Use of remote access tools (RATs) is a tried and true cyber espionage tool favored by a diverse group of threat actors. They have been used to enable many of the recent, high profile breaches including OPM, Premera, and Anthem. While some threat actors have moved on to utilize newer or custom-made RATs when that’s what it takes to break through the front door, DarkComet continues to be effective against a wide range of targets. Created in 2008 as a Delphi-coded RAT and discontinued by its developer, DarkComet is still active and continues to be observed in the wild. Considered to be the Swiss army knife of RATs, it is popular because it is easy to use, it works and it is reliable.
DarkComet has a rich toolset of features. It offers several capabilities to engage in surreptitious surveillance activity. It contains a password-stealing keylogger, video and audio record capability that has been known to obtain critical IT information such as: language and country details, operating system identification, computer/user name, administrator rights, RAM used, and webcam data. DarkComet is also user-friendly with an easily navigable graphical user interface and “Fun Manager” control panel that offers a plethora of capabilities.