![]() ĭarkComet can open an active screen of the victim’s machine and take control of the mouse and keyboard. ĭarkComet can list active processes running on the victim’s machine. Obfuscated Files or Information: Software PackingĭarkComet has the option to compress its payload using UPX or MPRESS. ĭarkComet adds a Registry value for its installation routine to the Registry Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System Enable LUA="0" and HKEY_CURRENT_USER\Software\DC3_FEXEC. Masquerading: Match Legitimate Name or LocationĭarkComet has dropped itself onto victim machines with file names such as WinDefender.Exe and winupdate.exe in an apparent attempt to masquerade as a legitimate file. ĭarkComet can load any files onto the infected machine to execute. Impair Defenses: Disable or Modify System FirewallĭarkComet can disable Security Center functions like the Windows Firewall. ĭarkComet can disable Security Center functions like anti-virus. ĭarkComet can launch a remote shell to execute commands on the victim’s machine. ![]() ĭarkComet can execute various types of scripts on the victim’s machine. ![]() ĭarkComet can steal data from the clipboard. īoot or Logon Autostart Execution: Registry Run Keys / Startup FolderĭarkComet adds several Registry entries to enable automatic execution at every system startup. ĭarkComet can listen in to victims' conversations through the system’s microphone. Enterprise Layer download view Techniques Used DomainĪpplication Layer Protocol: Web ProtocolsĭarkComet can use HTTP for C2 communications.
0 Comments
Leave a Reply. |