BLINDINGCAN
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[BLINDINGCAN](https://attack.mitre.org/software/S0520) is a remote access Trojan that has been used by the North Korean government since at least early 2020 in cyber operations against defense, engineering, and government organizations in Western Europe and the US.(Citation: US-CERT BLINDINGCAN Aug 2020)(Citation: NHS UK BLINDINGCAN Aug 2020)
Associated Techniques (22)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1005 | Data from Local System | - |
| T1016 | System Network Configuration Discovery | - |
| T1027.002 | Software Packing | - |
| T1027.013 | Encrypted/Encoded File | - |
| T1036.005 | Match Legitimate Resource Name or Location | - |
| T1041 | Exfiltration Over C2 Channel | - |
| T1059.003 | Windows Command Shell | - |
| T1070.004 | File Deletion | - |
| T1070.006 | Timestomp | - |
| T1071.001 | Web Protocols | - |
| T1082 | System Information Discovery | - |
| T1083 | File and Directory Discovery | - |
| T1105 | Ingress Tool Transfer | - |
| T1129 | Shared Modules | - |
| T1132.001 | Standard Encoding | - |
Used by Actors (1)
Metadata
| ID: | 6 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 04:00 |