Analysis of APT37 NarwhalRAT Leveraging MS-Themed Phishing and Dead-drop C2

APT37 is leveraging sophisticated, MS-themed spear phishing campaigns and multi-stage, Python-based malware (NarwhalRAT) with advanced obfuscation, fileless execution, and dual C2 channels—including Korean relays and pCloud dead-drop resolvers—to stealthily target and exfiltrate sensitive data from Korean users while evading traditional detection methods.