216.73.216.233

Threat tools

Software used in attacks (Cobalt Strike, Mimikatz, etc.) with STIX relationships.

  • Koadic
    The MITRE Corporation Confidence 100 27 MITREs 4 APTs

    [Koadic](https://attack.mitre.org/software/S0250) is a Windows post-exploitation framework and penetration testing tool that is publicly available on GitHub. [Koadic](https://attack.mitre.org/software/S0250) has several options for staging payloads and creating implants, and performs…

  • CrackMapExec
    The MITRE Corporation Confidence 100 20 MITREs 5 APTs 1 Campaign

    [CrackMapExec](https://attack.mitre.org/software/S0488), or CME, is a post-exploitation tool developed in Python and designed for penetration testing against networks. [CrackMapExec](https://attack.mitre.org/software/S0488) collects Active Directory information to conduct lateral movement through targeted…

  • cmd
    The MITRE Corporation Confidence 100 6 MITREs 6 APTs 1 Campaign

    [cmd](https://attack.mitre.org/software/S0106) is the Windows command-line interpreter that can be used to interact with systems and execute other processes and utilities. (Citation: TechNet Cmd) Cmd.exe contains native functionality to…

  • esentutl
    The MITRE Corporation Confidence 100 6 MITREs 3 APTs

    [esentutl](https://attack.mitre.org/software/S0404) is a command-line tool that provides database utilities for the Windows Extensible Storage Engine.(Citation: Microsoft Esentutl)

  • route
    The MITRE Corporation Confidence 100 1 MITRE 2 APTs

    [route](https://attack.mitre.org/software/S0103) can be used to find or change information within the local system IP routing table. (Citation: TechNet Route)

  • Ping
    The MITRE Corporation Confidence 100 1 MITRE 15 APTs 4 Campaigns

    [Ping](https://attack.mitre.org/software/S0097) is an operating system utility commonly used to troubleshoot and verify network connections. (Citation: TechNet Ping)

  • LaZagne
    The MITRE Corporation Confidence 100 10 MITREs 12 APTs

    [LaZagne](https://attack.mitre.org/software/S0349) is a post-exploitation, open-source tool used to recover stored passwords on a system. It has modules for Windows, Linux, and OSX, but is mainly focused on Windows…

  • NBTscan
    The MITRE Corporation Confidence 100 5 MITREs 10 APTs

    [NBTscan](https://attack.mitre.org/software/S0590) is an open source tool that has been used by state groups to conduct internal reconnaissance within a compromised network.(Citation: Debian nbtscan Nov 2019)(Citation: SecTools nbtscan June…

  • Invoke-PSImage
    The MITRE Corporation Confidence 100 2 MITREs 1 APT

    [Invoke-PSImage](https://attack.mitre.org/software/S0231) takes a PowerShell script and embeds the bytes of the script into the pixels of a PNG image. It generates a one liner for executing either from…

  • nbtstat
    The MITRE Corporation Confidence 100 2 MITREs 2 APTs

    [nbtstat](https://attack.mitre.org/software/S0102) is a utility used to troubleshoot NetBIOS name resolution. (Citation: TechNet Nbtstat)

  • IronNetInjector
    The MITRE Corporation Confidence 100 8 MITREs 1 APT

    [IronNetInjector](https://attack.mitre.org/software/S0581) is a [Turla](https://attack.mitre.org/groups/G0010) toolchain that utilizes scripts from the open-source IronPython implementation of Python with a .NET injector to drop one or more payloads including [ComRAT](https://attack.mitre.org/software/S0126).(Citation: Unit…

  • Mimikatz
    The MITRE Corporation Confidence 100 17 MITREs 51 APTs 9 Campaigns

    [Mimikatz](https://attack.mitre.org/software/S0002) is a credential dumper capable of obtaining plaintext Windows account logins and passwords, along with many other features that make it useful for testing the security of…