---
title: "Remote admin tools (rats): the swiss army knives of cybercrime"
page_name: "Remote Admin Tools (RATs): The Swiss Army Knives of Cybercrime"
type: "blog"
slug: "remote-admin-tools-rats-the-swiss-army-knives-of-cybercrime"
published_at: "2020-05-07"
modified_at: "2025-05-09"
url: "https://www.sumologic.com/blog/remote-admin-tools-rats-the-swiss-army-knives-of-cybercrime"
canonical: "https://www.sumologic.com/blog/remote-admin-tools-rats-the-swiss-army-knives-of-cybercrime"
markdown_url: "https://www.sumologic.com/blog/remote-admin-tools-rats-the-swiss-army-knives-of-cybercrime.md"
lang: "en"
excerpt: "RATs are commonly developed as legitimate software suites with bundled functionalities to support system administrators and other power users."
taxonomy_blog_category:
  - "SecOps &amp; Security"
---

[ All blogs ](https://www.sumologic.com/blog "blog")[SecOps &amp; Security](https://www.sumologic.com/blog/secops-security)

# Remote Admin Tools (RATs): The Swiss Army Knives of Cybercrime

[Kevin Stear](#blog-author-block-193)

May 7, 2020

1 min read 

[SecOps &amp; Security](https://www.sumologic.com/blog/secops-security)

##### Table of contents

 

 

 

The cybercrime threatscape is constantly changing as hackers adapt and repurpose the use of many different types of tools and attack vectors, and a recent [report by Kaspersky Lab](https://www.dailyhostnews.com/multifunctional-malware-becoming-extensive/) indicates that the use of remote administration tools (RATs) has increased during 2018. 

RATs are commonly developed as legitimate software suites with bundled functionalities to support system administrators and other power users. However, these toolkits are increasingly more often used for malicious purposes by cybercrime campaigns and bad actors due to their efficiency and effectiveness in compromising targeted victims. 

One of the more long-standing (and open-source) remote administration tools is [DarkComet](https://en.wikipedia.org/wiki/DarkComet), which offers a number of very useful and effective features that facilitate the take over of systems and the ability to perform a number of specific post exploit functions.

RATs like DarkComet provide significant advantages for operators as they automate and streamline post-exploitation functions as well as entrenchment. They are also considerably cheaper to operate and maintain in comparison to developing and building new tools from scratch or botnets. These tasks require a considerable level of skill and maintenance costs, whereas RATs simply need to be delivered and they can quickly be used for monetizing crime activities such as Spam, Cryptomining, or DDoS.

Additionally, RATs can level up actors with lower skill sets and enable them to perform a number of operations that would otherwise require a deeper level of expertise in operating systems and exploitations.

DarkComet RAT has been observed actively in use by both crimeware and nation-state groups across global regions -. e.g., the ongoing conflict in [Syria](https://blog.trendmicro.com/trendlabs-security-intelligence/darkcomet-surfaced-in-the-targeted-attacks-in-syrian-conflict/), where it has been reportedly used as a spying tool against government opposition.

### Article Tags

- [SecOps &amp; Security](https://www.sumologic.com/blog/secops-security)

Kevin Stear

[](https://www.sumologic.com/feed "RSS Feed")[](https://twitter.com/intent/tweet?text=Remote%20Admin%20Tools%20%28RATs%29%3A%20The%20Swiss%20Army%20Knives%20of%20Cybercrime&url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fremote-admin-tools-rats-the-swiss-army-knives-of-cybercrime "X")[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fremote-admin-tools-rats-the-swiss-army-knives-of-cybercrime "Facebook")[](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fremote-admin-tools-rats-the-swiss-army-knives-of-cybercrime "Linkedin")

[Previous blog

The cost of cybersecurity solutions vs. the cost of cyber attacks](https://www.sumologic.com/blog/the-cost-of-cybersecurity-solutions-vs-the-cost-of-cyber-attacks)[Next blog

AWS Lambda Monitoring – what to keep an eye on with serverless](https://www.sumologic.com/blog/aws-lambda-monitoring-what-to-keep-an-eye-on-with-serverless)

People who read this also enjoyed

[  

The logs you need to investigate a phishing incident

July 2, 2026

 

 ](https://www.sumologic.com/blog/ai-phishing-logs-you-need)[  

Everything you need to know for a career in cybersecurity

June 30, 2026

 

 ](https://www.sumologic.com/blog/security-analyst-faq-career-cybersecurity)[  

AI across the security lifecycle

June 18, 2026

 

 ](https://www.sumologic.com/blog/ai-across-security-lifecycle)[  

Balance AI innovation and governance with Sumo Logic AI and ML apps

June 10, 2026

 ](https://www.sumologic.com/blog/sumo-logic-ai-ml-apps-governance)

[AI Instructions](https://www.sumologic.com/ai-instructions.md)
