ECCENTRICBANDWAGON is a remote access Trojan (RAT) used by North Korean cyber actors that was first identified in August 2020. It is a reconnaissance tool--with keylogging and screen capture functionality--used for information gathering on compromised systems.[1]
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
ECCENTRICBANDWAGON can use cmd to execute commands on a victim’s machine.[1] |
Enterprise | T1074 | .001 | Data Staged: Local Data Staging |
ECCENTRICBANDWAGON has stored keystrokes and screenshots within the |
Enterprise | T1070 | .004 | Indicator Removal: File Deletion |
ECCENTRICBANDWAGON can delete log files generated from the malware stored at |
Enterprise | T1056 | .001 | Input Capture: Keylogging |
ECCENTRICBANDWAGON can capture and store keystrokes.[1] |
Enterprise | T1027 | Obfuscated Files or Information |
ECCENTRICBANDWAGON has encrypted strings with RC4.[1] |
|
Enterprise | T1113 | Screen Capture |
ECCENTRICBANDWAGON can capture screenshots and store them locally.[1] |