Threat Tools – Securitricks

TruffleHog

The MITRE Corporation Confidence 75 16 MITREs

[TruffleHog](https://attack.mitre.org/software/S9009) is an open-source secrets-discovery tool that is used to search for credentials, API keys, and encryption keys across a variety of data sources and environments.(Citation: Black Hills…

DCRAT

The MITRE Corporation Confidence 75 4 MITREs 1 APT

[DCRAT](https://attack.mitre.org/software/S9017) is a variant of the open-source [AsyncRAT](https://attack.mitre.org/software/S1087) developed in C# with additional capabilities such as patching Microsoft’s Antimalware Scan Interface (AMSI).(Citation: Zscaler BlindEagle DEC 2025)

evilginx2

The MITRE Corporation Confidence 75 14 MITREs

[evilginx2](https://attack.mitre.org/software/S9003) is an open-source adversary-in-the-middle (AiTM) attack framework based on the open-source nginx web server. [evilginx2](https://attack.mitre.org/software/S9003) can be used as a reverse proxy between victims and legitimate web…

Diskpart

The MITRE Corporation Confidence 75 5 MITREs

[Diskpart](https://attack.mitre.org/software/S9002) is a Windows command-line utility that is used to manage the computer’s drives, which includes disks, partitions, volumes and virtual hard disks.(Citation: Microsoft_diskpart_Feb2023) Adversaries may abuse [Diskpart](https://attack.mitre.org/software/S9002)…

FlexiSpy

The MITRE Corporation Confidence 100 18 MITREs

[FlexiSpy](https://attack.mitre.org/software/S0408) is sophisticated surveillanceware for iOS and Android. Publicly-available, comprehensive analysis has only been found for the Android version.(Citation: FortiGuard-FlexiSpy)(Citation: CyberMerchants-FlexiSpy) [FlexiSpy](https://attack.mitre.org/software/S0408) markets itself as a parental control…

Xbot

The MITRE Corporation Confidence 100 4 MITREs

[Xbot](https://attack.mitre.org/software/S0298) is an Android malware family that was observed in 2016 primarily targeting Android users in Russia and Australia. (Citation: PaloAlto-Xbot)

PsExec

The MITRE Corporation Confidence 100 5 MITREs 38 APTs 6 Campaigns

[PsExec](https://attack.mitre.org/software/S0029) is a free Microsoft tool that can be used to execute a program on another computer. It is used by IT administrators and attackers.(Citation: Russinovich Sysinternals)(Citation: SANS…

Quick Assist

The MITRE Corporation Confidence 100 3 MITREs 1 APT

[Quick Assist](https://attack.mitre.org/software/S1209) is a remote assistance tool primarily for Microsoft Windows, although a macOS version also exists. [Quick Assist](https://attack.mitre.org/software/S1209) allows for remote screen sharing and, with end user…

Havij

The MITRE Corporation Confidence 100 1 MITRE 1 APT

[Havij](https://attack.mitre.org/software/S0224) is an automatic SQL Injection tool distributed by the Iranian ITSecTeam security company. Havij has been used by penetration testers and adversaries. (Citation: Check Point Havij Analysis)

Wevtutil

The MITRE Corporation Confidence 100 5 MITREs 6 APTs 1 Campaign

[Wevtutil](https://attack.mitre.org/software/S0645) is a Windows command-line utility that enables administrators to retrieve information about event logs and publishers.(Citation: Wevtutil Microsoft Documentation)

Rubeus

The MITRE Corporation Confidence 100 5 MITREs 1 APT 2 Campaigns

[Rubeus](https://attack.mitre.org/software/S1071) is a C# toolset designed for raw Kerberos interaction that has been used since at least 2020, including in ransomware operations.(Citation: GitHub Rubeus March 2023)(Citation: FireEye KEGTAP…

AdFind

The MITRE Corporation Confidence 100 5 MITREs 12 APTs 2 Campaigns

[AdFind](https://attack.mitre.org/software/S0552) is a free command-line query tool that can be used for gathering information from Active Directory.(Citation: Red Canary Hospital Thwarted Ryuk October 2020)(Citation: FireEye FIN6 Apr 2019)(Citation:…