HeartBeat
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 19 |
| First Seen: | January 9, 2013 |
| Last Seen: | February 28, 2022 |
| OS(es) Affected: | Windows |
HeartBeat is a malware infection currently classified by many PC security researchers as an Advanced Persistent Threat (APT). This dangerous Trojan infection has been used in targeted attacks against the government of South Korea as well as other institutions associated with the South Korean government. ESG security researchers have observed attacks involving HeartBeat since 2009 and suspect that this malware infection may have been active since even earlier. The main targets of HeartBeat include the following:
- South Korean political parties.
- Branches of the South Korean government.
- The South Korean military.
- South Korean media agencies.
- A business that is a known supplier of the South Korean government.
- An institute that researches South Korea's national policy.
The main tool used in this dangerous malware attack is a remote access Trojan, also known as a Remote Administration Tool (RAT). These are programs designed to control or gain admittance to a computer from an outside location. ESG security researchers have observed attacks involving the aforementioned RAT since 2009, with a particularly widespread attack since 2011. The HeartBeat RAT is distributed through malicious documents that are opened by victims of a social engineering attack. These documents tend to be included as email attachments and will often have two components; an actual document containing the advertised content (in order to dispel any suspicions) and the actual malicious component. Although this malicious document may be distributed through a number of channels, phishing email messages directed towards the targeted institutions are the most likely culprit.
The HeartBeat RAT uses a malicious DLL file that allows this malware's code to be injected into the infected computer's own file processes. When this element is accessed, the HeartBeat RAT connects to a remote server in order to receive commands and relay information on the infected computer. The HeartBeat RAT can be used to carry out the following tasks:
- Detecting all running processes on the infected computer.
- Receiving and installing updates.
- Deleting or uploading files on the infected computer.
- Allowing a third party to control the infected computer from a remote location.
One aspect of HeartBeat that makes the HeartBeat RAT unique is the fact that infected computers are then used as command and control hosts to subsequent infections, making it considerably more difficult than normal to detect the source of the HeartBeat attack.
URLs
HeartBeat may call the following URLs:
| how-to-drink.com |
