APT37 aka ScarCruft or RedEyes – Active IOCs
Contents
Analysis Summary
APT37, also known as ScarCruft or Red Eyes, is a state-sponsored cyber espionage group originating from North Korea. The group has been active since at least 2012 and primarily targets victims in South Korea. However, it has also conducted operations against entities in other countries, including Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and various parts of the Middle East.
APT37 has been linked to several campaigns between 2016 and 2018, including Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, North Korean Human Rights, and Evil New Year 2018. These campaigns involve a range of tactics and techniques aimed at intelligence gathering, data exfiltration, and disruption. One of the tools that APT37 has been associated with is the Goldbackdoor and RokRAT.
The RedEyes threat group continues to pose a significant cybersecurity risk. Recent research confirms that this group, responsible for distributing the CHM malware disguised as a security email …
APT37, also known as ScarCruft or Red Eyes, is a state-sponsored cyber espionage group originating from North Korea. The group has been active since at least 2012 and primarily targets victims in South Korea. However, it has also conducted operations against entities in other countries, including Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and various parts of the Middle East.
APT37 has been linked to several campaigns between 2016 and 2018, including Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, North Korean Human Rights, and Evil New Year 2018. These campaigns involve a range of tactics and techniques aimed at intelligence gathering, data exfiltration, and disruption. One of the tools that APT37 has been associated with is the Goldbackdoor and RokRAT.
The RedEyes threat group continues to pose a significant cybersecurity risk. Recent research confirms that this group, responsible for distributing the CHM malware disguised as a security email …
IoC
5aacff1d13e872d1707c6d86646c886194cebac0eb28b8cf8389b333a7ff5600
d9e3eba6067eec0aa32214b2a9811f4b579b66b34fe4e5bff4d754102dffdb91
2500050253ecc95279b319bc469031d270ae5a66
c8bb4f1ebeafd00cc6b73e2cf265c18fd8660df7
2fa8f5f95577db335e649d5361c845b0
ed825fe83c096ca29754c6b4e7e98384
uploader77j.disk.yandex.net
d9e3eba6067eec0aa32214b2a9811f4b579b66b34fe4e5bff4d754102dffdb91
2500050253ecc95279b319bc469031d270ae5a66
c8bb4f1ebeafd00cc6b73e2cf265c18fd8660df7
2fa8f5f95577db335e649d5361c845b0
ed825fe83c096ca29754c6b4e7e98384
uploader77j.disk.yandex.net