- Home
- Techniques
- PRE-ATT&CK
- Remote access tool development
Remote access tool development
A remote access tool (RAT) is a piece of software that allows a remote user to control a system as if they had physical access to that system. An adversary may utilize existing RATs, modify existing RATs, or create their own RAT. [1]
Procedure Examples
Name | Description |
---|---|
Night Dragon |
Night Dragon used privately developed and customized remote access tools.[2] |
Detection
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: Adversary will likely use code repositories, but development will be performed on their local systems.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: Many successful RATs exist for re-use/tailoring in addition to those an adversary may choose to build from scratch. The adversary's capabilities, target sensitivity, and needs will likely determine whether a previous RAT is modified for use a new one is built from scratch.
References
- Dan Goodin. (2014, June 30). Active malware operation let attackers sabotage US energy industry. Retrieved March 9, 2017.