APT37/Reaper, also known as Group123, Inky Squid, RedEyes, ScarCruft and Ricochet Chollima, is described as using mfc100.dll malware in a May 2023 infection chain focused on South Korean political and organizational targets. The source says the campaign uses an archive and lure file to launch PowerShell, BAT scripting and rundll32 execution before deleting the temporary DLL executable. The malware is associated with credential theft, data exfiltration, screenshots, system information collection, command and shellcode execution, and file management, with cloud-storage-style C2 noted as a Reaper pattern. Representative indicators include the SHA-256 0e926d8b6fbf6f14a2a19d4d4af843253f9f5f6de337956a12dde279f3321d78, naver-file.com, and TCP connections to 5.8.71.81:443 and 8.247.211.254:80.