APT37, a DPRK threat actor-lazarusholic

APT37

2018-02-20, Mandiant
APT37 (Reaper): The Overlooked North Korean Actor

"APT37 has likely been active since at least 2012 and focuses on targeting the public and private sectors primarily in South Korea. In 2017, APT37 expanded its targeting beyond the Korean peninsula to include Japan, Vietnam and the Middle East, and to a wider range of industry verticals, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare entities"

- malpedia, https://malpedia.caad.fkie.fraunhofer.de/actor/apt37

Also known as

Name	Named by	AKA	First seen	Last seen
APT-C-28	Qihoo360	ScarCruft	2019-06-01	2025-02-19
APT37	Mandiant	ScarCruft	2018-02-20	2025-05-14
ATK4	ThalesGroup	APT37	2019-10-07	2022-05-31
BlackShoggoth	PWC	APT37	2020-03-03	2021-02-28
EarthManticore	TrendMicro	APT37	2025-03-18	2025-03-18
G0067	MITRE	APT37	2018-04-18	2018-04-18
Group123	CiscoTalos	ScarCruft	2018-01-16	2025-05-14
ITG10	IBM	ScarCruft	2021-10-23	2023-06-06
InkySquid	Volexity	ScarCruft	2021-08-17	2023-01-04
NickelFoxcroft	SecureWorks	ScarCruft	-	2024-10-08
RedEyes	Ahnlab	ScarCruft	2018-02-21	2024-05-07
RicochetChollima	CrowdStrike	ScarCruft	2019-02-19	2025-03-17
ScarCruft	Kaspersky	-	2016-06-17	2025-01-20
SquidWerewolf	BiZone	APT37	2025-03-12	2025-03-12
TEMP.Reaper	Mandiant	ScarCruft	2018-02-03	2024-04-09
금성121	ESTSecurity	ScarCruft	2018-07-04	2023-09-19

Reports

2025-05-14
DtexSystems
Exposing DPRK’s Cyber Underworld
#ITWorker #APT37 #APT43 #APT45 #AppleJeus #CryptoCore #GwisinGang #Konni #MoonstoneSleet #RubySleet #TEMP.Hermit #TraderTraitor

2025-05-12
Genians
한국 국가안보전략 싱크탱크 위장 APT37 공격 사례 분석 (작전명. 토이박스 스토리)
#APT37 #LNK #RokRAT #ToyBoxStory

2025-05-12
Genians
Analysis of APT37 Attack Case Disguised as a Think Tank for National Security Strategy in South Korea (Operation. ToyBox Story)
#APT37 #LNK #ToyBoxStory #RokRAT

2025-04-29
Google
Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis
#APT37 #CVE-2024-21338 #CVE-2024-38178 #Trend

2025-04-27
NSFOCUS
NSFOCUS APT Monthly Briefing - March 2025
#APT37 #Lazarus #Trend

2025-04-17
Logpresso
한글 문서로 위장한 두 공격 그룹의 악성코드 비교
#APT37 #Konni #RokRAT #LNK

2025-03-31
Sakai
북한 해킹 단체 APT37(Reaper)에서 만든 악성코드-한국군사학논총(2025.3.26)
#APT37 #LNK #RokRAT

2025-03-20
Hauri
APT37 공격 그룹의 지속적 위협 공격
#APT37 #LNK

2025-03-12
Lookout
Lookout Discovers North Korean APT37 Mobile Spyware
#APT37 #KoSpy #Mobile

2025-03-10
ZW01f
APT37 - RokRat
#APT37 #LNK #RokRAT

2025-03-04
Logpresso
한글 문서로 위장한 두 공격 그룹의 악성코드 비교
#APT37 #Konni #LNK #RokRAT

2025-02-10
0x0v1
Targeted Threats Research - South & North Korea (a breakdown of 3 years of threat research in Korea)
#APT37 #CVE-2022-41128 #Kimsuky #RambleOn #RokRAT #UCID902

2025-02-03
Genians
K 메신저로 유포된 'APT37' 그룹의 악성 HWP 사례 분석
#APT37 #LNK

2025-01-12
Hauri
APT37의 정찰용 피싱
#APT37 #Phishing

2025-01-07
Nurilab
APT37 그룹의 신종 RokRAT 악성코드 분석 보고서
#APT37 #RokRAT

2025-01-01
Sakai
북한 APT 리퍼(Reaper)에서 만든 악성코드-동북공정(미국의회조사국(CRS Report).pdf.lnk(2024.4.3)
#APT37 #LNK

2024-12-09
Rewterz
APT37 aka ScarCruft or RedEyes – Active IOCs
#APT37

2024-12-09
Sakai
대북 관계자를 타켓팅 하는 APT 37(Reaper,리퍼)에서 만든 악성코드-김X성강의자료.lnk(2024.12.06)
#APT37 #LNK

2024-11-14
Rewterz
APT37 aka ScarCruft or RedEyes – Active IOCs
#APT37

2024-11-06
David_Jou
揭秘APT37：朝鲜黑客组织的攻击手法及工具
#APT37 #CVE-2024-38178 #VeilShell

2024-11-04
Rewterz
APT37 aka ScarCruft or RedEyes – Active IOCs
#APT37 #RokRAT

2024-11-04
Sakai
북한 APT 리퍼(Reaper)에서 만든 탈북민 사칭 한국해양수산연수원 타겟 인것으로 추측이 되는 악성코드-정보접근권.lnk(2024.11.1)
#APT37 #RokRAT #LNK

2024-11-04
Genians
APT37 위협 배후의 사이버 정찰 활동 분석
#APT37

2024-11-01
Rewterz
APT37 aka ScarCruft or RedEyes – Active IOCs
#APT37 #RokRAT

2024-10-16
S2W
Unmasking CVE-2024-38178: The Silent Threat of Windows Scripting Engine
#APT37 #CVE-2024-38178 #RokRAT

2024-10-03
Securonix
SHROUDED#SLEEP: A Deep Dive into North Korea’s Ongoing Campaign Against Southeast Asia
#APT37 #VeilShell #ShroudedSleep

2024-09-13
ENKI
LNK 파일을 활용한 RokRAT 악성코드에 대한 분석
#APT37 #LNK #RokRAT

2024-08-19
Qianxin
网络安全威胁2024年中报告
#Trend #APT37 #Konni #Kimsuky #Lazarus

2024-06-06
Sakai
우리 북한 해킹 단체 Reaper(리퍼)에서 만든 악성코드-인문사회분야 박사과정생 연구장려금지원 신청자격 요건 확인서.hwp(2024.5.24)
#APT37

2024-04-11
InterpresSecurity
Return of the mac(OS): Transparency, Consent, and Control (TCC) Database Manipulation
#APT37 #CloudMensis #macOS #JokerSpy

2024-03-27
Genians
APT37 그룹의 RoKRAT 파일리스 공격 증가
#APT37 #RokRAT #LNK

2024-03-21
SecuI
"북한지 기고문"을 위장하여 유포된 LNK 악성코드
#APT37 #RokRAT #LNK

2024-03-04
Sakai
북한 해킹 단체 APT37 Reaper(리퍼)에서 만든 악성코드-(안보칼럼) 반국가세력에 안보기관이 무기력해서는 안된다.zip(2024.02.22)
#APT37 #RokRAT

2024-03-04
安恒信息
APT37利用朝鲜政治话题针对韩国的攻击活动分析
#APT37 #RokRAT

2024-03-01
0x0v1
RE:archive | APT37's ROKRAT HWP Object Linking and Embedding
#APT37 #RokRAT

2024-02-26
qianlan
APT37组织主战远控武器RokRAT，更新迭代部分执行流程
#APT37 #RokRAT

2024-02-05
Knownsec
知道创宇2023年度APT威胁分析总结报告
#APT37 #Konni #Trend #Kimsuky

2024-01-16
Genians
2024년 Webinar 안내장 사칭 APT 공격 포착
#APT37 #RokRAT #LNK

2023-12-29
Genians
북한 시장 물가 분석 문서 등으로 위장된 공격 사례
#APT37 #CVE-2022-41128

2023-12-04
Sakai
북한 해킹 단체 APT37 에서 만든 악성코드-국군재정관리단.chm(2023.11.21)
#APT37 #CHM

2023-11-20
Sakai
북한 해킹 단체 APT37 Reaper(리퍼)에서 만든 악성코드-2023년 11월 청구내역.html(2023.11.07)
#APT37

2023-10-10
Mandiant
Assessed Cyber Structure and Alignments of North Korea in 2023
#Trend #APT38 #UNC1720 #APT43 #APT37 #UNC4899 #UNC614 #UNC1069 #TEMP.Hermit #UNC2226

