T1021.006: T1021.006
Essential information
- MITRE technique ID
T1021.006- Confidence
- 100/100
- Revoked
- No
- Published
- 11/02/2020 19:29
- Modified
- 27/03/2026 01:10
- Author / Source
- The MITRE Corporation
Aliases
Windows Remote Management
Platforms
windows
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | lateral-movement |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (26)
-
The MITRE Corporation Confidence 100
[APT37](https://attack.mitre.org/groups/G0067) is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The Gentlemen usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
APT-C-60 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UTA0137 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[OilRig](https://attack.mitre.org/groups/G0049) is a suspected Iranian threat group that has targeted Middle Eastern and international victims since at least 2014. The group has targeted a variety of sectors, including…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Wizard Spider](https://attack.mitre.org/groups/G0102) is a Russia-based financially motivated threat group originally known for the creation and deployment of [TrickBot](https://attack.mitre.org/software/S0266) since at least 2016. [Wizard Spider](https://attack.mitre.org/groups/G0102) possesses a diverse arsenal…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Hydra Saiga usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Storm-0494 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
GrayCharlie usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Storm-0501 usesThe MITRE Corporation Confidence 100
[Storm-0501](https://attack.mitre.org/groups/G1053) is a financially motivated cyber criminal group that uses commodity and open-source tools to conduct ransomware operations. [Storm-0501](https://attack.mitre.org/groups/G1053) has been active since 2021 and has previously been…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Chimera relatedThe MITRE Corporation Confidence 100
[Chimera](https://attack.mitre.org/groups/G0114) is a suspected China-based threat group that has been active since at least 2018 targeting the semiconductor industry in Taiwan as well as data from the airline…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Crypt Ghouls relatedAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (72)
-
QReverse usesFamily
-
AnyDesk usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BlackCat uses
-
ToneShell usesFamily
-
LuminousMoth usesFamily
-
Cactus usesFamily
-
Cobalt Strike Beacon usesFamily
-
LockBit usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
svcmgmt.exe usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
POISONPLUG.SHADOW usesFamily
-
ShadowPad - S0596 usesFamily
-
BlackCat - S1068 usesFamily
Reports (33)
-
21 MITREs 2 Malwares 41 Observables 1 APT
-
14 MITREs 1 Malware 10 Observables 1 APT
-
1 CVE 13 MITREs 3 Malwares 16 Observables 1 APT
-
24 MITREs 3 Malwares 147 Observables 1 APT
-
14 MITREs 1 Malware 3 Observables 1 APT
-
17 MITREs 1 Malware 4 Observables
-
14 MITREs 8 Malwares 136 Observables 1 APT
-
18 MITREs 1 Malware 1 Observable
-
13 CVEs 13 MITREs 24 Observables
-
17 MITREs 1 Malware 1 APT
-
APT37 - RokRat related21 MITREs 1 Malware 9 Observables 1 APT
-
18 MITREs 5 Malwares
Vulnerabilities (CVE) (25)
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The `exefile` parameter in CloudSetup.cgi is passed …
- EPSS
- 0.0037 (P58.9%)
- Published
- 04/06/2026
- Modified
- 04/06/2026
Campaign (2)
-
SolarWinds Compromise uses
-
Operation MidnightEclipse uses
Course Of Action (2)
-
Privileged Account Management mitigates
-
Disable or Remove Feature or Program mitigates
Tool (2)
-
Brute Ratel C4 usesThe MITRE Corporation Confidence 100
[Brute Ratel C4](https://attack.mitre.org/software/S1063) is a commercial red-teaming and adversarial attack simulation tool that first appeared in December 2020. [Brute Ratel C4](https://attack.mitre.org/software/S1063) was specifically designed to avoid detection by…
-
SILENTTRINITY usesThe MITRE Corporation Confidence 100
[SILENTTRINITY](https://attack.mitre.org/software/S0692) is an open source remote administration and post-exploitation framework primarily written in Python that includes stagers written in Powershell, C, and Boo. [SILENTTRINITY](https://attack.mitre.org/software/S0692) was used in a…