Decoding DarkComet’s (RAT) Shadow
- Table of contents
The author
I love to get stuck in and let the creative juices flow. My strengths lie in idea generation, development and execution. Over 5 years experience in B2B cybersecurity. I reign supreme when my imagination and creativity can run wild.
Table of contents
Related Articles
Threat Intelligence
Decoding DarkComet’s (RAT) Shadow
Jun 12, 2025
Introduction
DarkComet is a notorious Remote Access Trojan (RAT) malware employed in targeted attacks. It enables attackers to gain remote control over a victim’s computer, extract sensitive data, and conduct various malicious activities, including installing additional harmful software and creating botnets for spam distribution. The malware spreads through various deceptive methods such as disguising itself as harmless programs, distributing through software vulnerabilities, or bundling with free online software. DarkComet’s dangerous capabilities encompass disabling critical system functions, logging keystrokes, accessing webcams and microphones, and executing other harmful actions. It gained notoriety for its use in targeted attacks during the Syrian civil war in 2011.
Delivery Methods
DarkComet malware is distributed through various deceptive methods, such as spreading it to multiple computers, disguising it as harmless programs in emails, and packaging it with free online software. Additionally, it exploits software vulnerabilities to infect systems without user knowledge silently. Once installed, DarkComet operates covertly, gathering information about the system, connected users, and network activities. It aims to steal stored credentials and personal data, which it can transmit to the attacker’s specified destination.
Impact
DarkComet malware can have severe implications for organizations, including data theft through a silent collection of sensitive information, potential disruptions to critical processes due to disabling system functions and logging keystrokes, as well as the installation of additional harmful software. Moreover, it is commonly involved in targeted attacks, making it one of the most infamous Remote Access Trojans (RATs) used in cyber warfare. These factors combined can lead to data breaches, financial losses, downtime, productivity setbacks, reputational damage, and a higher risk of falling victim to sophisticated attacks.
TTPs
| Tactic | Technique | Description |
|---|---|---|
| Defense Evasion | T1036.005 | Match Legitimate Name or Location |
| Privilege Escalation | T1547.001 | Registry Run Keys / Startup Folder |
| Persistence | T1547.001 | Registry Run Keys / Startup Folder |
| Lateral Movement | T1021.001 | Remote Desktop Protocol |
| Defense Evasion | T1562.004 | Disable or Modify System Firewall |
| Execution | T1059.003 | Windows Command Shell |
| Discovery | T1057 | Process Discovery |
| Command and Control | T1105 | Ingress Tool Transfer |
| Discovery | T1082 | System Information Discovery |
| Collection | T1125 | Video Capture |
| Collection | T1115 | Clipboard Data |
| Execution | T1059 | Command and Scripting Interpreter |
A Sample of 100 IOCs
| Type | Value | Created Date |
|---|---|---|
| Domain | puffin1488.no-ip.biz | 2025-06-10 |
| Domain | teste0001.ddns.net | 2025-06-09 |
| Domain | illuminativiphf.no-ip.org | 2025-06-08 |
| Domain | afamagwazia2015.chickenkiller.com | 2025-06-08 |
| Domain | trtrtr.no-ip.info | 2025-06-08 |
| Domain | burak34.no-ip.biz | 2025-06-08 |
| Domain | picard361.servgame.com | 2025-06-08 |
| Domain | emocore.no-ip.info | 2025-06-08 |
| Domain | artanis7891.no-ip.biz | 2025-06-08 |
| Domain | bawar.no-ip.biz | 2025-06-08 |
| Domain | afamagwazia.chickenkiller.com | 2025-06-08 |
| Domain | airforce.dyndns.biz | 2025-06-08 |
| Domain | unknoxxwn.zapto.org | 2025-06-08 |
| Domain | putins.no-ip.biz | 2025-06-08 |
| Domain | bananalemon.no-ip.biz | 2025-06-08 |
| Domain | lolzmdsf.no-ip.biz | 2025-06-08 |
| Domain | romain.zapto.org | 2025-06-08 |
| Domain | dwightcastle.no-ip.org | 2025-06-08 |
| Domain | loveblue.zapto.org | 2025-06-08 |
| Domain | bytedafuser.no-ip.biz | 2025-06-08 |
| Domain | noft.no-ip.org | 2025-06-08 |
| Domain | black-id.no-ip.org | 2025-06-08 |
| Domain | darkcomet3.no-ip.biz | 2025-06-08 |
| Domain | ayhanyankc.noip.me | 2025-06-08 |
| Domain | gtechhacks.no-ip.org | 2025-06-08 |
| Domain | rat13.zapto.org | 2025-06-07 |
| Domain | fethifethi.zapto.org | 2025-06-07 |
| URL | https://raw.githubusercontent.com/monkey958/dfsads adadaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/main/adaszas.exe | 2025-06-05 |
| Domain | haneyr2.noip.me | 2025-06-05 |
| Domain | shilex.dyndns.org | 2025-06-01 |
| Domain | chahid123.no-ip.biz | 2025-06-01 |
| Domain | fingermybum.no-ip.org | 2025-05-31 |
| Domain | rawrhg.no-ip.org | 2025-05-31 |
| Domain | shefketbrq.no-ip.info | 2025-05-31 |
| Domain | t3am.no-ip.org | 2025-05-31 |
| Domain | reverse12.no-ip.biz | 2025-05-31 |
| Domain | w1dlovesboobs.zapto.org | 2025-05-31 |
| Domain | remotesystem.no-ip.org | 2025-05-31 |
| Domain | xzitkavani.duckdns.org | 2025-05-31 |
| Domain | megatrone6.no-ip.org | 2025-05-31 |
| Domain | fud4life.redirectme.net | 2025-05-31 |
| Domain | comethostraulian.no-ip.org | 2025-05-31 |
| Domain | henicssist.no-ip.biz | 2025-05-31 |
| Domain | cometserv.no-ip.biz | 2025-05-31 |
| Domain | darkjabber.no-ip.biz | 2025-05-31 |
| Domain | adampie2.no-ip.org | 2025-05-31 |
| Domain | sunnysmith2010s.ddns.net | 2025-05-31 |
| Domain | niclas-hackt.zapto.org | 2025-05-31 |
| Domain | martinboss.ddns.net | 2025-05-31 |
| Domain | the-x.no-ip.org | 2025-05-31 |
| Domain | skfantomazzz00.ddns.net | 2025-05-31 |
| Domain | kashif.no-ip.org | 2025-05-31 |
| Domain | wrongip.no-ip.biz | 2025-05-31 |
| Domain | somethingdarkside.no-ip.biz | 2025-05-31 |
| Domain | rspsplaynow.no-ip.org | 2025-05-31 |
| Domain | networkinterface.redirectme.net | 2025-05-31 |
| Domain | sameg2.no-ip.biz | 2025-05-31 |
| Domain | retributionxyz.no-ip.org | 2025-05-31 |
| Domain | sapuer.no-ip.org | 2025-05-31 |
| Domain | darkavantv.no-ip.org | 2025-05-31 |
| Domain | hopeless-ip.zapto.org | 2025-05-31 |
| Domain | nothingimportant.no-ip.biz | 2025-05-31 |
| Domain | logic32.no-ip.org | 2025-05-31 |
| Domain | itzacock.ddns.net | 2025-05-31 |
| Domain | winserver25.redirectme.net | 2025-05-31 |
| Domain | 1337sauce.zapto.org | 2025-05-31 |
| Domain | dsptiger.zapto.org | 2025-05-31 |
