Brave Prince

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
"Brave Prince" is a Korean-language malware implant that was first observed in the wild on December 13, 2017. It exhibits similar code and behavior to the "Gold Dragon" variants, particularly in terms of system profiling and control server communication mechanisms. The malware sends logs to the attacker via South Korea's Daum email service. Notably, both variants of Brave Prince can terminate a process associated with a tool created by Daum designed to block malicious code. Additionally, the Daum variants of Brave Prince gather information from the system and save it to the file PI_00.dat. This malware is part of a broader campaign including other implants named "Gold Dragon", "Ghost419", and "Running Rat". These names were derived from phrases found within their code, and they were first identified in December 2017. Gold Dragon shares elements, code, and behaviors with Ghost419 and Brave Prince, and we have been tracking these since May 2017. Ghost419, in turn, is based on Gold Dragon and Brave Prince and contains shared elements and code, particularly for system reconnaissance functions. On December 21, a variant of Brave Prince used the control server nid-help-pchange.atwebpages.com. Interestingly, this same server was also utilized by a variant of Gold Dragon just three days later on December 24. The discovery of these connections indicates a much wider and interconnected malware campaign than initially suspected. The continued evolution and complexity of these malware variants underscore the importance of robust cybersecurity measures.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Brave Prince Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims' Systems