EXPLORE
Sign In
← Back to Actors

APT38

APT38NICKEL GLADSTONEBeagleBoyzBluenoroffStardust ChollimaSapphire SleetCOPERNICIUM

[APT38](https://attack.mitre.org/groups/G0082) is a North Korean state-sponsored threat group that specializes in financial cyber operations; it has been attributed to the Reconnaissance General Bureau.(Citation: CISA AA20-239A BeagleBoyz August 2020) Active since at least 2014, [APT38](https://attack.mitre.org/groups/G0082) has targeted banks, financial institutions, casinos, cryptocurrency exchanges, SWIFT system endpoints, and ATMs in at least 38 countries worldwide. Significant operations include the 2016 Bank of Bangladesh heist, during which [APT38](https://attack.mitre.org/groups/G0082)...

56
Techniques
53
Covered
3
Gaps
95%
Coverage
Coverage53/56

GAPS (3)

T1480.002Mutual ExclusionT1562.013Disable or Modify Network Device FirewallT1565.003Runtime Data Manipulation

COVERED (53)

T1005Data from Local System46 det.T1027.002Software Packing1 det.T1033System Owner/User Discovery59 det.T1036.003Rename Legitimate Utilities47 det.T1036.006Space after Filename3 det.T1049System Network Connections Discovery21 det.T1053.003Cron28 det.T1053.005Scheduled Task82 det.T1055Process Injection76 det.T1056.001Keylogging4 det.T1057Process Discovery18 det.T1059.001PowerShell338 det.T1059.003Windows Command Shell79 det.T1059.005Visual Basic66 det.T1070.001Clear Windows Event Logs15 det.T1070.004File Deletion40 det.T1070.006Timestomp9 det.T1071.001Web Protocols74 det.T1082System Information Discovery80 det.T1083File and Directory Discovery48 det.T1105Ingress Tool Transfer170 det.T1106Native API27 det.T1110Brute Force85 det.T1112Modify Registry197 det.T1115Clipboard Data15 det.T1135Network Share Discovery16 det.T1140Deobfuscate/Decode Files or Information55 det.T1189Drive-by Compromise10 det.T1204.001Malicious Link9 det.T1204.002Malicious File397 det.T1217Browser Information Discovery4 det.T1218.001Compiled HTML File13 det.T1218.005Mshta46 det.T1218.007Msiexec30 det.T1218.011Rundll3273 det.T1485Data Destruction90 det.T1486Data Encrypted for Impact339 det.T1505.003Web Shell57 det.T1518.001Security Software Discovery8 det.T1529System Shutdown/Reboot18 det.T1543.003Windows Service79 det.T1548.002Bypass User Account Control83 det.T1553.005Mark-of-the-Web Bypass11 det.T1561.002Disk Structure Wipe3 det.T1562.001Disable or Modify Tools300 det.T1562.003Impair Command History Logging3 det.T1562.004Disable or Modify System Firewall45 det.T1565.001Stored Data Manipulation19 det.T1565.002Transmitted Data Manipulation3 det.T1566.001Spearphishing Attachment850 det.T1569.002Service Execution63 det.T1583.001Domains61 det.T1588.002Tool13 det.