Brave Prince

Brave Prince is a Korean-language trojan first observed in mid-December 2017 that gathers detailed logs about the victim's system configuration, contents of the hard drive, registry, scheduled tasks, running processes, and more. One of the trojan's variants gathers information from the system and saves it to the file PI_00.dat. The file is then sent as an attachment to the threat actor's email address. Subsequent variants upload the file to a web server via an HTTP post command. The trojan gathers data on the system's directories and files, network configuration, address resolution protocol cache, and systemconfig.

Technical Details

  • McAfee provides a technical analysis of Brave Prince here.