Ghost RAT Research University Intellectual Property Theft - Planning Guide
Ghost RAT Research University Intellectual Property Theft
Complete preparation guide for academic espionage scenario
Comprehensive facilitation guidance for Ghost RAT Research University featuring sophisticated RAT malware, breakthrough research surveillance, scientific intellectual property theft, and foreign academic espionage targeting American research competitive advantage.
1. Quick Reference
| Element | Details |
|---|---|
| Malmon | Ghost RAT (Ghost/Dark dual-type) |
| Difficulty Tier | Tier 3 (Expert) |
| Scenario Variant | APT Advanced: Research University |
| Organizational Context | Metropolitan Research University: $200M research funding, breakthrough medical research, academic collaboration |
| Primary Stakes | Research intellectual property + Scientific competitive advantage + Grant funding + Academic collaboration |
| Recommended Formats | Full Game / Advanced Challenge |
| Essential NPCs | Dr. Rachel Foster (Research Vice Provost), Professor Alan Martinez (Lead Scientist), Director Lisa Chen (Technology Transfer) |
| Optional NPCs | Agent Kevin Park (FBI Economic Espionage), Foreign Intelligence Analyst, Academic Research Security Coordinator |
Scenario Hook
Metropolitan Research University is preparing Friday publication of breakthrough cancer treatment research when faculty notice workstations behaving strangely—research files opening without commands, foreign competitors demonstrating knowledge of confidential methodologies—sophisticated RAT provides complete access to cutting-edge academic research.
Victory Condition
Team identifies sophisticated remote access surveillance through behavioral detection, protects breakthrough research intellectual property from continued foreign espionage, ensures scientific competitive advantage and grant funding security, and addresses foreign targeting threatening American academic research leadership.
2-12. [Complete Planning Structure]
Opening: “It’s Tuesday morning at Metropolitan Research University. Faculty are completing breakthrough medical research publication that could revolutionize cancer treatment and secure millions in follow-up funding. But during confidential research meetings, scientists notice troubling signs: workstations performing unauthorized actions, data files opening automatically, laboratory equipment responding to commands no one issued. Investigation reveals sophisticated surveillance providing foreign competitors complete access to cutting-edge academic research and intellectual property.”
Key NPCs:
- Dr. Rachel Foster: Research vice provost balancing publication timeline with intellectual property protection
- Professor Alan Martinez: Lead scientist investigating research surveillance and scientific discovery compromise
- Director Lisa Chen: Technology transfer office assessing intellectual property theft and patent implications
Investigation Timeline: Round 1: RAT detection through research workstation behavioral anomalies Round 2: Foreign academic espionage attribution and research intellectual property damage assessment Round 3: Publication decision under espionage threat and FBI economic espionage coordination
Response Options:
- Complete remote surveillance removal with preservation of espionage evidence (DC 13)
- Research intellectual property security verification and patent protection (DC 14)
- Scientific competitive advantage assessment determining foreign research intelligence impact (DC 15)
Learning Objectives:
- Remote access trojan detection in academic research environments
- Research intellectual property protection from foreign academic espionage
- University cybersecurity obligations to scientific competitive advantage
- Foreign targeting of American breakthrough research and nation-state technology acquisition
- Coordination between incident response and FBI economic espionage investigation
MITRE ATT&CK:
- T1219 (Remote Access Software), T1056 (Input Capture), T1113 (Screen Capture), T1005 (Research IP Theft)
Notes for IM Customization
What worked well:
What to modify next time:
Creative player solutions:
Timing adjustments: