APT38 is a financially-motivated threat group that is backed by the North Korean regime. The group mainly targets banks and financial institutions and has targeted more than 16 organizations in at least 13 countries since at least 2014.
North Korean group definitions are known to have significant overlap, and the name Lazarus Group is known to encompass a broad range of activity. Some organizations use the name Lazarus Group to refer to any activity attributed to North Korea. Some organizations track North Korean clusters or groups such as Bluenoroff, APT37, and APT38 separately, while other organizations may track some activity associated with those group names by the name Lazarus Group.
|Enterprise||T1071||.001||Application Layer Protocol: Web Protocols|
|Enterprise||T1059||.003||Command and Scripting Interpreter: Windows Command Shell|
|Enterprise||T1486||Data Encrypted for Impact|
|Enterprise||T1565||.001||Data Manipulation: Stored Data Manipulation|
|.002||Data Manipulation: Transmitted Data Manipulation|
|.003||Data Manipulation: Runtime Data Manipulation|
|Enterprise||T1561||.002||Disk Wipe: Disk Structure Wipe|
|Enterprise||T1070||.001||Indicator Removal on Host: Clear Windows Event Logs|
|.004||Indicator Removal on Host: File Deletion|
|Enterprise||T1105||Ingress Tool Transfer|
|Enterprise||T1056||.001||Input Capture: Keylogging|
|Enterprise||T1027||.002||Obfuscated Files or Information: Software Packing|
|Enterprise||T1049||System Network Connections Discovery|