{
	"id": "6c3f3ff0-a8cf-4190-930c-5c3eb7508924",
	"created_at": "2026-04-06T00:15:08.939003Z",
	"updated_at": "2026-04-10T03:20:54.784513Z",
	"deleted_at": null,
	"sha1_hash": "aed9d5e231289c4bd140e8d1bae6498929014760",
	"title": "DarkComet: Backdoor.DarkComet",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 345939,
	"plain_text": "DarkComet: Backdoor.DarkComet\r\nArchived: 2026-04-02 11:01:21 UTC\r\nShort bio\r\nBackdoor.DarkComet is a Remote Access Trojan (RAT) application that may run in the background and silently\r\ncollect information about the system, connected users, and network activity.Backdoor.DarkComet may attempt to\r\nsteal stored credentials, usernames and passwords, and other personal and confidential information. This\r\ninformation may be transmitted to a destination specified by the author.Backdoor.DarkComet may also allow an\r\nattacker to install additional software to the infected machine, or may direct the infected machine to participate in\r\na malicious botnet for the purposes of sending spam or other malicious activities.\r\nSymptoms\r\nBackdoor.DarkComet may run silently in the background and may not provide any indication of infection to the\r\nuser. Backdoor.DarkComet may also disable antivirus programs and other Microsoft Windows security features.\r\nType and source of infection\r\nBackdoor.DarkComet may be distributed using various methods. This software may be packaged with free online\r\nsoftware, or could be disguised as a harmless program and distributed by email. Alternatively, this software may\r\nbe installed by websites using software vulnerabilities. Infections that occur in this manner are usually silent and\r\nhappen without user knowledge or consent.\r\nProtection\r\nMalwarebytes protects users from the installation of Backdoor.DarkComet. Malwarebytes detects and removes\r\nBackdoor.DarkComet\r\nHome remediation\r\nMalwarebytes can detect and remove many Backdoor.DarkComet infections without further user interaction.\r\n1. Please download Malwarebytesto your desktop.\r\n2. Double-click MBSetup.exeand follow the prompts to install the program.\r\n3. When your Malwarebytes for Windowsinstallation completes, the program opens to the Welcome to\r\nMalwarebytes screen.\r\n4. Click on the Get started button.\r\n5. Click Scan to start a Threat Scan.\r\n6. Click Quarantineto remove the found threats.\r\nhttps://blog.malwarebytes.com/detections/backdoor-darkcomet/\r\nPage 1 of 3\n\n7. Reboot the system if prompted to complete the removal process.\r\nBusiness remediation\r\nHow to remove Backdoor.DarkComet with the Malwarebytes Nebula console\r\nYou can use the Malwarebytes Anti-Malware Nebula console to scan endpoints.\r\nNebula endpoint tasks menu\r\nChoose the Scan + Quarantine option. Afterwards you can check the Detections pageto see which threats were\r\nfound.\r\nhttps://blog.malwarebytes.com/detections/backdoor-darkcomet/\r\nPage 2 of 3\n\nOn the Quarantine pageyou can see which threats were quarantined and restore them if necessary.\r\nMalwarebytes removal log\r\nA Malwarebytes log of removal will look similar to this: Malwarebyteswww.malwarebytes.com-Log Details-Scan\r\nDate: 3/21/18Scan Time: 10:22 PMLog File: 92c470fc-2d88-11e8-afe9-00ffc8517b86.jsonAdministrator: Yes-Software Information-Version: 3.4.4.2398Components Version: 1.0.322Update Package Version: 1.0.4442License:\r\nPremium-System Information-OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: DE-WIN7\\Fwiplayer-Scan Summary-Scan Type: Threat ScanResult: CompletedObjects Scanned: 298073Threats\r\nDetected: 12Threats Quarantined: 12Time Elapsed: 2 min, 54 sec-Scan Options-Memory: EnabledStartup:\r\nEnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: DetectPUM: Detect-Scan Details-Process: 2Backdoor.Agent.DC,\r\nC:\\USERS\\FWIPLAYER\\DOCUMENTS\\MSDCSC\\MSDCSC.EXE, Quarantined, [1570],\r\n[218418],1.0.4442Trojan.Agent, C:\\USERS\\FWIPLAYER\\MY DOCUMENTS\\MSDCSC\\MSDCSC.EXE,\r\nQuarantined, [17], [218709],1.0.4442Module: 2Backdoor.Agent.DC,\r\nC:\\USERS\\FWIPLAYER\\DOCUMENTS\\MSDCSC\\MSDCSC.EXE, Quarantined, [1570],\r\n[218418],1.0.4442Trojan.Agent, C:\\USERS\\FWIPLAYER\\MY DOCUMENTS\\MSDCSC\\MSDCSC.EXE,\r\nQuarantined, [17], [218709],1.0.4442Registry Key: 1Backdoor.DarkComet.Trace, HKU\\S-1-5-21-2165681608-\r\n3755637219-621560601-1000\\SOFTWARE\\DC3_FEXEC, Delete-on-Reboot, [13190],\r\n[246706],1.0.4442Registry Value: 1Backdoor.Agent.DC, HKU\\S-1-5-21-2165681608-3755637219-621560601-\r\n1000\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN|MicroSystem, Delete-on-Reboot,\r\n[1570], [218418],1.0.4442Registry Data: 2Backdoor.Agent.DC, HKLM\\SOFTWARE\\MICROSOFT\\WINDOWS\r\nNT\\CURRENTVERSION\\WINLOGON|Userinit, Replace-on-Reboot, [1570], [218418],1.0.4442Hijack.UserInit,\r\nHKLM\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON|USERINIT, Replace-on-Reboot, [1402], [291753],1.0.4442Data Stream: 0(No malicious items detected)Folder: 0(No malicious items\r\ndetected)File: 4Backdoor.Agent.DC, C:\\USERS\\FWIPLAYER\\DOCUMENTS\\MSDCSC\\MSDCSC.EXE,\r\nDelete-on-Reboot, [1570], [218418],1.0.4442Trojan.Agent, C:\\USERS\\FWIPLAYER\\MY\r\nDOCUMENTS\\MSDCSC\\MSDCSC.EXE, Delete-on-Reboot, [17], [218709],1.0.4442Backdoor.DarkComet,\r\nC:\\USERS\\FWIPLAYER\\DESKTOP\\2C0F015C0C1E1F8399E9AE975109D3F8.EXE, Delete-on-Reboot, [328],\r\n[500877],1.0.4442Backdoor.DarkComet,\r\nC:\\USERS\\FWIPLAYER\\DOWNLOADS\\2C0F015C0C1E1F8399E9AE975109D3F8, Delete-on-Reboot, [328],\r\n[500877],1.0.4442Physical Sector: 0(No malicious items detected)\r\nSource: https://blog.malwarebytes.com/detections/backdoor-darkcomet/\r\nhttps://blog.malwarebytes.com/detections/backdoor-darkcomet/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://blog.malwarebytes.com/detections/backdoor-darkcomet/"
	],
	"report_names": [
		"backdoor-darkcomet"
	],
	"threat_actors": [],
	"ts_created_at": 1775434508,
	"ts_updated_at": 1775791254,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/aed9d5e231289c4bd140e8d1bae6498929014760.pdf",
		"text": "https://archive.orkl.eu/aed9d5e231289c4bd140e8d1bae6498929014760.txt",
		"img": "https://archive.orkl.eu/aed9d5e231289c4bd140e8d1bae6498929014760.jpg"
	}
}