Bandook

Bandook is a commercially available RAT, written in Delphi, which has been available since roughly 2007 [1] [2].

ID: S0234
Type: MALWARE
Platforms: Windows
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1123 Audio Capture Bandook has modules that are capable of capturing audio.[1]
Enterprise T1059 Command-Line Interface Bandook is capable of spawning a Windows command shell.[1]
Enterprise T1056 Input Capture Bandook contains keylogging capabilities[3]
Enterprise T1093 Process Hollowing Bandook has been launched by starting iexplore.exe and replacing it with Bandook's payload.[2][1]
Enterprise T1113 Screen Capture Bandook is capable of taking an image of and uploading the current desktop.[2]
Enterprise T1125 Video Capture Bandook has modules that are capable of capturing from a victim's webcam.[1]

Groups

Groups that use this software:

Dark Caracal

References