← Back to Actors
APT37
APT37InkySquidScarCruftReaperGroup123TEMP.ReaperRicochet Chollima
[APT37](https://attack.mitre.org/groups/G0067) is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also in Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and other parts of the Middle East. [APT37](https://attack.mitre.org/groups/G0067) has also been linked to the following campaigns between 2016-2018: Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, Are you Happy?, FreeMilk, North Korean Human Rights, and Evil New Year 2018.(Citation: FireEye APT37 Feb 201...
29
Techniques
29
Covered
0
Gaps
100%
Coverage
Coverage29/29
COVERED (29)
T1005Data from Local System47 det.T1027Obfuscated Files or Information606 det.T1027.003Steganography5 det.T1033System Owner/User Discovery61 det.T1036.001Invalid Code Signature10 det.T1053.005Scheduled Task100 det.T1055Process Injection81 det.T1057Process Discovery21 det.T1059Command and Scripting Interpreter514 det.T1059.003Windows Command Shell83 det.T1059.005Visual Basic69 det.T1059.006Python51 det.T1071.001Web Protocols81 det.T1082System Information Discovery86 det.T1102.002Bidirectional Communication16 det.T1105Ingress Tool Transfer184 det.T1106Native API29 det.T1120Peripheral Device Discovery4 det.T1123Audio Capture11 det.T1189Drive-by Compromise10 det.T1203Exploitation for Client Execution79 det.T1204.002Malicious File441 det.T1529System Shutdown/Reboot18 det.T1547.001Registry Run Keys / Startup Folder53 det.T1548.002Bypass User Account Control84 det.T1555.003Credentials from Web Browsers16 det.T1559.002Dynamic Data Exchange1 det.T1561.002Disk Structure Wipe3 det.T1566.001Spearphishing Attachment979 det.