# BLINDINGCAN > Tipo: **malware** · S0520 · [MITRE ATT&CK](https://attack.mitre.org/software/S0520) ## Descrição [[s0520-blindingcan|BLINDINGCAN]] é um Trojan de acesso remoto utilizado pelo governo norte-coreano desde pelo menos o início de 2020 em operações cibernéticas contra organizações de defesa, engenharia e governo na Europa Ocidental e nos EUA. **Plataformas:** Windows ## Técnicas Utilizadas - [[t1082-system-information-discovery|T1082 - System Information Discovery]] - [[t1059-003-windows-command-shell|T1059.003 - Windows Command Shell]] - [[t1071-001-web-protocols|T1071.001 - Web Protocols]] - [[t1105-ingress-tool-transfer|T1105 - Ingress Tool Transfer]] - [[t1005-data-from-local-system|T1005 - Data from Local System]] - [[t1036-005-match-legitimate-resource-name-or-location|T1036.005 - Match Legitimaté Resource Name or Location]] - [[t1132-001-standard-encoding|T1132.001 - Standard Encoding]] - [[t1027-013-encryptedencoded-file|T1027.013 - Encrypted/Encoded File]] - [[t1553-002-code-signing|T1553.002 - Code Signing]] - [[t1070-004-file-deletion|T1070.004 - File Deletion]] - [[t1027-002-software-packing|T1027.002 - Software Packing]] - [[t1041-exfiltration-over-c2-channel|T1041 - Exfiltration Over C2 Channel]] - [[t1016-system-network-configuration-discovery|T1016 - System Network Configuration Discovery]] - [[t1070-006-timestomp|T1070.006 - Timestomp]] - [[t1129-shared-modules|T1129 - Shared Modules]] ## Grupos que Usam - [[g0032-lazarus-group|Lazarus Group]] ## Referências - [MITRE ATT&CK - S0520](https://attack.mitre.org/software/S0520)