T1074.001 - DPRK Threat Intelligence

#T1074.001 Local Data Staging

Technique

Tactics: Collection
Description:
Adversaries may stage collected data in a central location or directory on the local system prior to Exfiltration. Data may be kept in separate files or combined into one file through techniques such as [Archive Collected Data](https://attack.mitre.org/techniques/T1560). Interactive command shells may be used, and common functionality within [cmd](https://attack.mitre.org/software/S0106) and bash may be used to copy data into a staging location.

Adversaries may also stage collected data in various available formats/locations of a system, including local storage databases/repositories or the Windows Registry.(Citation: Prevailion DarkWatchman 2021)
First Seen: North Korean Advanced Persistent Threat Focus: Kimsuky • 2020-10-27

MITRE ATT&CK

17

Tagged Reports
11

Unique Authors
1,912

Active Days

Tagged Reports

2026-01-20

Picus Security

BlueNoroff Group: The Financial Cybercrime Arm of Lazarus

#Bluenoroff #T1593 #T1589 #T1543.001 #T1562.001 #T1059.002 #T1016 #T1059.005 #T1018 #T1566.003 #T1552.001 #T1583.003 #T1027.002 #T1204.004 #T1082 #T1548.002 #T1598.001 #T1074.001 #T1087.001 #T1547.001 #T1588.002 #T1005 #T1059.007 #T1587.001 #T1056.002 #T1176.001 #T1071.001 #T1543.004 #T1055 #T1027.010 #T1583.001 #T1036.005 #T1566.002 #T1548.006 #T1657

2025-08-13

Cyfirma

APT PROFILE – LAZARUS GROUP

#Lazarus #T1090.001 #T1134.002 #T1562.001 #T1543.003 #T1059.003 #T1553.002 #T1614.001 #T1074.001 #T1485 #T1591 #T1218.011 #T1620 #T1078 #T1587.001 #T1027.007 #T1010 #T1571 #T1090.002 #T1218.010 #T1542.003 #T1583.001 #T1033 #T1497.001 #T1560.002 #T1203 #T1036 #T1012 #T1016 #T1059.005 #T1106 #T1027 #T1566.003 #T1027.002 #T1562.004 #T1529 #T1049 #T1140 #T1585.001 #T1005 #T1053.005 #T1564.001 #T1608.001 #T1105 #T1046 #T1491.001 #T1055.001 #T1070 #T1589.002 #T1036.005 #T1110 #T1547.009 #T1489 #T1110.003 #T1534 #T1047 #T1573 #T1588.004 #T1104 #T1036.003 #T1591.004 #T1001.003 #T1057 #T1082 #T1561.002 #T1566.001 #T1574.013 #T1561.001 #T1608.002 #T1585.002 #T1218 #T1588.002 #T1036.004 #T1204.001 #T1041 #T1560 #T1202 #T1071.001 #T1218.005 #T1059.001 #T1593.001 #T1189 #T1124 #T1056.001 #T1070.006 #T1008 #T1102.002 #T1048.003 #T1583.006 #T1221 #T1557.001 #T1098 #T1547.001 #T1567.002 #T1584.004 #T1087.002 #T1070.004 #T1560.003 #T1070.003 #T1583.004 #T1132.001 #T1588.003 #T1021.002 #T1204.002 #T1220 #T1574.002 #T1083 #T1566.002 #T1021.001 #T1021.004 #T1584.001

2025-02-20

ESET

DeceptiveDevelopment targets freelance developers

#BeaverTail #DeceptiveDevelopment #InvisibleFerret #T1025 #T1567.004 #T1555.001 #T1027.013 #T1016 #T1071.002 #T1566.003 #T1564.003 #T1552.001 #T1583.003 #T1082 #T1614 #T1119 #T1059.003 #T1074.001 #T1140 #T1030 #T1585.001 #T1005 #T1059.007 #T1587.001 #T1041 #T1564.001 #T1010 #T1219 #T1608.001 #T1204.002 #T1571 #T1071.001 #T1059.006 #T1115 #T1083 #T1124 #T1555.003 #T1056.001 #T1133 #T1021.001 #T1095 #T1560.002 #T1657 #T1217

