RATtype

RATtype is a term used in cybersecurity to denote a family of remote access trojans (RATs) that share a common modular architecture and codebase. These families are designed to provide an attacker with persistent, covert access to compromised systems, enabling remote command execution, data collection, and system control.

Characteristics include modular plugins for different capabilities, decoupled components for persistence and communication, and multi-stage operation.

Delivery methods commonly involve phishing emails with malicious attachments, drive-by exploit kits, social engineering, or supply-chain

Detection and mitigation involve endpoint security tools, network monitoring for unusual host-to-C2 traffic, and behavior-based detections.