03 ⋅ Cisco Talos ⋅ Introducing ROKRAT RokRAT |
| 2017 ⋅ Cisco Talos ⋅ Introducing ROKRAT RokRAT |
| 2016-06-17 ⋅ Kaspersky Labs ⋅ Operation Daybreak StarCruft APT37 |
| 2016-06-17 ⋅ Threatpost ⋅ ScarCruft APT Group Used Latest Flash Zero Day in Two Dozen Attacks APT37 |
| 2016-06-14 ⋅ Kaspersky Labs ⋅ CVE-2016-4171 – Adobe Flash Zero-day used in targeted attacks APT37 |