Description
[HotCroissant](https://attack.mitre.org/software/S0431) is a remote access trojan (RAT) attributed by U.S. government entities to malicious North Korean government cyber activity, tracked collectively as HIDDEN COBRA.(Citation: US-CERT HOTCROISSANT February 2020) [HotCroissant](https://attack.mitre.org/software/S0431) shares numerous code similarities with [Rifdoor](https://attack.mitre.org/software/S0433).(Citation: Carbon Black HotCroissant April 2020)
External References
Techniques Used by This Malware
- T1007 — System Service Discovery
- T1010 — Application Window Discovery
- T1016 — System Network Configuration Discovery
- T1027.002 — Software Packing
- T1027.013 — Encrypted/Encoded File
- T1033 — System Owner/User Discovery
- T1041 — Exfiltration Over C2 Channel
- T1053.005 — Scheduled Task
- T1057 — Process Discovery
- T1059.003 — Windows Command Shell
- T1070.004 — File Deletion
- T1082 — System Information Discovery
- T1083 — File and Directory Discovery
- T1105 — Ingress Tool Transfer
- T1106 — Native API
- T1113 — Screen Capture
- T1489 — Service Stop
- T1518 — Software Discovery
- T1564.003 — Hidden Window
- T1573.001 — Symmetric Cryptography