ECCENTRICBANDWAGON

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

ECCENTRICBANDWAGON is a type of malware that logs keystrokes and takes screenshots to obtain credentials from compromised systems. It is commonly used by the BeagleBoyz, a North Korean hacking group that has been involved in various cyberattacks. Although some samples of ECCENTRICBANDWAGON have the ability to encrypt logged data with the RC4 algorithm, the tool does not have any network functionality. The U.S. Government has released several Malware Analysis Reports that provide associated Indicators of Compromise (IOCs) for ECCENTRICBANDWAGON, including CROWDEDFLOUNDER, ELECTRICFISH, FASTCash for Windows, HOPLIGHT, and VIVACIOUSGIFT. These reports aim to help organizations identify and prevent potential attacks by providing information on the behavior and characteristics of these malware tools. While the use of custom keyloggers like ECCENTRICBANDWAGON is not always necessary for the BeagleBoyz to obtain credentials from a compromised system, it remains a common tactic employed by this group. Organizations should be vigilant in protecting their systems against potential threats from malware like ECCENTRICBANDWAGON, which can cause significant damage to operations and steal valuable personal information.

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Encrypt

Windows

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
HOPLIGHT	Unspecified	1	HOPLIGHT is a type of malware used by the BeagleBoyz criminal group to gain remote access to financial institution networks and steal sensitive information. It is one of several tools used by the group, with HOPLIGHT being particularly useful due to its built-in exfiltration features. The BeagleBoyz

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
BeagleBoyz	Unspecified	1	The BeagleBoyz, also known as threat activity group 71 (TAG-71), is a significant cybersecurity threat actor with strong ties to the North Korean state-sponsored APT38. This group, recognized under various aliases such as Bluenoroff and Stardust Chollima, has been involved in extensive cyber operati

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the ECCENTRICBANDWAGON Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
MITRE	a year ago	FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks \| CISA