Bandook (5c0f8c35-88ff-40a1-977a-af5ce534e932)
Bandook is a commercially available RAT, written in Delphi and C++, that has been available since at least 2007. It has been used against government, financial, energy, healthcare, education, IT, and legal organizations in the US, South America, Europe, and Southeast Asia. Bandook has been used by Dark Caracal, as well as in a separate campaign referred to as "Operation Manul".[EFF Manul Aug 2016][Lookout Dark Caracal Jan 2018][CheckPoint Bandook Nov 2020]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Dark Caracal (7ad94dbf-9909-42dd-8b62-a435481bdb14) | Tidal Groups | Bandook (5c0f8c35-88ff-40a1-977a-af5ce534e932) | Tidal Software | 1 |