A Tool is an Intelligence Object sharing many Relationships with other objects.
According to STIX Version 2.1, tools are legitimate software used by Threat Actors to attack. It's important to know when Threat Actors use these tools because it can provide you with greater insight into how campaigns are executed.
Unlike malware, these tools or software packages are often found on a system and have legitimate purposes for power users, system administrators, network administrators, or even normal users.
Remote access tools (e.g., RDP) and network scanning tools (e.g., Nmap, RustScan, etc.) are examples of Tools that may be used by a Threat Actor during an attack.