Bandook
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[Bandook](https://attack.mitre.org/software/S0234) is a commercially available RAT, written in Delphi and C++, that has been available since at least 2007. It has been used against government, financial, energy, healthcare, education, IT, and legal organizations in the US, South America, Europe, and Southeast Asia. [Bandook](https://attack.mitre.org/software/S0234) has been used by [Dark Caracal](https://attack.mitre.org/groups/G0070), as well as in a separate campaign referred to as "Operation Manul".(Citation: EFF Manul Aug 2016)(Citation: Lookout Dark Caracal Jan 2018)(Citation: CheckPoint Bandook Nov 2020)
Associated Techniques (26)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1005 | Data from Local System | - |
| T1016 | System Network Configuration Discovery | - |
| T1027.003 | Steganography | - |
| T1041 | Exfiltration Over C2 Channel | - |
| T1055.012 | Process Hollowing | - |
| T1056.001 | Keylogging | - |
| T1059 | Command and Scripting Interpreter | - |
| T1059.001 | PowerShell | - |
| T1059.003 | Windows Command Shell | - |
| T1059.005 | Visual Basic | - |
| T1059.006 | Python | - |
| T1070.004 | File Deletion | - |
| T1083 | File and Directory Discovery | - |
| T1095 | Non-Application Layer Protocol | - |
| T1105 | Ingress Tool Transfer | - |
Used by Actors (1)
Metadata
| ID: | 371 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |