Focusing on the Weakest Link: A Similarity Analysis on Phishing Campaigns Based on the ATT&CK Matrix
Table 5
Campaigns of the Lazarus group and APT37.
APT group
Campaign
Campaign description
Lazarus group
L6
A phishing campaign distributed to US military defense sectors from January to August 2020. Uses RAT called DRATzarus and collects all installed disk information and OS information, such as disk shape and remaining space (known as Blindingcan).
L7
A phishing campaign distributed in the US aerospace sector from April to June 2020. Uses RAT called DRATzarus and collects all installed disk information and OS information, such as disk shape and remaining space (known as Blindingcan).
APT37
A1
A phishing campaign distributed to North Korean defectors and North Korean human rights groups from January 2019 to May 2019. Performs command control through communication with various drives such as Dropbox, Yandex, and pCloud by disguising an executable program.
A2
A phishing campaign distributed to lawmakers from June 2020 to December 2020. Performs command control through communication with various drives such as Dropbox, Yandex, and pCloud by disguising an executable program.
A3
A phishing campaign distributed to reporters from June to September 2021. Performs command control through communication with various drives such as Dropbox, Yandex, and pCloud by disguising an executable program.
