It seems to me it would be simpler to report this as "malware (or RAT) written in AutoIt.", since they ran it as an interpreter, I guess technically accurate to say the malware used AutoIt... but it's not like they tricked or hacked it. They simply wrote a nasty program in that language and used it normally.
The most annoying thing about all this is it can easily result in useful harmless programs getting flagged as viruses. This has happened before.
Biting the hand that feeds IT
