JPCERT/CC analyzes BLINDINGCAN, a Lazarus/Hidden Cobra malware family loaded through a DLL after network intrusion. The malware stores encrypted configuration in the sample, a nearby file, or a registry value under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion, using XOR, AES, or RC4 with keys tied either to fixed values or host environment data. Its C2 protocol sends RC4-encrypted and Base64-encoded HTTP POST parameters chosen from common web field names, then receives XOR/RC4/Base64-encoded command data. BLINDINGCAN supports file and process operations, upload and download, service and disk enumeration, and arbitrary shell command execution, giving operators broad post-compromise control.