Register to stream ATT&CKcon 2.0 October 29-30

Cobian RAT

Cobian RAT is a backdoor, remote access tool that has been observed since 2016.[1]

ID: S0338
Type: MALWARE
Platforms: Windows
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1123 Audio Capture Cobian RAT has a feature to perform voice recording on the victim’s machine. [1]
Enterprise T1059 Command-Line Interface Cobian RAT can launch a remote command shell interface for executing commands. [1]
Enterprise T1001 Data Obfuscation Cobian RAT obfuscates communications with the C2 server using Base64 encoding. [1]
Enterprise T1056 Input Capture Cobian RAT has a feature to perform keylogging on the victim’s machine. [1]
Enterprise T1060 Registry Run Keys / Startup Folder Cobian RAT creates an autostart Registry key to ensure persistence. [1]
Enterprise T1113 Screen Capture Cobian RAT has a feature to perform screen capture. [1]
Enterprise T1071 Standard Application Layer Protocol Cobian RAT uses DNS for C2. [1]
Enterprise T1125 Video Capture Cobian RAT has a feature to access the webcam on the victim’s machine. [1]

References