216.73.216.6

Threat tools

Software used in attacks (Cobalt Strike, Mimikatz, etc.) with STIX relationships.

  • gsecdump
    The MITRE Corporation Confidence 100 2 MITREs 5 APTs 1 Campaign

    [gsecdump](https://attack.mitre.org/software/S0008) is a publicly-available credential dumper used to obtain password hashes and LSA secrets from Windows operating systems. (Citation: TrueSec Gsecdump)

  • Donut
    The MITRE Corporation Confidence 100 17 MITREs 1 APT

    [Donut](https://attack.mitre.org/software/S0695) is an open source framework used to generate position-independent shellcode.(Citation: Donut Github)(Citation: Introducing Donut) [Donut](https://attack.mitre.org/software/S0695) generated code has been used by multiple threat actors to inject and…

  • Responder
    The MITRE Corporation Confidence 100 2 MITREs 3 APTs 1 Campaign

    Responder is an open source tool used for LLMNR, NBT-NS and MDNS poisoning, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.…

  • Pass-The-Hash Toolkit
    The MITRE Corporation Confidence 100 1 MITRE 1 APT

    [Pass-The-Hash Toolkit](https://attack.mitre.org/software/S0122) is a toolkit that allows an adversary to "pass" a password hash (without knowing the original password) to log in to systems. (Citation: Mandiant APT1)

  • pwdump
    The MITRE Corporation Confidence 100 1 MITRE 6 APTs

    [pwdump](https://attack.mitre.org/software/S0006) is a credential dumper. (Citation: Wikipedia pwdump)

  • sqlmap
    The MITRE Corporation Confidence 100 1 MITRE 2 APTs 1 Campaign

    [sqlmap](https://attack.mitre.org/software/S0225) is an open source penetration testing tool that can be used to automate the process of detecting and exploiting SQL injection flaws. (Citation: sqlmap Introduction)

  • MailSniper
    The MITRE Corporation Confidence 100 3 MITREs 1 APT

    MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be…

  • Nltest
    The MITRE Corporation Confidence 100 3 MITREs 8 APTs

    [Nltest](https://attack.mitre.org/software/S0359) is a Windows command-line utility used to list domain controllers and enumerate domain trusts.(Citation: Nltest Manual)

  • MCMD
    The MITRE Corporation Confidence 100 10 MITREs 1 APT

    [MCMD](https://attack.mitre.org/software/S0500) is a remote access tool that provides remote command shell capability used by [Dragonfly 2.0](https://attack.mitre.org/groups/G0074).(Citation: Secureworks MCMD July 2019)

  • Winexe
    The MITRE Corporation Confidence 100 1 MITRE 3 APTs

    [Winexe](https://attack.mitre.org/software/S0191) is a lightweight, open source tool similar to [PsExec](https://attack.mitre.org/software/S0029) designed to allow system administrators to execute commands on remote servers. (Citation: Winexe Github Sept 2013) [Winexe](https://attack.mitre.org/software/S0191) is…

  • Ruler
    The MITRE Corporation Confidence 100 4 MITREs 1 APT

    [Ruler](https://attack.mitre.org/software/S0358) is a tool to abuse Microsoft Exchange services. It is publicly available on GitHub and the tool is executed via the command line. The creators of [Ruler](https://attack.mitre.org/software/S0358)…

  • Forfiles
    The MITRE Corporation Confidence 100 3 MITREs 1 APT

    [Forfiles](https://attack.mitre.org/software/S0193) is a Windows utility commonly used in batch jobs to execute commands on one or more selected files or directories (ex: list all directories in a drive,…