BLINDINGCAN

Description

(US-CERT) Working with U.S. Government partners, DHS and FBI identified Remote Access Trojan (RAT) malware variants used by the North Korean government. This malware variant has been identified as BLINDINGCAN.

—Begin built-in functions— Retrieve information about all installed disks, including the disk type and the amount of free space on the disk Create, start, and terminate a new process and its primary thread Search, read, write, move, and execute files Get and modify file or directory timestamps Change the current directory for a process or file Delete malware and artifacts associated with the malware from the infected system —End built-in functions—

Names

Name
BLINDINGCAN
DRATzarus RAT
AIRDRY
ZetaNile

Category

Malware

Type

• Reconnaissance
• Backdoor
• Dropper
• Loader
• Downloader

Information

• https://us-cert.cisa.gov/ncas/analysis-reports/ar20-232a
• https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf
• https://www.hvs-consulting.de/media/downloads/ThreatReport-Lazarus.pdf
• https://www.sentinelone.com/blog/the-blindingcan-rat-and-malicious-north-korean-activity/

Mitre Attack

• https://attack.mitre.org/software/S0520/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.blindingcan

Other Information

Uuid

5a84e5db-d28b-43f4-9bde-49b2bdbdc100

Last Card Change

2023-11-30