Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

Bandook

Bandook is a commercially available RAT, written in Delphi, which has been available since roughly 2007 [1] [2].

ID: S0234
Aliases: Bandook
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1123Audio CaptureBandook has modules that are capable of capturing audio.[1]
EnterpriseT1059Command-Line InterfaceBandook is capable of spawning a Windows command shell.[1]
EnterpriseT1056Input CaptureBandook contains keylogging capabilities[3]
EnterpriseT1093Process HollowingBandook has been launched by starting iexplore.exe and replacing it with Bandook's payload.[2][1]
EnterpriseT1113Screen CaptureBandook is capable of taking an image of and uploading the current desktop.[2]
EnterpriseT1125Video CaptureBandook has modules that are capable of capturing from a victim's webcam.[1]

Groups

Groups that use this software:

Dark Caracal

References