Malware: BLINDINGCAN

Description

[BLINDINGCAN](https://attack.mitre.org/software/S0520) is a remote access Trojan that has been used by the North Korean government since at least early 2020 in cyber operations against defense, engineering, and government organizations in Western Europe and the US.(Citation: US-CERT BLINDINGCAN Aug 2020)(Citation: NHS UK BLINDINGCAN Aug 2020)

External References

• mitre-attack
• NHS UK BLINDINGCAN Aug 2020
• US-CERT BLINDINGCAN Aug 2020

Techniques Used by This Malware

• T1005 — Data from Local System
• T1016 — System Network Configuration Discovery
• T1027.002 — Software Packing
• T1027.013 — Encrypted/Encoded File
• T1036.005 — Match Legitimate Resource Name or Location
• T1041 — Exfiltration Over C2 Channel
• T1059.003 — Windows Command Shell
• T1070.004 — File Deletion
• T1070.006 — Timestomp
• T1071.001 — Web Protocols
• T1082 — System Information Discovery
• T1083 — File and Directory Discovery
• T1105 — Ingress Tool Transfer
• T1129 — Shared Modules
• T1132.001 — Standard Encoding
• T1140 — Deobfuscate/Decode Files or Information
• T1204.002 — Malicious File
• T1218.011 — Rundll32
• T1553.002 — Code Signing
• T1566.001 — Spearphishing Attachment
• T1573.001 — Symmetric Cryptography

APT Groups Using This Malware

• Lazarus Group