APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
APT37 (aka RICOCHET CHOLLIMA, ScarCruft) · APT Atlas
Actors
/
Nation-state / APT
/
Asia
APT37
APT
KP · North Korea
AKA
RICOCHET CHOLLIMA · ScarCruft · Group 123 · Reaper Group · ATK4 · Operation Daybreak · InkySquid · Geumseong121
CrowdStrike
:
VELVET CHOLLIMA
Microsoft
:
Ruby Sleet
Targets
16
Sectors
19
Threat types
1
GIRs covered
0/480
Active since
2012
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 16 countries
Region filter
Export
origin · North Korea
targeted countries · 16
ASIA ·
7
China
·
Hong Kong
·
Indonesia
·
India
·
Japan
·
South Korea
·
Vietnam
EUROPE ·
6
Germany
·
France
·
United Kingdom
·
Russia
·
Slovakia
·
Ukraine
AFRICA ·
2
Egypt
·
South Africa
AMERICAS ·
1
United States
Sectors targeted
19 of 40
Government
83 actors
Defense
60 actors
Aerospace
49 actors
Financial Services
61 actors
Cryptocurrency
17 actors
Healthcare
38 actors
Pharmaceutical
24 actors
Technology
51 actors
Retail & Hospitality
25 actors
NGOs & Dissidents
47 actors
Energy / Utilities
49 actors
Oil and Gas
19 actors
Education & Research
50 actors
Manufacturing (man)
40 actors
Media & Journalism
41 actors
Logistics
18 actors
Food and Beverage
8 actors
Consulting / Professional Services
26 actors
Private Sector (generic)
28 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
ESP · Espionage
MITRE ATT&CK · 25 techniques
Initial Access
· 2
T1189
Drive-by Compromise
T1566.001
Spearphishing Attachment
Execution
· 7
T1053.005
Scheduled Task
Persistence
· 1
Credential Access
· 1
T1555.003
Credentials from Web Browsers
Discovery
· 3
T1033
System Owner/User Discovery
Collection
· 2
T1005
Data from Local System
T1123
Audio Capture
Impact
· 2
T1529
System Shutdown/Reboot
Command And Control
· 3
T1071.001
Web Protocols
T1102.002
Bidirectional Communication
Stealth
· 4
T1027
Obfuscated Files or Information
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT2
nation-state
China · 6 targets · since 2010
APT5
nation-state
China · 15 targets · since 2007
APT8
nation-state
China · 5 targets · since —
APT14
nation-state
China · 15 targets · since —
APT17
nation-state
China · 10 targets · since 2009
APT20
nation-state
China · 14 targets · since 2011
T1059
Command and Scripting Interpreter
T1059.003
Windows Command Shell
T1059.005
Visual Basic
T1059.006
Python
T1106
Native API
T1203
Exploitation for Client Execution
T1547.001
Registry Run Keys / Startup Folder
T1057
Process Discovery
T1120
Peripheral Device Discovery
T1561.002
Disk Structure Wipe
T1105
Ingress Tool Transfer
T1027.003
Steganography
T1036.001
Invalid Code Signature
T1055
Process Injection