APT37 aka ScarCruft or RedEyes – Active IOCs
Contents
MuddyWater APT – Active IOCs
November 4, 2024Multiple Oracle Products Vulnerabilities
November 4, 2024MuddyWater APT – Active IOCs
November 4, 2024Multiple Oracle Products Vulnerabilities
November 4, 2024Severity
High
Analysis Summary
APT37, also known as ScarCruft or Red Eyes, is a state-sponsored cyber espionage group originating from North Korea. The group has been active since at least 2012 and primarily targets victims in South Korea. However, it has also conducted operations against entities in other countries, including Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and various parts of the Middle East.
APT37 has been linked to several campaigns between 2016 and 2018, including Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, North Korean Human Rights, and Evil New Year 2018. These campaigns involve a range of tactics and techniques aimed at intelligence gathering, data exfiltration, and disruption. One of the tools that APT37 has been associated with is the Goldbackdoor and RokRAT.
The RedEyes threat group continues to …
November 4, 2024Multiple Oracle Products Vulnerabilities
November 4, 2024MuddyWater APT – Active IOCs
November 4, 2024Multiple Oracle Products Vulnerabilities
November 4, 2024Severity
High
Analysis Summary
APT37, also known as ScarCruft or Red Eyes, is a state-sponsored cyber espionage group originating from North Korea. The group has been active since at least 2012 and primarily targets victims in South Korea. However, it has also conducted operations against entities in other countries, including Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and various parts of the Middle East.
APT37 has been linked to several campaigns between 2016 and 2018, including Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, North Korean Human Rights, and Evil New Year 2018. These campaigns involve a range of tactics and techniques aimed at intelligence gathering, data exfiltration, and disruption. One of the tools that APT37 has been associated with is the Goldbackdoor and RokRAT.
The RedEyes threat group continues to …
IoC
61.97.243.2
5f6682ad9da4590cba106e2f1a8cbe26
dbd5d662cc53d4b91cf7da9979cdffd1b4f702323bb9ec4114371bc6f4f0d4a6
108.181.50.58
7043c7c101532df47c832ce5270745dd3d1e8c08
175.214.194.61
158.247.219.10
5f6682ad9da4590cba106e2f1a8cbe26
dbd5d662cc53d4b91cf7da9979cdffd1b4f702323bb9ec4114371bc6f4f0d4a6
108.181.50.58
7043c7c101532df47c832ce5270745dd3d1e8c08
175.214.194.61
158.247.219.10