Malware: HOPLIGHT

Description

[HOPLIGHT](https://attack.mitre.org/software/S0376) is a backdoor Trojan that has reportedly been used by the North Korean government.(Citation: US-CERT HOPLIGHT Apr 2019)

External References

• mitre-attack
• US-CERT HOPLIGHT Apr 2019

Techniques Used by This Malware

• T1003.002 — Security Account Manager
• T1008 — Fallback Channels
• T1012 — Query Registry
• T1041 — Exfiltration Over C2 Channel
• T1047 — Windows Management Instrumentation
• T1055 — Process Injection
• T1059.003 — Windows Command Shell
• T1082 — System Information Discovery
• T1083 — File and Directory Discovery
• T1090 — Proxy
• T1105 — Ingress Tool Transfer
• T1112 — Modify Registry
• T1124 — System Time Discovery
• T1132.001 — Standard Encoding
• T1546.003 — Windows Management Instrumentation Event Subscription
• T1550.002 — Pass the Hash
• T1562.004 — Disable or Modify System Firewall
• T1569.002 — Service Execution
• T1571 — Non-Standard Port
• T1652 — Device Driver Discovery

APT Groups Using This Malware

• Lazarus Group
• APT38