SOFTWARE
Arp
at
cmd
Dok
FTP
Net
Orz
Reg
RTM
Tor
yty
SOFTWARE
1-9
A-B
Arp
at
C-D
cmd
Dok
E-F
FTP
G-H
I-J
K-L
M-N
Net
O-P
Orz
Q-R
Reg
RTM
S-T
Tor
U-V
W-X
Y-Z
yty
  1. Home
  2. Software
  3. HARDRAIN

HARDRAIN

HARDRAIN is a Trojan malware variant reportedly used by the North Korean government. [1]

ID: S0246
Type: MALWARE
Platforms: Windows
Version: 1.0
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1059 Command-Line Interface

HARDRAIN uses cmd.exe to execute netshcommands.[1]
Enterprise T1043 Commonly Used Port

HARDRAIN binds and listens on port 443.[1]
Enterprise T1090 Connection Proxy

HARDRAIN uses the command cmd.exe /c netsh firewall add portopening TCP 443 "adp" and makes the victim machine function as a proxy server.[1]
Enterprise T1024 Custom Cryptographic Protocol

HARDRAIN uses FakeTLS to communicate with its C2 server.[1]
Enterprise T1089 Disabling Security Tools

HARDRAIN opens the Windows Firewall to modify incoming connections.[1]

Groups That Use This Software

ID Name References
G0032 Lazarus Group [1]

References

  1. US-CERT. (2018, February 05). Malware Analysis Report (MAR) - 10135536-F. Retrieved June 11, 2018.