In this work we study the use of DarkComet, a popular commercial RAT. We collected 19,109 samples of DarkComet malware found in the wild, and in the course of two, several week-long experiments, ran as many samples as possible in our honeypot environment. By monitoring a sample’s behavior in our system, we are able to reconstruct the sequence of operator actions, giving us a unique view into operator behavior. We report on the results of 2,747 interactive sessions captured in the course of the experiment. During these sessions operators frequently attempted to interact with victims via remote desktop, to capture video, audio, and keystrokes, and to exfiltrate files and credentials. To our knowledge, we are the first large-scale systematic study of RAT use.
link: https://people.eecs.
Mohammad Rezaeirad is a Ph.D. student with interests in Cyber-Physical System security, measurement studies and cryptography. Mohammad works under supervision of Dr. Damon McCoy. Prior to join George Mason, he obtained his master’s degree in Computer Science from University of Louisiana and a BS in Security Technologies, from the Multimedia university.