Looking at the Sky for a DarkComet

Executive Summary

First created in 2008, DarkComet is an efficient, function-rich remote access tool (RAT) that has been leveraged against various targets. DarkComet’s author immediately stopped offering the tool after its use against Syrian dissidents in 2012 by supporters of Syrian President Assad’s regime, and even the latest version of the tool, a 5.4.1 Legacy that doesn’t include a server builder, was discontinued. Regardless of the fact that the tool is not being actively developed, the remarkable aspect of DarkComet is the amount of features that it offers via its “Fun Manager” control panel. The tool provides complete control over a victimized computer, which is why we believe that it remains a popular choice among a diverse hostile actor set that includes script kiddies, cyber criminals, and cyber espionage groups. As a result, we expect to see continued use of DarkComet against targets for the foreseeable future.

Related on Threat Geek:

Download Full Threat Advisory

Looking at the Sky for DarkComet