HARDRAIN

HARDRAIN is a Trojan malware variant reportedly used by the North Korean government. [1]

ID: S0246
Aliases: HARDRAIN
Type: MALWARE
Platforms: Windows

Version: 1.0

Alias Descriptions

NameDescription
HARDRAIN[1]

Techniques Used

DomainIDNameUse
EnterpriseT1059Command-Line InterfaceHARDRAIN uses cmd.exe to execute netshcommands.[1]
EnterpriseT1043Commonly Used PortHARDRAIN binds and listens on port 443.[1]
EnterpriseT1090Connection ProxyHARDRAIN uses the command cmd.exe /c netsh firewall add portopening TCP 443 "adp" and makes the victim machine function as a proxy server.[1]
EnterpriseT1024Custom Cryptographic ProtocolHARDRAIN uses FakeTLS to communicate with its C2 server.[1]
EnterpriseT1089Disabling Security ToolsHARDRAIN opens the Windows Firewall to modify incoming connections.[1]

Groups

Groups that use this software:

Lazarus Group

References