EXPLORE
Sign In
← Back to Actors

APT38

APT38NICKEL GLADSTONEBeagleBoyzBluenoroffStardust ChollimaSapphire SleetCOPERNICIUM

[APT38](https://attack.mitre.org/groups/G0082) is a North Korean state-sponsored threat group that specializes in financial cyber operations; it has been attributed to the Reconnaissance General Bureau.(Citation: CISA AA20-239A BeagleBoyz August 2020) Active since at least 2014, [APT38](https://attack.mitre.org/groups/G0082) has targeted banks, financial institutions, casinos, cryptocurrency exchanges, SWIFT system endpoints, and ATMs in at least 38 countries worldwide. Significant operations include the 2016 Bank of Bangladesh heist, during which [APT38](https://attack.mitre.org/groups/G0082)...

61
Techniques
57
Covered
4
Gaps
93%
Coverage
Coverage57/61

GAPS (4)

T1480.002Mutual ExclusionT1562.013Disable or Modify Network Device FirewallT1565.003Runtime Data ManipulationT1686.002Network Device Firewall

COVERED (57)

T1005Data from Local System47 det.T1027.002Software Packing1 det.T1033System Owner/User Discovery61 det.T1036.003Rename Legitimate Utilities47 det.T1036.006Space after Filename3 det.T1049System Network Connections Discovery22 det.T1053.003Cron28 det.T1053.005Scheduled Task99 det.T1055Process Injection79 det.T1056.001Keylogging4 det.T1057Process Discovery20 det.T1059.001PowerShell368 det.T1059.003Windows Command Shell82 det.T1059.005Visual Basic68 det.T1070.001Clear Windows Event Logs16 det.T1070.004File Deletion42 det.T1070.006Timestomp10 det.T1071.001Web Protocols80 det.T1082System Information Discovery86 det.T1083File and Directory Discovery48 det.T1105Ingress Tool Transfer183 det.T1106Native API29 det.T1110Brute Force90 det.T1112Modify Registry203 det.T1115Clipboard Data16 det.T1135Network Share Discovery20 det.T1140Deobfuscate/Decode Files or Information58 det.T1189Drive-by Compromise10 det.T1204.001Malicious Link10 det.T1204.002Malicious File425 det.T1217Browser Information Discovery4 det.T1218.001Compiled HTML File14 det.T1218.005Mshta49 det.T1218.007Msiexec33 det.T1218.011Rundll3275 det.T1485Data Destruction91 det.T1486Data Encrypted for Impact360 det.T1505.003Web Shell63 det.T1518.001Security Software Discovery10 det.T1529System Shutdown/Reboot18 det.T1543.003Windows Service79 det.T1548.002Bypass User Account Control84 det.T1553.005Mark-of-the-Web Bypass11 det.T1561.002Disk Structure Wipe3 det.T1562.001Disable or Modify Tools311 det.T1562.003Impair Command History Logging3 det.T1562.004Disable or Modify System Firewall48 det.T1565.001Stored Data Manipulation20 det.T1565.002Transmitted Data Manipulation3 det.T1566.001Spearphishing Attachment905 det.T1569.002Service Execution64 det.T1583.001Domains61 det.T1588.002Tool13 det.T1685Disable or Modify Tools278 det.T1685.005Clear Windows Event Logs11 det.T1686Disable or Modify System Firewall19 det.T1690Prevent Command History Logging3 det.