ATT&CK v19 has been released! Check out the blog post for more information.

DCRAT

DCRAT is a variant of the open-source AsyncRAT developed in C# with additional capabilities such as patching Microsoft’s Antimalware Scan Interface (AMSI).^[1]

ID: S9017

ⓘ

Type: TOOL

ⓘ

Platforms: Windows

Version: 1.0

Created: 16 April 2026

Last Modified: 16 April 2026

Version Permalink

Live Version

Techniques Used

Domain	ID		Name	Use
Enterprise	T1685		Disable or Modify Tools	DCRAT can patch Microsoft’s Antimalware Scan Interface (AMSI) to evade detection.^[1]
Enterprise	T1573	.002	Encrypted Channel: Asymmetric Cryptography	DCRAT can use certificate-based authentication for C2 servers.^[1]
Enterprise	T1056	.001	Input Capture: Keylogging	DCRAT can log keystrokes on targeted systems.^[1]
Enterprise	T1027	.013	Obfuscated Files or Information: Encrypted/Encoded File	The DCRAT configuration file is encrypted using AES-256.^[1]

Groups That Use This Software

ID	Name	References
G0099	APT-C-36	APT-C-36 has used DCRAT during operations.^[1]

References

Pellegrino, G. (2025, December 16). BlindEagle Targets Colombian Government Agency with Caminho and DCRAT. Retrieved April 16, 2026.

DCRAT

Enterprise Layer

Techniques Used

Groups That Use This Software

References