S0234Windows

S0234Bandook

Platforms
1
ATT&CK
14.1
References
4

Description

[Bandook](https://attack.mitre.org/software/S0234) is a commercially available RAT, written in Delphi and C++, that has been available since at least 2007. It has been used against government, financial, energy, healthcare, education, IT, and legal organizations in the US, South America, Europe, and Southeast Asia. [Bandook](https://attack.mitre.org/software/S0234) has been used by [Dark Caracal](https://attack.mitre.org/groups/G0070), as well as in a separate campaign referred to as "Operation Manul".(Citation: EFF Manul Aug 2016)(Citation: Lookout Dark Caracal Jan 2018)(Citation: CheckPoint Bandook Nov 2020)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupDark Caracalg0070100%live

References

  1. https://attack.mitre.org/software/S0234
  2. https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
  3. https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf
  4. https://research.checkpoint.com/2020/bandook-signed-delivered/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
Bandook RAT
Software
ROKRAT
Software
Bankshot
Software
Carbanak
Software
4H RAT
Software
Bisonal
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.