NSFOCUS profiles APT37, also known as Group123, Venus 121 and Reaper, as a North Korea-linked actor active since 2012 and focused on neighboring countries, especially South Korea. The tool review highlights PoorWeb, RokRat, NavRat, KevDroid and PubNub, describing how APT37 uses HWP-delivered malware, public cloud services such as Dropbox and pCloud, Naver mail, FTP and PubNub-style messaging for command execution, file theft, credential collection and payload staging. The excerpt emphasizes RokRat’s cloud-based C2 and screenshot/document-stealing functions, NavRat’s Naver mail control channel, and PoorWeb behavior from Operation Imitation Game, giving defenders concrete malware families and communication patterns to track.