As many of you who read this blog will know i have a fondness for researching RATS. In this post im going to stay on the same topic but im going to change the perspective. To date i have concentrated on understanding how the ‘Server’ was holding the configs and how to extract them.
Now im going to look at the data that is extracted by theses tools.
DarkComet, a free ‘semi publicly’ available RAT. The client and the server for Dark Comet are well understood at this point and there are hundreds of blog posts by researchers far better then myself so im not going to dwell too much on these points except to say its easy to get hold of, its easy to use and its fairly powerful if it gets installed on your system.
If your unfortunate enough to become infected and even worse your infected ...Read More