North Korean Trojan Activity – BANKSHOT, HARDRAIN and BADCALL
Three new trojans known as BANKSHOT, HARDRAIN and BADCALL have been identified as being created and operated by the advanced North Korean threat group known as HIDDEN COBRA.
BANKSHOT consists of several proxy application tools intended to disguise command and control (C2) communications. Also included are two remote access trojan (RAT) tools designed to install the proxy applications.
HARDRAIN is two 32-bit Windows executables that function as proxy servers to mask the C2 communications of the third file, an Executable Linkable Format file designed as an Android-based RAT.
BADCALL appears similar to HARDRAIN except it uses an Android Package Kit file to store and execute the RAT.
Affected Platforms :
Microsoft Windows – All versions
Google Android – All versions
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.