Bandook
MITRE
Tipo Malware:
Other
Other
Prima attivita:
Unknown
Unknown
Ultima attivita:
Unknown
Unknown
Dettagli:
[Bandook](https://attack.mitre.org/software/S0234) is a commercially available RAT, written in Delphi and C++, that has been available since at least 2007. It has been used against government, financial, energy, healthcare, education, IT, and legal organizations in the US, South America, Europe, and Southeast Asia. [Bandook](https://attack.mitre.org/software/S0234) has been used by [Dark Caracal](https://attack.mitre.org/groups/G0070), as well as in a separate campaign referred to as "Operation Manul".(Citation: EFF Manul Aug 2016)(Citation: Lookout Dark Caracal Jan 2018)(Citation: CheckPoint Bandook Nov 2020)
Tecniche Associate (26)
| ID | ATT&CK | Tattiche |
|---|---|---|
| T1005 | Data from Local System | - |
| T1016 | System Network Configuration Discovery | - |
| T1027.003 | Steganography | - |
| T1041 | Exfiltration Over C2 Channel | - |
| T1055.012 | Process Hollowing | - |
| T1056.001 | Keylogging | - |
| T1059 | Command and Scripting Interpreter | - |
| T1059.001 | PowerShell | - |
| T1059.003 | Windows Command Shell | - |
| T1059.005 | Visual Basic | - |
| T1059.006 | Python | - |
| T1070.004 | File Deletion | - |
| T1083 | File and Directory Discovery | - |
| T1095 | Non-Application Layer Protocol | - |
| T1105 | Ingress Tool Transfer | - |
Usato da Attori (1)
Metadata
| ID: | 371 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |