APT37 aka ScarCruft or RedEyes – Active IOCs
Contents
Multiple Intel Products Vulnerabilities
November 14, 2024An Emerging Ducktail Infostealer – Active IOCs
November 14, 2024Multiple Intel Products Vulnerabilities
November 14, 2024An Emerging Ducktail Infostealer – Active IOCs
November 14, 2024Severity
High
Analysis Summary
APT37, also known as ScarCruft or Red Eyes, is a state-sponsored cyber espionage group originating from North Korea. The group has been active since at least 2012 and primarily targets victims in South Korea. However, it has also conducted operations against entities in other countries, including Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and various parts of the Middle East.
APT37 has been linked to several campaigns between 2016 and 2018, including Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, North Korean Human Rights, and Evil New Year 2018. These campaigns involve a range of tactics and techniques aimed at intelligence gathering, data exfiltration, and disruption. One of the tools that APT37 has been associated with is the Goldbackdoor and RokRAT.
The RedEyes …
November 14, 2024An Emerging Ducktail Infostealer – Active IOCs
November 14, 2024Multiple Intel Products Vulnerabilities
November 14, 2024An Emerging Ducktail Infostealer – Active IOCs
November 14, 2024Severity
High
Analysis Summary
APT37, also known as ScarCruft or Red Eyes, is a state-sponsored cyber espionage group originating from North Korea. The group has been active since at least 2012 and primarily targets victims in South Korea. However, it has also conducted operations against entities in other countries, including Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and various parts of the Middle East.
APT37 has been linked to several campaigns between 2016 and 2018, including Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, North Korean Human Rights, and Evil New Year 2018. These campaigns involve a range of tactics and techniques aimed at intelligence gathering, data exfiltration, and disruption. One of the tools that APT37 has been associated with is the Goldbackdoor and RokRAT.
The RedEyes …
IoC
73417ded382af2e0f3fca04d8d07679af134038b
a205d5bdfcd237462abaf6b9d3576c4a
ed691e1e20160346094c08d2cebf0f32
198ee2c64c7584acb2403c0ce4c152b3e57c4453
13cc69320ed1e1422d13c3799998050806c72fb5406d85903b8d8860f9734c60
49f1d203436240933ee20d7b16324c09bcbf4ceb
0ea29853d7300b8dbd4ddea9923ad791d5629ebdae1c2f564c32916d41579c56
5b44285747891464c496aa477e450f10
bb83597cdf057db754def79d3f94b6cf8837b358178e10e4cc792da56a7523b3
a205d5bdfcd237462abaf6b9d3576c4a
ed691e1e20160346094c08d2cebf0f32
198ee2c64c7584acb2403c0ce4c152b3e57c4453
13cc69320ed1e1422d13c3799998050806c72fb5406d85903b8d8860f9734c60
49f1d203436240933ee20d7b16324c09bcbf4ceb
0ea29853d7300b8dbd4ddea9923ad791d5629ebdae1c2f564c32916d41579c56
5b44285747891464c496aa477e450f10
bb83597cdf057db754def79d3f94b6cf8837b358178e10e4cc792da56a7523b3