The sub-techniques beta is now live! Read the release blog post for more info.


FlawedGrace is a fully featured remote access tool (RAT) written in C++ that was first observed in late 2017.[1]

ID: S0383
Platforms: Windows
Version: 1.0
Created: 29 May 2019
Last Modified: 07 June 2019

Techniques Used

Domain ID Name Use
Enterprise T1043 Commonly Used Port

FlawedGrace has used port 443 for C2 communications.[1]

Enterprise T1094 Custom Command and Control Protocol

FlawedGrace uses a custom binary protocol for its C2 communications.[1]

Enterprise T1027 Obfuscated Files or Information

FlawedGrace encrypts its C2 configuration files with AES in CBC mode.[1]

Groups That Use This Software

ID Name References
G0092 TA505 [1]