North Korean Trojan Activity – BANKSHOT, HARDRAIN and BADCALL

Three new trojans known as BANKSHOT, HARDRAIN and BADCALL have been identified as being created and operated by the advanced North Korean threat group known as HIDDEN COBRA.

BANKSHOT consists of several proxy application tools intended to disguise command and control (C2) communications. Also included are two remote access trojan (RAT) tools designed to install the proxy applications.

HARDRAIN is two 32-bit Windows executables that function as proxy servers to mask the C2 communications of the third file, an Executable Linkable Format file designed as an Android-based RAT.

BADCALL appears similar to HARDRAIN except it uses an Android Package Kit file to store and execute the RAT.

Affected Platforms :

Microsoft Windows – All versions

Google Android – All versions



Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: