CyberSecureFox 
APT37 Deploys NarwhalRAT in New Microsoft Account Phishing
đ https://cybersecurefox.com/en/apt37-narwhalrat-microsoft-phishing-campaign
#APT37 #NarwhalRAT #ScarCruft #Microsoft #account #phishing #remote #access #trojan
OTX BotA Fileless Python Backdoor Deployed by North Korean APT37
APT37 uses NarwhalRAT malware in targeted campaigns to gain remote access, steal data, and control compromised systems.
Pulse ID: 6a35d8989c9c8e67d57e2a12
Pulse Link: https://otx.alienvault.com/pulse/6a35d8989c9c8e67d57e2a12
Pulse Author: cryptocti
Created: 2026-06-20 00:02:32
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#APT37 #BackDoor #CyberSecurity #InfoSec #Korea #Malware #NorthKorea #OTX #OpenThreatExchange #Python #RAT #bot #cryptocti
A Fileless Python Backdoor Deployed by North Korean APT37
APT37 uses NarwhalRAT malware in targeted campaigns to gain remote access, steal data, and control compromised systems.
Pulse ID: 6a35d8fdc19d40c2339797fc
Pulse Link: https://otx.alienvault.com/pulse/6a35d8fdc19d40c2339797fc
Pulse Author: cryptocti
Created: 2026-06-20 00:04:13
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#APT37 #BackDoor #CyberSecurity #InfoSec #Korea #Malware #NorthKorea #OTX #OpenThreatExchange #Python #RAT #bot #cryptocti
Analysis of APT37 NarwhalRAT Leveraging MS-Themed Phishing and Dead-drop C2
Pulse ID: 6a322579b10204c642518a28
Pulse Link: https://otx.alienvault.com/pulse/6a322579b10204c642518a28
Pulse Author: Tr1sa111
Created: 2026-06-17 04:41:29
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#APT37 #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #bot #Tr1sa111
Analyst207ScarCruft Targets Microsoft Users with NarwhalRAT Malware
Beware of fake Microsoft account alerts! A sneaky North Korean hacking group, ScarCruft, is sending phishing emails that mimic Microsoft security notifications to trick you into downloading the NarwhalRAT malware.
The Threat CodexAnalysis of APT37 NarwhalRAT Leveraging MS-Themed Phishing and Dead-drop C2
#APT37 #NarwhalRAT
https://www.genians.co.kr/en/blog/threat_intelligence/narwhalrat
#APT37 #NarwhalRAT
https://www.genians.co.kr/en/blog/threat_intelligence/narwhalrat
Analysis of APT37 NarwhalRAT Leveraging MS-Themed Phishing and Dead-drop C2
A sophisticated Python-based RAT targeting Korean users through spear phishing emails disguised as Microsoft security alerts. The attack chain employs LNK files embedded in ZIP archives, BAT-based obfuscation, and multi-stage loaders culminating in NarwhalRAT deployment. This advanced malware features keylogging, screen capture, microphone recording, and USB data collection capabilities. It utilizes a dual C2 infrastructure combining Korean relay servers (daehoat.com, novel21.co.kr) with pCloud API as a dead-drop resolver. The malware creates encrypted configuration files, implements anti-VM techniques, and establishes persistence through scheduled tasks. It operates as a manually-controlled RAT with selective function activation via C2 commands, employing in-memory execution to evade file-based detection.
Pulse ID: 6a30130ad416e33ebf9e9417
Pulse Link: https://otx.alienvault.com/pulse/6a30130ad416e33ebf9e9417
Pulse Author: AlienVault
Created: 2026-06-15 14:58:18
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#APT37 #Cloud #CyberSecurity #Email #InfoSec #Korea #LNK #Malware #Microsoft #OTX #OpenThreatExchange #Phishing #Python #RAT #SpearPhishing #Troll #USB #ZIP #bot #pCloud #AlienVault
Analysis of APT37 NarwhalRAT Leveraging MS-Themed Phishing and Dead-drop C2
Pulse ID: 6a3004ad318270fcc2ea201b
Pulse Link: https://otx.alienvault.com/pulse/6a3004ad318270fcc2ea201b
Pulse Author: CyberHunter_NL
Created: 2026-06-15 13:57:01
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#APT37 #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #bot #CyberHunter_NL
CyberNetsecIOđ° North Korean APT ScarCruft Hits Gaming Platform in Supply-Chain Attack
North Korean APT ScarCruft (APT37) targets gamers in a supply-chain attack, compromising a gaming site to distribute Android spyware. The 'BirdCall' backdoor spies on ethnic Koreans in China. đ”ïžââïž #APT37 #ScarCruft #CyberSecurity #Android
ScarCruft APT Exploits Yanbian Gaming Platform for Intelligence Gathering
Meet ScarCruft, a notorious North Korea-aligned espionage group that's been caught exploiting a popular gaming platform in China to gather intel on its users. The group trojanized a site serving traditional Yanbian-themed games, compromising both Windows and Android software.
