216.73.216.6

Threat tools

Software used in attacks (Cobalt Strike, Mimikatz, etc.) with STIX relationships.

  • Imminent Monitor
    The MITRE Corporation Confidence 100 17 MITREs 2 APTs

    [Imminent Monitor](https://attack.mitre.org/software/S0434) was a commodity remote access tool (RAT) offered for sale from 2012 until 2019, when an operation was conducted to take down the Imminent Monitor infrastructure.…

  • attrib
    The MITRE Corporation Confidence 100 1 MITRE

    [attrib](https://attack.mitre.org/software/S1176) is a Windows utility used to display, set or remove attributes assigned to files or directories.(Citation: Microsoft attrib 2023)

  • ConnectWise
    The MITRE Corporation Confidence 100 3 MITREs 3 APTs

    [ConnectWise](https://attack.mitre.org/software/S0591) is a legitimate remote administration tool that has been used since at least 2016 by threat actors including [MuddyWater](https://attack.mitre.org/groups/G0069) and [GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) to connect to and conduct…

  • Out1
    The MITRE Corporation Confidence 100 5 MITREs 1 APT

    [Out1](https://attack.mitre.org/software/S0594) is a remote access tool written in python and used by [MuddyWater](https://attack.mitre.org/groups/G0069) since at least 2021.(Citation: Trend Micro Muddy Water March 2021)

  • Systeminfo
    The MITRE Corporation Confidence 100 1 MITRE 10 APTs 3 Campaigns

    [Systeminfo](https://attack.mitre.org/software/S0096) is a Windows utility that can be used to gather detailed information about a computer. (Citation: TechNet Systeminfo)

  • Remcos
    The MITRE Corporation Confidence 100 38 MITREs 4 APTs 1 Campaign

    [Remcos](https://attack.mitre.org/software/S0332) is a closed-source tool that is marketed as a remote control and surveillance software by a company called Breaking Security. [Remcos](https://attack.mitre.org/software/S0332) has been observed being used in…

  • Brute Ratel C4
    The MITRE Corporation Confidence 100 34 MITREs

    [Brute Ratel C4](https://attack.mitre.org/software/S1063) is a commercial red-teaming and adversarial attack simulation tool that first appeared in December 2020. [Brute Ratel C4](https://attack.mitre.org/software/S1063) was specifically designed to avoid detection by…

  • Peirates
    The MITRE Corporation Confidence 100 12 MITREs 1 APT

    [Peirates](https://attack.mitre.org/software/S0683) is a post-exploitation Kubernetes exploitation framework with a focus on gathering service account tokens for lateral movement and privilege escalation. The tool is written in GoLang and…

  • ROADTools
    The MITRE Corporation Confidence 100 6 MITREs 1 APT

    [ROADTools](https://attack.mitre.org/software/S0684) is a framework for enumerating Azure Active Directory environments. The tool is written in Python and publicly available on GitHub.(Citation: ROADtools Github)

  • AsyncRAT
    The MITRE Corporation Confidence 100 20 MITREs 2 APTs 1 Campaign

    [AsyncRAT](https://attack.mitre.org/software/S1087) is an open-source remote access tool originally available through the NYANxCAT Github repository that has been used in malicious campaigns.(Citation: Morphisec Snip3 May 2021)(Citation: Cisco Operation Layover…

  • meek
    The MITRE Corporation Confidence 100 1 MITRE 1 APT

    [meek](https://attack.mitre.org/software/S0175) is an open-source Tor plugin that tunnels Tor traffic through HTTPS connections.

  • Rclone
    The MITRE Corporation Confidence 100 6 MITREs 9 APTs 1 Campaign

    [Rclone](https://attack.mitre.org/software/S1040) is a command line program for syncing files with cloud storage services such as Dropbox, Google Drive, Amazon S3, and MEGA. [Rclone](https://attack.mitre.org/software/S1040) has been used in a…