← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The Unintentional Leak: A glimpse into the attack vectors of APT37
WHITE APT37 AlienVault 2023-03-22 Modified: 2023-03-22
247
IOCs
HIGH VOLUME
We have been closely monitoring the tools, techniques and procedures (TTPs) of APT37 (also known as ScarCruft or Temp.Reaper) - a North Korea-based advanced persistent threat actor. This threat actor has been very active in February and March 2023 targeting individuals in various South Korean organizations.
Chinotto backdoorPowerShellmacrosGitHubScarCruftTemp.ReaperNorth Koreaspear phishing
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (4 / 247 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 51e3a857a3267028d5d3753313c8809dd44141823503ec86c69854703a1ff760 SHA256 of 22652b383d9ea880a4644a35cd5fadaf 2023-03-22
FileHash-SHA256 64c0bed705bc9ffbafea7bbf22f33d5194f87aa37bdc26faa7c6de733f4a1a2e SHA256 of c29d11961b9662a8cb1c7edd47d94ae5 2023-03-22
FileHash-SHA256 c2e30e1582e0e3c5431d713c0e3e561bc3a9306567446ed6d6317d7a7d8020c6 SHA256 of 79d5af9d4826f66090e4daf6029ed643 2023-03-22
FileHash-SHA256 e680163be81987af2fa87583a34f6a5a9efc16ba96daa986637467f69cfbc467 SHA256 of 82d58de096f53e4df84d6f67975a8dda 2023-03-22
References (1)
↗ https://www.zscaler.com/blogs/security-research/unintentional-leak-glimpse-attack-vectors-apt37