2025-02-12

Cyfirma

APT PROFILE – APT43

#APT43 #T1055.012 #T1562.001 #T1190 #T1587 #T1543.003 #T1059.003 #T1074.001 #T1553.002 #T1591 #T1218.011 #T1587.001 #T1588.005 #T1598.003 #T1594 #T1218.010 #T1557 #T1007 #T1583.001 #T1555.003 #T1036 #T1012 #T1016 #T1059.005 #T1027 #T1071.002 #T1027.002 #T1562.004 #T1111 #T1003.001 #T1140 #T1585.001 #T1005 #T1114.003 #T1053.005 #T1608.001 #T1105 #T1114.002 #T1589.002 #T1036.005 #T1534 #T1078.003 #T1552.001 #T1560.001 #T1136.001 #T1057 #T1082 #T1550.002 #T1518.001 #T1176 #T1566.001 #T1071.003 #T1585.002 #T1588.002 #T1036.004 #T1204.001 #T1586.002 #T1041 #T1219 #T1589.003 #T1071.001 #T1564.002 #T1112 #T1218.005 #T1059.001 #T1593.001 #T1040 #T1546.001 #T1056.001 #T1070.006 #T1102.002 #T1583.006 #T1564.003 #T1098 #T1593.002 #T1547.001 #T1567.002 #T1059.007 #T1070.004 #T1560.003 #T1505.003 #T1583.004 #T1204.002 #T1055 #T1059.006 #T1083 #T1133 #T1566.002 #T1021.001 #T1584.001

2024-12-27

Picus Security

Exposing the Steps of the Kimsuky APT Group

#Kimsuky #RandomQuery #GoldDragon #xRAT #T1055 #T1114.003 #T1082 #T1566.001 #T1059.001 #T1074.001 #T1219 #T1560 #T1059.005 #T1059.004 #T1027 #T1056.001 #T1573.001 #T1048 #T1547.001 #T1562.004 #T1071.001 #T1003

2024-09-12

Cyfirma

APT PROFILE – KIMSUKY

#Kimsuky #T1055.012 #T1562.001 #T1190 #T1587 #T1543.003 #T1059.003 #T1074.001 #T1553.002 #T1591 #T1218.011 #T1587.001 #T1588.005 #T1598.003 #T1594 #T1218.010 #T1557 #T1007 #T1583.001 #T1555.003 #T1036 #T1012 #T1016 #T1059.005 #T1027 #T1071.002 #T1027.002 #T1562.004 #T1111 #T1003.001 #T1140 #T1585.001 #T1005 #T1114.003 #T1053.005 #T1608.001 #T1105 #T1114.002 #T1589.002 #T1036.005 #T1534 #T1078.003 #T1552.001 #T1560.001 #T1136.001 #T1057 #T1082 #T1550.002 #T1518.001 #T1176 #T1566.001 #T1071.003 #T1585.002 #T1588.002 #T1036.004 #T1204.001 #T1586.002 #T1041 #T1219 #T1589.003 #T1071.001 #T1564.002 #T1112 #T1218.005 #T1059.001 #T1593.001 #T1040 #T1546.001 #T1056.001 #T1070.006 #T1102.002 #T1583.006 #T1564.003 #T1098 #T1593.002 #T1547.001 #T1567.002 #T1059.007 #T1070.004 #T1560.003 #T1505.003 #T1583.004 #T1204.002 #T1055 #T1059.006 #T1083 #T1133 #T1566.002 #T1021.001 #T1584.001

2024-08-05

KRNCSC

북한 해킹조직의 건설ㆍ기계 분야 기술절취 주의

#Kimsuky #DoraRAT #TrollAgent #Andariel #T1119 #T1005 #T1083 #T1036 #T1074.001 #T1041 #T1113 #T1573.002 #T1195 #T1189 #T1204.002 #T1027.002 #T1071.001 #T1217

