Cobian RAT

Cobian RAT is a backdoor, remote access tool that has been observed since 2016.[1]

ID: S0338
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1123Audio CaptureCobian RAT has a feature to perform voice recording on the victim’s machine.[1]
EnterpriseT1059Command-Line InterfaceCobian RAT can launch a remote command shell interface for executing commands.[1]
EnterpriseT1001Data ObfuscationCobian RAT obfuscates communications with the C2 server using Base64 encoding.[1]
EnterpriseT1056Input CaptureCobian RAT has a feature to perform keylogging on the victim’s machine.[1]
EnterpriseT1060Registry Run Keys / Startup FolderCobian RAT creates an autostart Registry key to ensure persistence.[1]
EnterpriseT1113Screen CaptureCobian RAT has a feature to perform screen capture.[1]
EnterpriseT1071Standard Application Layer ProtocolCobian RAT uses DNS for C2.[1]
EnterpriseT1125Video CaptureCobian RAT has a feature to access the webcam on the victim’s machine.[1]

References