Remote access tool development

A remote access tool (RAT) is a piece of software that allows a remote user to control a system as if they had physical access to that system. An adversary may utilize existing RATs, modify existing RATs, or create their own RAT. [1]

ID: T1351
Sub-techniques:  No sub-techniques
Tactic: Build Capabilities
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018

Procedure Examples

Name Description
Night Dragon

Night Dragon used privately developed and customized remote access tools.[2]


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Adversary will likely use code repositories, but development will be performed on their local systems.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Many successful RATs exist for re-use/tailoring in addition to those an adversary may choose to build from scratch. The adversary's capabilities, target sensitivity, and needs will likely determine whether a previous RAT is modified for use a new one is built from scratch.


  1. Dan Goodin. (2014, June 30). Active malware operation let attackers sabotage US energy industry. Retrieved March 9, 2017.