Trusted Design

APT37

G0067 · MITRE Pageへのリンク

脅威アクターの詳細

[APT37](https://attack.mitre.org/groups/G0067) is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also in Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and other parts of the Middle East. [APT37](https://attack.mitre.org/groups/G0067) has also been linked to the following campaigns between 2016-2018: Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, Are you Happy?, FreeMilk, North Korean Human Rights, and Evil New Year 2018.(Citation: FireEye APT37 Feb 2018)(Citation: Securelist ScarCruft Jun 2016)(Citation: Talos Group123) North Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name [Lazarus Group](https://attack.mitre.org/groups/G0032) instead of tracking clusters or subgroups.

別名・別称

APT37
InkySquid
ScarCruft
Reaper
Group123
TEMP.Reaper
Ricochet Chollima

利用した攻撃手法

• T1053.005 - Scheduled Task
• T1033 - System Owner/User Discovery
• T1561.002 - Disk Structure Wipe
• T1123 - Audio Capture
• T1548.002 - Bypass User Account Control
• T1559.002 - Dynamic Data Exchange
• T1204.002 - Malicious File
• T1566.001 - Spearphishing Attachment
• T1120 - Peripheral Device Discovery
• T1082 - System Information Discovery
• T1106 - Native API
• T1005 - Data from Local System
• T1055 - Process Injection
• T1555.003 - Credentials from Web Browsers
• T1059 - Command and Scripting Interpreter
• T1057 - Process Discovery
• T1547.001 - Registry Run Keys / Startup Folder
• T1027 - Obfuscated Files or Information
• T1036.001 - Invalid Code Signature
• T1102.002 - Bidirectional Communication
• T1203 - Exploitation for Client Execution
• T1027.003 - Steganography
• T1059.006 - Python
• T1059.003 - Windows Command Shell
• T1189 - Drive-by Compromise
• T1071.001 - Web Protocols
• T1059.005 - Visual Basic
• T1105 - Ingress Tool Transfer
• T1529 - System Shutdown/Reboot

関連するCVE (攻撃手法に関連)

• CVE-2013-6282 (T1555.003)
• CVE-2015-2546 (T1555.003)
• CVE-2014-4113 (T1529)
• CVE-2015-1701 (T1529)
• CVE-2017-0263 (T1555.003)
• CVE-2015-0057 (T1555.003)
• CVE-2015-2360 (T1529)
• CVE-2008-1436 (T1529)
• CVE-2010-0232 (T1529)
• CVE-2010-4398 (T1529)
• CVE-2017-0001 (T1102.002)
• CVE-2014-4114 (T1059.005)
• CVE-2015-1770 (T1059.005)
• CVE-2012-1856 (T1529)
• CVE-2015-2545 (T1027.003)
• CVE-2014-6332 (T1059.005)
• CVE-2017-0199 (T1059.005)
• CVE-2015-2424 (T1559.002)
• CVE-2015-0097 (T1059.005)
• CVE-2012-0158 (T1529)
• CVE-2014-1761 (T1203)
• CVE-2015-1641 (T1559.002)
• CVE-2017-0261 (T1059.005)
• CVE-2017-0262 (T1059.005)
• CVE-2013-3906 (T1203)
• CVE-2014-6352 (T1059.005)
• CVE-2010-3333 (T1203)
• CVE-2012-2539 (T1203)
• CVE-2010-0806 (T1105)
• CVE-2017-8570 (T1059.005)
• CVE-2015-0016 (T1203)
• CVE-2010-0188 (T1059.003)
• CVE-2010-2884 (T1059.003)
• CVE-2013-0640 (T1059.003)
• CVE-2011-0611 (T1059.003)
• CVE-2010-1553 (T1566.001)
• CVE-2015-2853 (T1203)
• CVE-2017-16929 (T1566.001)
• CVE-2012-1876 (T1203)
• CVE-2013-3660 (T1555.003)
• CVE-2013-7331 (T1566.001)
• CVE-2009-3129 (T1566.001)
• CVE-2013-5990 (T1529)
• CVE-2015-0310 (T1203)
• CVE-2015-5897 (T1555.003)
• CVE-2015-4495 (T1189)
• CVE-2014-8361 (T1071.001)
• CVE-2014-4148 (T1059)
• CVE-2012-6422 (T1106)
• CVE-2015-3785 (T1555.003)
• CVE-2015-3456 (T1555.003)
• CVE-2013-2094 (T1529)
• CVE-2015-8562 (T1555.003)
• CVE-2016-1990 (T1555.003)
• CVE-2016-1991 (T1555.003)
• CVE-2015-3628 (T1203)
• CVE-2015-6034 (T1555.003)
• CVE-2015-6022 (T1555.003)
• CVE-2015-7262 (T1529)
• CVE-2016-1562 (T1555.003)
• CVE-2016-2343 (T1555.003)
• CVE-2016-9496 (T1529)
• CVE-2012-0056 (T1555.003)
• CVE-2010-3081 (T1555.003)
• CVE-2012-1258 (T1555.003)
• CVE-2014-3153 (T1203)
• CVE-2015-3636 (T1529)
• CVE-2015-1761 (T1555.003)
• CVE-2014-6324 (T1555.003)
• CVE-2014-2273 (T1555.003)
• CVE-2015-2387 (T1555.003)
• CVE-2025-13335 (T1555.003)
• CVE-2025-13927 (T1555.003)
• CVE-2025-13928 (T1555.003)
• CVE-2025-24893 (T1203)
• CVE-2025-68645 (T1555.003)
• CVE-2026-1102 (T1555.003)
• CVE-2026-20127 (T1529)
• CVE-2012-4969 (T1059.003)
• CVE-2014-0322 (T1059.005)
• CVE-2016-0189 (T1059.005)
• CVE-2015-0071 (T1189)
• CVE-2017-0143 (T1059.005)
• CVE-2015-5119 (T1203)
• CVE-2015-5122 (T1203)
• CVE-2015-7645 (T1203)
• CVE-2015-3043 (T1203)
• CVE-2015-3090 (T1203)
• CVE-2015-3113 (T1203)
• CVE-2015-2502 (T1189)
• CVE-2014-6271 (T1059.003)
• CVE-2015-7808 (T1203)
• CVE-2016-1010 (T1203)
• CVE-2016-1001 (T1203)
• CVE-2016-0998 (T1203)
• CVE-2015-0313 (T1203)
• CVE-2015-0359 (T1203)
• CVE-2015-2852 (T1203)
• CVE-2015-2854 (T1203)
• CVE-2015-7755 (T1203)
• CVE-2015-8287 (T1203)
• CVE-2016-9495 (T1203)
• CVE-2015-0311 (T1203)
• CVE-2012-3213 (T1203)
• CVE-2012-4792 (T1105)
• CVE-2015-0336 (T1203)
• CVE-2015-3105 (T1203)
• CVE-2014-0497 (T1203)
• CVE-2013-0074 (T1203)
• CVE-2013-2551 (T1189)
• CVE-2014-0515 (T1203)
• CVE-2014-1776 (T1203)
• CVE-2014-9163 (T1203)
• CVE-2014-7247 (T1529)
• CVE-2011-1255 (T1203)
• CVE-2012-0611 (T1189)
• CVE-2015-2419 (T1189)
• CVE-2016-4117 (T1203)
• CVE-2025-34026 (T1203)
• CVE-2010-1297 (T1059.003)
• CVE-2010-2883 (T1059.003)
• CVE-2013-0641 (T1059.003)
• CVE-2014-3897 (T1189)
• CVE-2014-7911 (T1529)

Actor – Pulse グラフ

---

← 脅威アクター一覧に戻る