cti-ATT-CK-v13.1/enterprise-attack/malware/malware--01dbc71d-0ee8-420d-abb4-3dfb6a4bf725.json

{
    "type": "bundle",
    "id": "bundle--fef426e1-3c0a-4f21-99a1-e3b145c42826",
    "spec_version": "2.0",
    "objects": [
        {
            "labels": [
                "malware"
            ],
            "x_mitre_platforms": [
                "Windows"
            ],
            "x_mitre_domains": [
                "enterprise-attack"
            ],
            "x_mitre_contributors": [
                "Daniyal Naeem, BT Security"
            ],
            "x_mitre_aliases": [
                "BLINDINGCAN"
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "id": "malware--01dbc71d-0ee8-420d-abb4-3dfb6a4bf725",
            "type": "malware",
            "created": "2020-10-27T18:45:58.576Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "external_references": [
                {
                    "external_id": "S0520",
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/software/S0520"
                },
                {
                    "source_name": "US-CERT BLINDINGCAN Aug 2020",
                    "url": "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-232a",
                    "description": "US-CERT. (2020, August 19). MAR-10295134-1.v1 \u2013 North Korean Remote Access Trojan: BLINDINGCAN. Retrieved August 19, 2020."
                },
                {
                    "source_name": "NHS UK BLINDINGCAN Aug 2020",
                    "url": "https://digital.nhs.uk/cyber-alerts/2020/cc-3603",
                    "description": "NHS Digital . (2020, August 20). BLINDINGCAN Remote Access Trojan. Retrieved August 20, 2020."
                }
            ],
            "modified": "2021-03-17T15:55:56.257Z",
            "name": "BLINDINGCAN",
            "description": "[BLINDINGCAN](https://attack.mitre.org/software/S0520) is a remote access Trojan that has been used by the North Korean government since at least early 2020 in cyber operations against defense, engineering, and government organizations in Western Europe and the US.(Citation: US-CERT BLINDINGCAN Aug 2020)(Citation: NHS UK BLINDINGCAN Aug 2020)",
            "x_mitre_version": "1.0",
            "x_mitre_attack_spec_version": "2.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}