← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The Unintentional Leak: A glimpse into the attack vectors of APT37
WHITE APT37 AlienVault 2023-03-22 Modified: 2023-03-22
247
IOCs
HIGH VOLUME
We have been closely monitoring the tools, techniques and procedures (TTPs) of APT37 (also known as ScarCruft or Temp.Reaper) - a North Korea-based advanced persistent threat actor. This threat actor has been very active in February and March 2023 targeting individuals in various South Korean organizations.
Chinotto backdoorPowerShellmacrosGitHubScarCruftTemp.ReaperNorth Koreaspear phishing
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (4 / 247 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 3c48acddc7f7cd07a30c6157100877debc91bf5b SHA1 of 22652b383d9ea880a4644a35cd5fadaf 2023-03-22
FileHash-SHA1 7624abc66d0cf585ae52f1dd95c4be432ffc6234 SHA1 of 79d5af9d4826f66090e4daf6029ed643 2023-03-22
FileHash-SHA1 89f1e46e4d60babc75dba388c7a0316e68fe51b0 SHA1 of 82d58de096f53e4df84d6f67975a8dda 2023-03-22
FileHash-SHA1 fd4d18b6728520bf149f325ebd219850f170532f SHA1 of c29d11961b9662a8cb1c7edd47d94ae5 2023-03-22
References (1)
↗ https://www.zscaler.com/blogs/security-research/unintentional-leak-glimpse-attack-vectors-apt37