Ghost RAT Law Firm Client Surveillance - Planning Guide
Ghost RAT Law Firm Client Surveillance
Complete preparation guide for legal surveillance espionage scenario
Comprehensive facilitation guidance for Ghost RAT Law Firm Client Surveillance featuring sophisticated RAT malware, attorney-client privilege violations, legal strategy surveillance, and corporate espionage targeting privileged communications.
1. Quick Reference
| Element | Details |
|---|---|
| Malmon | Ghost RAT (Ghost/Dark dual-type) |
| Difficulty Tier | Tier 3 (Expert) |
| Scenario Variant | APT Advanced: Corporate Law Firm |
| Organizational Context | Blackstone & Associates: 180 attorneys, Fortune 500 clients, $500M litigation |
| Primary Stakes | Attorney-client privilege + Legal strategy + Professional ethics + Case outcomes |
| Recommended Formats | Full Game / Advanced Challenge |
| Essential NPCs | Elizabeth Harper (Managing Partner), Daniel Chen (Senior Associate), Maria Santos (Ethics Counsel) |
| Optional NPCs | Jennifer Wong (Special Prosecutor), Bar Association Investigator, Corporate Espionage Analyst |
Scenario Hook
Blackstone is preparing for Monday trial when attorneys notice computers performing unauthorized actions—legal documents opening during confidential meetings, opposing counsel anticipating legal arguments—sophisticated RAT provides adversaries complete access to privileged attorney-client communications.
Victory Condition
Team identifies sophisticated remote access surveillance through behavioral detection, protects attorney-client privileged communications from continued monitoring, ensures professional ethics compliance and case integrity, and addresses corporate espionage threatening legal practice and client confidentiality.
2-12. [Complete Planning Structure]
Opening: “It’s Thursday morning at Blackstone & Associates. Managing Partner Elizabeth Harper is finalizing strategy for $500M corporate lawsuit beginning Monday. But during confidential client meetings, attorneys notice troubling signs: workstations performing actions they didn’t initiate, case files opening unexpectedly, opposing counsel demonstrating uncanny knowledge of confidential legal strategy. Investigation reveals sophisticated surveillance tools providing adversaries complete access to privileged attorney-client communications.”
Key NPCs:
- Elizabeth Harper: Managing partner balancing case preparation with privilege protection
- Daniel Chen: Senior associate investigating legal surveillance and privileged communication compromise
- Maria Santos: Ethics counsel addressing attorney-client privilege violations and professional responsibility
Investigation Timeline: Round 1: RAT detection through behavioral anomalies in legal workstations Round 2: Attorney-client privilege damage assessment and professional ethics investigation Round 3: Case strategy decision under surveillance threat and bar association coordination
Response Options:
- Complete remote access removal with forensic preservation for ethics investigation (DC 13)
- Attorney-client communication security verification and privilege protection (DC 14)
- Case strategy assessment determining if stolen intelligence compromised legal position (DC 16)
Learning Objectives:
- Remote access trojan detection through workstation behavioral analysis
- Attorney-client privilege protection from sophisticated corporate espionage
- Legal profession cybersecurity ethics and professional responsibility
- Privileged communication surveillance implications for case outcomes
- Coordination between incident response and professional ethics investigation
MITRE ATT&CK:
- T1219 (Remote Access Software) - RAT capabilities
- T1056 (Input Capture) - Keystroke logging privileged communications
- T1113 (Screen Capture) - Confidential meeting surveillance
- T1005 (Data from Local System) - Legal strategy and client information theft
Notes for IM Customization
What worked well:
What to modify next time:
Creative player solutions:
Timing adjustments: