{
    "type": "bundle",
    "id": "bundle--51e4d868-a26e-4a8f-a8e5-7b2363b674fb",
    "spec_version": "2.0",
    "objects": [
        {
            "aliases": [
                "APT37",
                "Richochet Chollima",
                "InkySquid",
                "ScarCruft",
                "Reaper",
                "Group123",
                "TEMP.Reaper"
            ],
            "x_mitre_domains": [
                "enterprise-attack"
            ],
            "x_mitre_contributors": [
                "Valerii Marchuk, Cybersecurity Help s.r.o."
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "id": "intrusion-set--4a2ce82e-1a74-468a-a6fb-bbead541383c",
            "type": "intrusion-set",
            "created": "2018-04-18T17:59:24.739Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/groups/G0067",
                    "external_id": "G0067"
                },
                {
                    "source_name": "APT37",
                    "description": "(Citation: FireEye APT37 Feb 2018)"
                },
                {
                    "source_name": "Richochet Chollima",
                    "description": "(Citation: CrowdStrike Richochet Chollima September 2021)"
                },
                {
                    "source_name": "InkySquid",
                    "description": "(Citation: Volexity InkySquid BLUELIGHT August 2021)"
                },
                {
                    "source_name": "ScarCruft",
                    "description": "(Citation: Securelist ScarCruft Jun 2016)(Citation: FireEye APT37 Feb 2018)(Citation: Securelist ScarCruft May 2019)"
                },
                {
                    "source_name": "Reaper",
                    "description": "(Citation: FireEye APT37 Feb 2018)"
                },
                {
                    "source_name": "Group123",
                    "description": "(Citation: FireEye APT37 Feb 2018)"
                },
                {
                    "source_name": "TEMP.Reaper",
                    "description": "(Citation: FireEye APT37 Feb 2018)"
                },
                {
                    "source_name": "FireEye APT37 Feb 2018",
                    "description": "FireEye. (2018, February 20). APT37 (Reaper): The Overlooked North Korean Actor. Retrieved March 1, 2018.",
                    "url": "https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf"
                },
                {
                    "url": "https://securelist.com/operation-daybreak/75100/",
                    "description": "Raiu, C., and Ivanov, A. (2016, June 17). Operation Daybreak. Retrieved February 15, 2018.",
                    "source_name": "Securelist ScarCruft Jun 2016"
                },
                {
                    "url": "https://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html",
                    "description": "Mercer, W., Rascagneres, P. (2018, January 16). Korea In The Crosshairs. Retrieved May 21, 2018.",
                    "source_name": "Talos Group123"
                },
                {
                    "source_name": "CrowdStrike Richochet Chollima September 2021",
                    "url": "https://adversary.crowdstrike.com/en-US/adversary/ricochet-chollima/",
                    "description": "CrowdStrike. (2021, September 30). Adversary Profile - Richochet Chollima. Retrieved September 30, 2021."
                },
                {
                    "source_name": "Volexity InkySquid BLUELIGHT August 2021",
                    "url": "https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/",
                    "description": "Cash, D., Grunzweig, J., Meltzer, M., Adair, S., Lancaster, T. (2021, August 17). North Korean APT InkySquid Infects Victims Using Browser Exploits. Retrieved September 30, 2021."
                },
                {
                    "description": "GReAT. (2019, May 13). ScarCruft continues to evolve, introduces Bluetooth harvester. Retrieved June 4, 2019.",
                    "url": "https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/",
                    "source_name": "Securelist ScarCruft May 2019"
                }
            ],
            "modified": "2021-10-15T16:54:01.193Z",
            "name": "APT37",
            "description": "[APT37](https://attack.mitre.org/groups/G0067) is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also in Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and other parts of the Middle East. [APT37](https://attack.mitre.org/groups/G0067) has also been linked to the following campaigns between 2016-2018: Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, Are you Happy?, FreeMilk, North Korean Human Rights, and Evil New Year 2018.(Citation: FireEye APT37 Feb 2018)(Citation: Securelist ScarCruft Jun 2016)(Citation: Talos Group123)\n\nNorth Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name [Lazarus Group](https://attack.mitre.org/groups/G0032) instead of tracking clusters or subgroups.",
            "x_mitre_version": "2.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}