Brave Prince - S0252 (28b97733-ef07-4414-aaa5-df50b2d30cc5)

Brave Prince is a Korean-language implant that was first observed in the wild in December 2017. It contains similar code and behavior to Gold Dragon, and was seen along with Gold Dragon and RunningRAT in operations surrounding the 2018 Pyeongchang Winter Olympics. (Citation: McAfee Gold Dragon)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Brave Prince - S0252 (28b97733-ef07-4414-aaa5-df50b2d30cc5)	Malware	1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Brave Prince - S0252 (28b97733-ef07-4414-aaa5-df50b2d30cc5)	Malware	1
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	Brave Prince - S0252 (28b97733-ef07-4414-aaa5-df50b2d30cc5)	Malware	1
Brave Prince - S0252 (28b97733-ef07-4414-aaa5-df50b2d30cc5)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	1
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Brave Prince - S0252 (28b97733-ef07-4414-aaa5-df50b2d30cc5)	Malware	1
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Brave Prince - S0252 (28b97733-ef07-4414-aaa5-df50b2d30cc5)	Malware	1
Brave Prince - S0252 (28b97733-ef07-4414-aaa5-df50b2d30cc5)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	1
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2