Sniffing Out RAT Signatures to Achieve Quick and Direct Operator Attribution
New instances of remote access trojans (RAT) like Dark Comet and njRAT proliferate because the perceived risk of attribution is low. That mindset is a mistake by analysts.
Continuously applying new and unique methodologies for identifying useful information sources is paramount to a successful threat intelligence practice.
One example is proactively identifying RAT client locations before the RAT campaign begins spreading, and before the RAT executable is available for analysis.
The applicability of this proactive methodology is apparent for law enforcement, but it's also useful for the enterprise.
Download a copy of Recorded Future’s latest report, "Proactive Threat Identification Neutralizes Remote Access Trojan Efficacy," to review this methodology in detail and see results from our analysis on this subject.