Cobian RAT is a backdoor, remote access tool that has been observed since 2016.[1]
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .004 | Application Layer Protocol:DNS | Cobian RAT uses DNS for C2.[1] |
| Enterprise | T1123 | Audio Capture | Cobian RAT has a feature to perform voice recording on the victim’s machine.[1] | |
| Enterprise | T1547 | .001 | Boot or Logon Autostart Execution:Registry Run Keys / Startup Folder | Cobian RAT creates an autostart Registry key to ensure persistence.[1] |
| Enterprise | T1059 | .003 | Command and Scripting Interpreter:Windows Command Shell | Cobian RAT can launch a remote command shell interface for executing commands.[1] |
| Enterprise | T1132 | .001 | Data Encoding:Standard Encoding | Cobian RAT obfuscates communications with the C2 server using Base64 encoding.[1] |
| Enterprise | T1056 | .001 | Input Capture:Keylogging | Cobian RAT has a feature to perform keylogging on the victim’s machine.[1] |
| Enterprise | T1113 | Screen Capture | Cobian RAT has a feature to perform screen capture.[1] | |
| Enterprise | T1125 | Video Capture | Cobian RAT has a feature to access the webcam on the victim’s machine.[1] | |