T1025 - DPRK Threat Intelligence

#T1025 Data from Removable Media

Technique

Tactics: Collection
Description:
Adversaries may search connected removable media on computers they have compromised to find files of interest. Sensitive data can be collected from any removable media (optical disk drive, USB memory, etc.) connected to the compromised system prior to Exfiltration. Interactive command shells may be in use, and common functionality within [cmd](https://attack.mitre.org/software/S0106) may be used to gather information.

Some adversaries may also use [Automated Collection](https://attack.mitre.org/techniques/T1119) on removable media.
First Seen: Kimsuky APT continues to target South Korean government using AppleSeed backdoor • 2021-06-01

MITRE ATT&CK

7

Tagged Reports
5

Unique Authors
1,840

Active Days

Tagged Reports

2026-06-14

Genians

Analysis of APT37 NarwhalRAT Leveraging MS-Themed Phishing and Dead-drop C2

#APT37 #NarwhalRAT #LNK #T1566.001 #T1059.001 #T1053.005 #T1027 #T1056.001 #T1113 #T1102 #T1105 #T1025 #T1059.003 #T1071.001 #T1123 #T1204.002 #T1497 #T1497.001 #T1567.002

2026-06-14

Genians

MS 사칭 피싱과 Dead-drop C2 기반 APT37 NarwhalRAT 분석

#APT37 #LNK #T1566.001 #T1204.002 #T1059.001 #T1059.003 #T1027 #T1105 #T1053.005 #T1056.001 #T1113 #T1123 #T1025 #T1071.001 #T1102 #T1567.002 #T1497 #T1497.001 #NarwhalRAT

2025-09-08

Zscaler

APT37: Rust Backdoor & Python Loader

#APT37 #Chinotto #Rustonotto #T1036.004 #T1204.001 #T1059.003 #T1566.001 #T1059.007 #T1053.005 #T1218.005 #T1025 #T1113 #T1123 #T1055.013 #T1132.001 #T1041 #T1036.003 #T1056.001 #T1560.001 #T1547.001 #T1071.001

2025-02-20

ESET

DeceptiveDevelopment targets freelance developers

#BeaverTail #DeceptiveDevelopment #InvisibleFerret #T1025 #T1567.004 #T1555.001 #T1027.013 #T1016 #T1071.002 #T1566.003 #T1564.003 #T1552.001 #T1583.003 #T1082 #T1614 #T1119 #T1059.003 #T1074.001 #T1140 #T1030 #T1585.001 #T1005 #T1059.007 #T1587.001 #T1041 #T1564.001 #T1010 #T1219 #T1608.001 #T1204.002 #T1571 #T1071.001 #T1059.006 #T1115 #T1083 #T1124 #T1555.003 #T1056.001 #T1133 #T1021.001 #T1095 #T1560.002 #T1657 #T1217

2023-01-05

Attack IQ

Emulating the Highly Sophisticated North Korean Adversary Lazarus Group

#Trend #DreamJob #Inception #MagicRAT #Sharpshooter #ThreatNeedle #T1025 #T1047 #T1012 #T1016 #T1543.003 #T1057 #T1082 #T1552.002 #T1074.001 #T1572 #T1218.011 #T1547.001 #T1049 #T1003.002 #T1053.005 #T1041 #T1048.001 #T1105 #T1071.001 #T1220 #T1046 #T1218.010 #T1055 #T1112 #T1083 #T1007 #T1033 #T1036.005 #T1003

2022-11-30

ESET

Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin

#Scarcruft #Dolphin #T1025 #T1102.002 #T1203 #T1016 #T1106 #T1027 #T1082 #T1119 #T1518.001 #T1074.001 #T1016.001 #T1547.001 #T1567.002 #T1005 #T1059.007 #T1053.005 #T1539 #T1010 #T1113 #T1020 #T1055.002 #T1071.001 #T1059.006 #T1083 #T1189 #T1124 #T1555.003 #T1033 #T1056.001 #T1560.002

2021-06-01

Malwarebytes

Kimsuky APT continues to target South Korean government using AppleSeed backdoor

#Kimsuky #AppleSeed #T1025 #T1134 #T1027 #T1082 #T1566.001 #T1547.001 #T1140 #T1585.002 #T1598 #T1583 #T1585.001 #T1005 #T1059.007 #T1587.001 #T1070.004 #T1041 #T1113 #T1560 #T1071.001 #T1218.010 #T1112 #T1083 #T1059.001 #T1056.001 #T1001

« Back