Track Common Adversary Tasks Performed Using 3PARA RAT

 








To know more about it, you can go through my detailed document by clicking here










Overview

It is a Remote Access Tool or Trojan (RAT) that is programmed in C++ and used by Putter Panda (which is a Chinese Threat Group).

Types of Attacks

All Kinds of RATs are generally very difficult to detect and they provide total control to the attacker remotely. They can be used to steal any kind of sensitive information, spy on a victim, remotely control the infected computers, etc.

Mostly they attack via Spear phishing or social engineering attacks and are not easy to detect because:

  1. They can easily open legitimate network ports on an infected machine which appear benign to most of the security products.
  2. They are capable of faking as a legitimate commercial remote administration tool.
  3. Their operations don't resemble any type of common malware technique.

Conclusion

Although it is very difficult to detect RATs as they look like a commercial remote administration software, but, they can be detected by regular monitoring of the system processes to look out for any malicious activity. 















To know more about it, you can go through my detailed document by clicking here




Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)