ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool LightlessCan

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: LightlessCan

NamesLightlessCan
CategoryMalware
TypeBackdoor
Description(ESET) The most interesting payload used in this campaign is LightlessCan, a successor of the group’s flagship HTTP(S) Lazarus RAT named BLINDINGCAN. LightlessCan is a new complex RAT that has support for up to 68 distinct commands, indexed in a custom function table, but in the current version, 1.0, only 43 of those commands are implemented with some functionality. The remaining commands are present but have a formal implementation in the form of placeholders, lacking actual functionality. The project behind the RAT is definitely based on the BlindingCan source code, as the order of the shared commands is preserved significantly, even though there may be differences in their indexing.
Information<https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.lightlesscan>

Last change to this tool card: 17 January 2024

Download this tool card in JSON format

All groups using tool LightlessCan

ChangedNameCountryObserved

APT groups

XLazarus Group, Hidden Cobra, Labyrinth ChollimaNorth Korea2007-Sep 2024 HOTX

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]