Advanced Penetration Testing: Hacking the World's Most Secure Networks is a fantastic book to read if you want to learn about modeling Advanced Persistent Threat attacks. Wil Allsopp mentions some open source tools in the book, and here is the list of the ones I found impressive and wanted to remember, some are not mentioned in the book but the technology is:

• WarVOX: Modern ToneLoc with voip.
• ToneLoc: "It dials numbers, looking for some kind of tone."
• MASSCAN: "This is the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second."
• Windows-Exploit-Suggester: "This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target."
• Demiguise: "The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page, the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user."
• morphHTA: "Morphing Cobalt Strike's evil.HTA."
• https://github.com/Dijji/XstReader: "An open source viewer for Microsoft Outlook’s .ost and .pst files."
• bitsadminexec: A brief explenation of how to use bitsadmin "to maintain persistence and bypass Autoruns."
• Veil: "A tool designed to generate metasploit payloads that bypass common anti-virus solutions."
• dnscat2: A masterpiece, "is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol, which is an effective tunnel out of almost every network."