APT37, also known as ScarCruft or RedEyes, is described as a North Korean espionage group that mainly targets South Korea and has also operated against Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and Middle Eastern targets. The advisory links the group to RokRAT and Goldbackdoor, and notes a shift from HWP and Word delivery toward LNK files containing PowerShell commands. RokRAT collects machine data before running its RAT thread, uses cloud services such as Dropbox, pCloud, Yandex Cloud, and OneDrive for command and control, and supports additional payload execution and data exfiltration. Representative IOCs include 5f6682ad9da4590cba106e2f1a8cbe26 and dbd5d662cc53d4b91cf7da9979cdffd1b4f702323bb9ec4114371bc6f4f0d4a6.