← Back to Actors
APT38
APT38NICKEL GLADSTONEBeagleBoyzBluenoroffStardust ChollimaSapphire SleetCOPERNICIUM
[APT38](https://attack.mitre.org/groups/G0082) is a North Korean state-sponsored threat group that specializes in financial cyber operations; it has been attributed to the Reconnaissance General Bureau.(Citation: CISA AA20-239A BeagleBoyz August 2020) Active since at least 2014, [APT38](https://attack.mitre.org/groups/G0082) has targeted banks, financial institutions, casinos, cryptocurrency exchanges, SWIFT system endpoints, and ATMs in at least 38 countries worldwide. Significant operations include the 2016 Bank of Bangladesh heist, during which [APT38](https://attack.mitre.org/groups/G0082)...
61
Techniques
58
Covered
3
Gaps
95%
Coverage
Coverage58/61
GAPS (3)
COVERED (58)
T1005Data from Local System47 det.T1027.002Software Packing2 det.T1033System Owner/User Discovery61 det.T1036.003Rename Legitimate Utilities47 det.T1036.006Space after Filename3 det.T1049System Network Connections Discovery22 det.T1053.003Cron29 det.T1053.005Scheduled Task100 det.T1055Process Injection81 det.T1056.001Keylogging4 det.T1057Process Discovery21 det.T1059.001PowerShell372 det.T1059.003Windows Command Shell83 det.T1059.005Visual Basic69 det.T1070.001Clear Windows Event Logs16 det.T1070.004File Deletion43 det.T1070.006Timestomp10 det.T1071.001Web Protocols81 det.T1082System Information Discovery86 det.T1083File and Directory Discovery48 det.T1105Ingress Tool Transfer184 det.T1106Native API29 det.T1110Brute Force90 det.T1112Modify Registry203 det.T1115Clipboard Data16 det.T1135Network Share Discovery20 det.T1140Deobfuscate/Decode Files or Information58 det.T1189Drive-by Compromise10 det.T1204.001Malicious Link11 det.T1204.002Malicious File441 det.T1217Browser Information Discovery4 det.T1218.001Compiled HTML File14 det.T1218.005Mshta49 det.T1218.007Msiexec33 det.T1218.011Rundll3275 det.T1485Data Destruction94 det.T1486Data Encrypted for Impact374 det.T1505.003Web Shell65 det.T1518.001Security Software Discovery10 det.T1529System Shutdown/Reboot18 det.T1543.003Windows Service79 det.T1548.002Bypass User Account Control84 det.T1553.005Mark-of-the-Web Bypass11 det.T1561.002Disk Structure Wipe3 det.T1562.001Disable or Modify Tools316 det.T1562.003Impair Command History Logging3 det.T1562.004Disable or Modify System Firewall48 det.T1565.001Stored Data Manipulation22 det.T1565.002Transmitted Data Manipulation3 det.T1566.001Spearphishing Attachment979 det.T1569.002Service Execution64 det.T1583.001Domains62 det.T1588.002Tool13 det.T1685Disable or Modify Tools279 det.T1685.005Clear Windows Event Logs12 det.T1686Disable or Modify System Firewall19 det.T1686.002Network Device Firewall2 det.T1690Prevent Command History Logging3 det.