Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

BLINDINGCAN

BLINDINGCAN is a remote access Trojan that has been used by the North Korean government since at least early 2020 in cyber operations against defense, engineering, and government organizations in Western Europe and the US.(Citation: US-CERT BLINDINGCAN Aug 2020)(Citation: NHS UK BLINDINGCAN Aug 2020)

ID: S0520

Type: MALWARE

Platforms: Windows

Version: 1.0

Created: 27 Oct 2020

Last Modified: 17 Mar 2021

Domain	ID		Name	Use
Techniques Used
Enterprise	T1071	.001	Application Layer Protocol: Web Protocols	BLINDINGCAN has used HTTPS over port 443 for command and control.(Citation: US-CERT BLINDINGCAN Aug 2020)
Enterprise	T1059	.003	Command and Scripting Interpreter: Windows Command Shell	BLINDINGCAN has executed commands via cmd.exe.(Citation: US-CERT BLINDINGCAN Aug 2020)
Enterprise	T1132	.001	Data Encoding: Standard Encoding	BLINDINGCAN has encoded its C2 traffic with Base64.(Citation: US-CERT BLINDINGCAN Aug 2020)
Enterprise	T1573	.001	Encrypted Channel: Symmetric Cryptography	BLINDINGCAN has encrypted its C2 traffic with RC4.(Citation: US-CERT BLINDINGCAN Aug 2020)
Enterprise	T1070	.004	Indicator Removal: File Deletion	BLINDINGCAN has deleted itself and associated artifacts from victim machines.(Citation: US-CERT BLINDINGCAN Aug 2020)
		.006	Indicator Removal: Timestomp	BLINDINGCAN has modified file and directory timestamps.(Citation: US-CERT BLINDINGCAN Aug 2020)(Citation: NHS UK BLINDINGCAN Aug 2020)
Enterprise	T1036	.005	Masquerading: Match Legitimate Name or Location	BLINDINGCAN has attempted to hide its payload by using legitimate file names such as "iconcache.db".(Citation: US-CERT BLINDINGCAN Aug 2020)
Enterprise	T1027	.002	Obfuscated Files or Information: Software Packing	BLINDINGCAN has been packed with the UPX packer.(Citation: US-CERT BLINDINGCAN Aug 2020)
Enterprise	T1566	.001	Phishing: Spearphishing Attachment	BLINDINGCAN has been delivered by phishing emails containing malicious Microsoft Office documents.(Citation: US-CERT BLINDINGCAN Aug 2020)
Enterprise	T1553	.002	Subvert Trust Controls: Code Signing	BLINDINGCAN has been signed with code-signing certificates such as CodeRipper.(Citation: US-CERT BLINDINGCAN Aug 2020)
Enterprise	T1218	.011	System Binary Proxy Execution: Rundll32	BLINDINGCAN has used Rundll32 to load a malicious DLL.(Citation: US-CERT BLINDINGCAN Aug 2020)
Enterprise	T1204	.002	User Execution: Malicious File	BLINDINGCAN has lured victims into executing malicious macros embedded within Microsoft Office documents.(Citation: US-CERT BLINDINGCAN Aug 2020)

ID	Name	References
Groups That Use This Software
G0032	Lazarus Group	(Citation: US-CERT BLINDINGCAN Aug 2020)

References

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

BLINDINGCAN

Techniques Used

Groups That Use This Software

References