← Back to Actors
APT37
APT37InkySquidScarCruftReaperGroup123TEMP.ReaperRicochet Chollima
[APT37](https://attack.mitre.org/groups/G0067) is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also in Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and other parts of the Middle East. [APT37](https://attack.mitre.org/groups/G0067) has also been linked to the following campaigns between 2016-2018: Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, Are you Happy?, FreeMilk, North Korean Human Rights, and Evil New Year 2018.(Citation: FireEye APT37 Feb 201...
29
Techniques
29
Covered
0
Gaps
100%
Coverage
Coverage29/29
COVERED (29)
T1005Data from Local System46 det.T1027Obfuscated Files or Information525 det.T1027.003Steganography5 det.T1033System Owner/User Discovery59 det.T1036.001Invalid Code Signature9 det.T1053.005Scheduled Task82 det.T1055Process Injection76 det.T1057Process Discovery18 det.T1059Command and Scripting Interpreter462 det.T1059.003Windows Command Shell79 det.T1059.005Visual Basic66 det.T1059.006Python43 det.T1071.001Web Protocols74 det.T1082System Information Discovery80 det.T1102.002Bidirectional Communication14 det.T1105Ingress Tool Transfer170 det.T1106Native API27 det.T1120Peripheral Device Discovery4 det.T1123Audio Capture11 det.T1189Drive-by Compromise10 det.T1203Exploitation for Client Execution71 det.T1204.002Malicious File397 det.T1529System Shutdown/Reboot18 det.T1547.001Registry Run Keys / Startup Folder50 det.T1548.002Bypass User Account Control83 det.T1555.003Credentials from Web Browsers15 det.T1559.002Dynamic Data Exchange1 det.T1561.002Disk Structure Wipe3 det.T1566.001Spearphishing Attachment850 det.