Brown Farinholt , Mohammad Rezaeirad , Paul Pearce , Hitesh Dharmdasani, Haikuo Yin Stevens Le Blondk , Damon McCoy, Kirill Levchenko
Remote Access Trojans (RATs) give remote attackers interactive control over a compromised machine. Unlike largescale malware such as botnets, a RAT is controlled individually by a human operator interacting with the compromised machine remotely. The versatility of RATs makes them attractive to actors of all levels of sophistication: they’ve been used for espionage, information theft, voyeurism and extortion. Despite their increasing use, there are still major gaps in our understanding of RATs and their operators, including motives, intentions, procedures, and weak points where defenses might be most effective. In this work we study the use of DarkComet, a popular commercial RAT.