Brave Prince - S0252 (28b97733-ef07-4414-aaa5-df50b2d30cc5)

Brave Prince is a Korean-language implant that was first observed in the wild in December 2017. It contains similar code and behavior to Gold Dragon, and was seen along with Gold Dragon and RunningRAT in operations surrounding the 2018 Pyeongchang Winter Olympics. (Citation: McAfee Gold Dragon)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Brave Prince - S0252 (28b97733-ef07-4414-aaa5-df50b2d30cc5)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	1
Brave Prince - S0252 (28b97733-ef07-4414-aaa5-df50b2d30cc5)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	1
Brave Prince - S0252 (28b97733-ef07-4414-aaa5-df50b2d30cc5)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	1
Brave Prince - S0252 (28b97733-ef07-4414-aaa5-df50b2d30cc5)	Malware	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	1
Brave Prince - S0252 (28b97733-ef07-4414-aaa5-df50b2d30cc5)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	1
Brave Prince - S0252 (28b97733-ef07-4414-aaa5-df50b2d30cc5)	Malware	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	1
Brave Prince - S0252 (28b97733-ef07-4414-aaa5-df50b2d30cc5)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	1
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	2