BLINDINGCAN

Malware updated 5 months ago (2024-05-04T19:30:36.799Z)
Download STIX
Preview STIX
BlindingCan, also known as AIRDRY or ZetaNile, is a multifaceted malware capable of extracting sensitive data from compromised hosts. The threat actor gained initial access to systems via spear-phishing attacks masquerading as recruiters for high-profile companies and deployed new malware dubbed "LightlessCan." This malicious software was used in several notable cyber-attacks, including the Amazon Dream Job campaign. BlindingCan can infect systems through suspicious downloads, emails, or websites and has the ability to disrupt operations, steal personal information, or even hold data hostage. The most significant payload used in these campaigns was LightlessCan, a successor to the Lazarus group's flagship HTTP(S) Remote Access Trojan (RAT) named BlindingCan. ESET analysts believe that LightlessCan is based on the BlindingCan source code, preserving the order of shared commands significantly, albeit with differences in their indexing. This characteristic is also found in other types of malware used by Lazarus. Compared to BlindingCan, Lazarus increased the code sophistication in LightlessCan, making it much more malicious than its predecessor. A simplified version of BlindingCan, named miniBlindingCan by ESET, is designed to collect system information such as computer name, Windows version, and configuration data. It also receives and executes commands from the command-and-control (C2) server. One of the most notable aspects of this RAT is that it mimics the functionalities of a wide range of native Windows commands, which makes detecting and analyzing the attacker's activities more challenging. This indicates that threat actors continually advance their attack tactics and tools, highlighting the growing sophistication and potential risks associated with these malwares.
Description last updated: 2024-05-04T16:46:15.206Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Rat
Backdoor
Downloader
Trojan
Payload
Eset
Phishing
Windows
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lightlesscan Malware is associated with BLINDINGCAN. LightlessCan is a new and advanced malware, discovered by ESET, that has been added to North Korea's Lazarus group's arsenal. The malware is a successor to the group's flagship HTTP(S) Lazarus Remote Access Trojan (RAT) named BlindingCan. LightlessCan represents a significant advancement in maliciouUnspecified
4
Source Document References
Information about the BLINDINGCAN Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
7 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
DARKReading
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
MITRE
2 years ago
MITRE
2 years ago
Securelist
a year ago
CERT-EU
a year ago