Cobian RAT
Cobian RAT is a backdoor, remote access tool that has been observed since 2016.[1]
ID: S0338
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.1
Created: 29 January 2019
Last Modified: 30 March 2020
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1547 | .001 | 启动或登录自动启动执行: Registry Run Keys / Startup Folder |
Cobian RAT creates an autostart Registry key to ensure persistence.[1] |
| Enterprise | T1059 | .003 | 命令与脚本解释器: Windows Command Shell |
Cobian RAT can launch a remote command shell interface for executing commands.[1] |
| Enterprise | T1113 | 屏幕捕获 |
Cobian RAT has a feature to perform screen capture.[1] |
|
| Enterprise | T1071 | .004 | 应用层协议: DNS |
Cobian RAT uses DNS for C2.[1] |
| Enterprise | T1132 | .001 | 数据编码: Standard Encoding |
Cobian RAT obfuscates communications with the C2 server using Base64 encoding.[1] |
| Enterprise | T1125 | 视频捕获 |
Cobian RAT has a feature to access the webcam on the victim’s machine.[1] |
|
| Enterprise | T1056 | .001 | 输入捕获: Keylogging |
Cobian RAT has a feature to perform keylogging on the victim’s machine.[1] |
| Enterprise | T1123 | 音频捕获 |
Cobian RAT has a feature to perform voice recording on the victim’s machine.[1] |
|