| Domain | panadora78.no-ip.biz | 2025-05-31 |
| Domain | godnet-host.zapto.org | 2025-05-31 |
| Domain | rottamato.no-ip.info | 2025-05-31 |
| Domain | biopla007.no-ip.biz | 2025-05-31 |
| Domain | epicmealtime.no-ip.org | 2025-05-31 |
| Domain | flooderx220.no-ip.info | 2025-05-31 |
| Domain | irdazza.no-ip.org | 2025-05-31 |
| Domain | haxorhack.no-ip.biz | 2025-05-31 |
| Domain | ggdropnet.ddns.net | 2025-05-23 |
| Domain | zbtgzbt.duckdns.org | 2025-05-20 |
| Domain | manson19.zapto.org | 2025-05-13 |
| Domain | zoraffi.no-ip.org | 2025-05-13 |
| Domain | mydarkrat.no-ip.org | 2025-05-13 |
| Domain | thedeathtoyouall.no-ip.org | 2025-05-13 |
| Domain | hackingftw.no-ip.org | 2025-05-13 |
| Domain | cihatx2.no-ip.biz | 2025-05-13 |
| Domain | dog29.no-ip.org | 2025-05-13 |
| Domain | icetea.sytes.net | 2025-05-13 |
| Domain | skiracer.no-ip.org | 2025-05-13 |
| Domain | canony.no-ip.biz | 2025-05-13 |
| Domain | abualaa-2.zapto.org | 2025-05-13 |
| Domain | dekah.no-ip.biz | 2025-05-13 |
| Domain | mrtriplesam.no-ip.org | 2025-05-13 |
| Domain | roonscape.zapto.org | 2025-05-13 |
| Domain | rat12345.no-ip.org | 2025-05-13 |
| Domain | lamer.no-ip.org | 2025-05-13 |
| Domain | damacana.no-ip.biz | 2025-05-13 |
| Domain | merkuzerk.no-ip.org | 2025-05-13 |
| Domain | florianhacker.zapto.org | 2025-05-13 |
| Domain | brandoon.no-ip.biz | 2025-05-13 |
| Domain | myvista.mine.nu | 2025-05-13 |
| Domain | poubelle707.no-ip.org | 2025-05-13 |
| Domain | host9.no-ip.biz | 2025-05-13 |
| Domain | lanixxx.no-ip.org | 2025-05-13 |
| Domain | pepito.servebeer.com | 2025-05-13 |
| Domain | rexxxi.zapto.org | 2025-05-13 |
| Domain | cantaprova1.no-ip.biz | 2025-05-13 |
| Domain | zabi1.zapto.org | 2025-05-13 |
| Domain | nadico.no-ip.org | 2025-05-13 |
| Domain | thedarky.no-ip.org | 2025-05-13 |
| Domain | goodluck.no-ip.org | 2025-05-13 |
| Domain | dcgen1.no-ip.org | 2025-05-13 |
| Domain | microsoft.servehttp.com | 2025-05-13 |
| Domain | davesteriscool.no-ip.info | 2025-05-13 |
| Domain | ian2.fcuked.me.uk | 2025-05-13 |
| Domain | elmosquito.no-ip.org | 2025-05-13 |
| Domain | hell222.no-ip.biz | 2025-05-13 |
| Domain | bigfoooot.zapto.org | 2025-05-13 |
| Domain | hackerx6.zapto.org | 2025-05-13 |
| Domain | egpt2.no-ip.biz | 2025-05-13 |
| Domain | soso6.no-ip.biz | 2025-05-13 |
| Domain | omon600.no-ip.org | 2025-05-13 |
| Domain | telemaintenance.no-ip.biz | 2025-05-13 |
| Domain | oujda.no-ip.info | 2025-05-13 |
| Domain | abibenisev.dyndns.org | 2025-05-13 |
| Domain | janos.no-ip.info | 2025-05-13 |
| Domain | bs.hsbc.com.al | 2025-05-13 |
| Domain | mailtomedude.no-ip.org | 2025-05-13 |
| Domain | windowsmicro.serveirc.com | 2025-05-13 |
| Domain | jazibaba.no-ip.org | 2025-05-13 |
| Domain | servercontrol.no-ip.org | 2025-05-13 |
| Domain | kindos223.zapto.org | 2025-05-13 |
| Domain | blacksh4de.no-ip.org | 2025-05-13 |
| Domain | cg.boomscape.net | 2025-05-13 |
| Domain | swmoonrt.no-ip.org | 2025-05-13 |
| Domain | mrwan.no-ip.org | 2025-05-13 |
| Domain | dodolover.dyndns.biz | 2025-05-13 |
| Domain | 911ivana.zapto.org | 2025-05-13 |
| Domain | d4rk.no-ip.org | 2025-05-13 |
| Domain | bnhlogs.no-ip.biz | 2025-05-13 |