2024-07-16

Rapid7

Kimsuky's Phishing and Payload Tactics

#Kimsuky #T1547.001 #T1053.005 #T1074.001 #T1543.003 #T1218

2024-04-05

Plainbit

Analysis of *.chm malware

#CHM #T1059.003 #T1083 #T1566 #T1053.005 #T1059.001 #T1074.001 #T1041 #T1132.001 #T1485 #T1059.005 #T1057 #T1204.002 #T1560.001 #T1105 #T1218.001 #T1082

2023-09-27

Ptsecurity

Dark River. You can't see them, but they're there

#MataDoor #DarkRiver #CVE-2021-40444 #T1090.001 #T1016 #T1106 #T1018 #T1622 #T1543.003 #T1027.002 #T1071 #T1057 #T1082 #T1572.001 #T1059.003 #T1566.001 #T1074.001 #T1572 #T1218.011 #T1620 #T1135 #T1049 #T1140 #T1030 #T1005 #T1036.004 #T1041 #T1129 #T1572.002 #T1571 #T1090.002 #T1046 #T1218.010 #T1132 #T1112 #T1083 #T1124 #T1033 #T1095 #T1560.002 #T1090.003 #T1008

2023-04-26

Attack IQ

Emulating Kimsuky's Espionage Operations

#Kimsuky #T1047 #T1016 #T1057 #T1082 #T1518.001 #T1074.001 #T1218.011 #T1547.001 #T1140 #T1053.005 #T1041 #T1105 #T1071.001 #T1218.010 #T1087 #T1115 #T1083 #T1033 #T1056.001 #T1048.002

2023-01-05

Attack IQ

Emulating the Highly Sophisticated North Korean Adversary Lazarus Group

#Trend #DreamJob #Inception #MagicRAT #Sharpshooter #ThreatNeedle #T1025 #T1047 #T1012 #T1016 #T1543.003 #T1057 #T1082 #T1552.002 #T1074.001 #T1572 #T1218.011 #T1547.001 #T1049 #T1003.002 #T1053.005 #T1041 #T1048.001 #T1105 #T1071.001 #T1220 #T1046 #T1218.010 #T1055 #T1112 #T1083 #T1007 #T1033 #T1036.005 #T1003

2022-12-22

Attack IQ

Emulating the Politically Motivated North Korean Adversary Andariel

#Andariel #T1012 #T1016 #T1057 #T1082 #T1074.001 #T1016.001 #T1120 #T1218.011 #T1547.001 #T1197 #T1049 #T1041 #T1053.005 #T1105 #T1071.001 #T1218.010 #T1083 #T1486 #T1033 #T1036.005 #T1217

2022-11-30

ESET

Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin

#Scarcruft #Dolphin #T1025 #T1102.002 #T1203 #T1016 #T1106 #T1027 #T1082 #T1119 #T1518.001 #T1074.001 #T1016.001 #T1547.001 #T1567.002 #T1005 #T1059.007 #T1053.005 #T1539 #T1010 #T1113 #T1020 #T1055.002 #T1071.001 #T1059.006 #T1083 #T1189 #T1124 #T1555.003 #T1033 #T1056.001 #T1560.002

2022-04-29

PWC

Cyber Threats 2021: A Year in Retrospect

#Trend #BlackBanshee #BlackAlicanto #T1589 #T1069 #T1190 #T1608 #T1036 #T1573 #T1036.007 #T1059.005 #T1068 #T1027 #T1570 #T1595 #T1048 #T1592 #T1615 #T1071 #T1482 #T1057 #T1082 #T1056 #T1059.003 #T1221 #T1566.001 #T1566 #T1074.001 #T1614.001 #T1016.001 #T1591 #T1548 #T1090 #T1547.001 #T1620 #T1049 #T1021 #T1135 #T1005 #T1078 #T1204.001 #T1070.004 #T1053.005 #T1041 #T1113 #T1132.001 #T1555 #T1560 #T1204.002 #T1105 #T1071.001 #T1039 #T1132 #T1547 #T1112 #T1070 #T1087 #T1083 #T1486 #T1124 #T1033 #T1210 #T1110 #T1095 #T1204 #T1059 #T1003

« Back