3PARA RAT is a remote access tool (RAT) programmed in C++ that has been used by Putter Panda. 
|Enterprise||T1071||.001||Application Layer Protocol: Web Protocols|
|Enterprise||T1573||.001||Encrypted Channel: Symmetric Cryptography||
3PARA RAT command and control commands are encrypted within the HTTP C2 channel using the DES algorithm in CBC mode with a key derived from the MD5 hash of the string HYF54&%9&jkMCXuiS. 3PARA RAT will use an 8-byte XOR key derived from the string HYF54&%9&jkMCXuiS if the DES decoding fails
|Enterprise||T1083||File and Directory Discovery||
3PARA RAT has a command to retrieve metadata for files on disk as well as a command to list the current working directory.
|Enterprise||T1070||.006||Indicator Removal: Timestomp||
3PARA RAT has a command to set certain attributes such as creation/modification timestamps on files.