← Back to Actors
APT37
APT37InkySquidScarCruftReaperGroup123TEMP.ReaperRicochet Chollima
[APT37](https://attack.mitre.org/groups/G0067) is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also in Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and other parts of the Middle East. [APT37](https://attack.mitre.org/groups/G0067) has also been linked to the following campaigns between 2016-2018: Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, Are you Happy?, FreeMilk, North Korean Human Rights, and Evil New Year 2018.(Citation: FireEye APT37 Feb 201...
29
Techniques
29
Covered
0
Gaps
100%
Coverage
Coverage29/29
COVERED (29)
T1005Data from Local System47 det.T1027Obfuscated Files or Information561 det.T1027.003Steganography5 det.T1033System Owner/User Discovery61 det.T1036.001Invalid Code Signature9 det.T1053.005Scheduled Task99 det.T1055Process Injection79 det.T1057Process Discovery20 det.T1059Command and Scripting Interpreter486 det.T1059.003Windows Command Shell82 det.T1059.005Visual Basic68 det.T1059.006Python49 det.T1071.001Web Protocols80 det.T1082System Information Discovery86 det.T1102.002Bidirectional Communication15 det.T1105Ingress Tool Transfer183 det.T1106Native API29 det.T1120Peripheral Device Discovery4 det.T1123Audio Capture11 det.T1189Drive-by Compromise10 det.T1203Exploitation for Client Execution75 det.T1204.002Malicious File425 det.T1529System Shutdown/Reboot18 det.T1547.001Registry Run Keys / Startup Folder53 det.T1548.002Bypass User Account Control84 det.T1555.003Credentials from Web Browsers16 det.T1559.002Dynamic Data Exchange1 det.T1561.002Disk Structure Wipe3 det.T1566.001Spearphishing Attachment905 det.