2023-10-04
0x0v1
The evolution of North Korean Android spyware
#RambleOn #APT37 #RokRAT

2023-09-28
Inquest
Anticipating File-Borne Threats: How Deep File Inspection Technology Will Shape the Future of Cyber Defense
#APT37 #Kimsuky #APT38 #Trend

2023-09-13
Knownsec
Analysis of the recent offensive operations conducted by North Korean APT groups
#Konni #CHM #APT37 #LNK #Chinotto

2023-09-12
Knownsec
韩美大规模联合军演挑衅升级朝方 APT 组织近期攻击活动分析
#Konni #CHM #APT37 #LNK #Chinotto

2023-09-01
Genians
한국 내 대북분야 종사자를 겨냥한 고도화된 BitB 공격 등장
#APT37 #BitB

2023-08-25
Knownsec
Suspected APT37 New Attack Weapon Fakecheck Analysis Report
#APT37 #Fakecheck #CHM

2023-08-25
Knownsec
疑似 APT37 新攻击武器Fakecheck分析报告
#APT37 #Fakecheck #CHM

2023-07-26
KRCERT
정부 보고서 위장 MS워드 제로데이 취약점 상세 분석
#APT37 #CVE-2022-41128

2023-06-20
Genians
한국내 macOS 이용자를 노린 APT37 공격 등장
#macOS #APT37

2023-05-30
ThreatMon
Reverse Engineering RokRAT: A Closer Look at APT37's Onedrive-Based Attack Vector
#APT37 #RokRAT

2023-05-23
Genians
북한인권단체를 사칭한 APT37 공격 사례
#APT37 #LNK #RokRAT

2023-05-01
Checkpoint
CHAIN REACTION: ROKRAT’S MISSING LINK
#APT37 #RokRAT #LNK

2023-04-28
网络安全研究宅基地
APT37针对韩国外交部下发RokRAT的窃密活动分析
#APT37 #RokRAT

2023-04-27
安恒信息
APT37针对韩国外交部下发RokRAT - 安恒威胁情报中心
#APT37 #RokRAT

2023-03-28
ThreatMon
Chinotto Backdoor Technical Analysis of the APT Reaper’s Powerful Weapon
#APT37 #Chinotto

2023-03-21
Zscaler
The Unintentional Leak: A glimpse into the attack vectors of APT37
#CHM #GitHub #APT37 #LNK #Chinotto

2023-03-20
Mandiant
Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace
#Trend #CVE-2022-0609 #APT37 #CVE-2022-41128 #TEMP.Hermit

2023-03-14
Qianxin
全球高级持续性威胁 (APT) 2022年度报告
#APT37 #CHM #Trend #Chinotto #APT-Q-1 #APT-Q-2

2023-01-16
GregLesewich
YARA-ing with MacOS
#YARA #APT37 #CloudMensis #RokRAT

2022-12-07
Google
Internet Explorer 0-day exploited by North Korean actor APT37
#APT37 #CVE-2022-41128

2022-04-27
Hauri
APT37-GOLDBACKDOOR
#APT37 #GoldBackdoor

2022-04-21
Stairwell
The ink-stained trail of GOLDBACKDOOR
#APT37 #GoldBackdoor #YARA

2021-12-04
0xthreatintel
APT37 targets Journalists & Security Researchers
#APT37 #DreamJob

2021-07-14
S2W
Matryoshka : Variant of ROKRAT, APT37 (Scarcruft)
#APT37 #RokRAT #Matryoshka

2021-01-06
Malwarebytes
Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat
#APT37 #RokRAT

2020-04-23
StrangerealIntel
APT 37 strike again ?
#APT37

2020-03-25
NSFOCUS
APT37 复盘分析报告（part1）：投递与执行
#APT37

2020-03-25
NSFOCUS
APT37 复盘分析报告（part2）：木马与工具
#APT37

2019-10-28
Qihoo360
疑似Group123（APT37）针对中韩外贸人士的攻击活动分析
#Group123 #APT37

2018-10-03
Intezer
APT37: Final1stspy Reaping the FreeMilk
#APT37 #FreeMilk

2018-04-18
MITRE
APT37
#APT37 #G0067

2018-02-20
Fireeye
APT37 (Reaper): The Overlooked North Korean Actor
#TEMP.Reaper #APT37 #SHUTTERSPEED