216.73.216.6

Threat tools

Software used in attacks (Cobalt Strike, Mimikatz, etc.) with STIX relationships.

  • BITSAdmin
    The MITRE Corporation Confidence 100 4 MITREs 9 APTs

    [BITSAdmin](https://attack.mitre.org/software/S0190) is a command line tool used to create and manage [BITS Jobs](https://attack.mitre.org/techniques/T1197). (Citation: Microsoft BITSAdmin)

  • CARROTBALL
    The MITRE Corporation Confidence 100 4 MITREs

    [CARROTBALL](https://attack.mitre.org/software/S0465) is an FTP downloader utility that has been in use since at least 2019. [CARROTBALL](https://attack.mitre.org/software/S0465) has been used as a downloader to install [SYSCON](https://attack.mitre.org/software/S0464).(Citation: Unit 42 CARROTBAT…

  • netsh
    The MITRE Corporation Confidence 100 5 MITREs 7 APTs 2 Campaigns

    [netsh](https://attack.mitre.org/software/S0108) is a scripting utility used to interact with networking components on local or remote systems. (Citation: TechNet Netsh)

  • MimiPenguin
    The MITRE Corporation Confidence 100 1 MITRE 1 APT

    [MimiPenguin](https://attack.mitre.org/software/S0179) is a credential dumper, similar to [Mimikatz](https://attack.mitre.org/software/S0002), designed specifically for Linux platforms. (Citation: MimiPenguin GitHub May 2017)

  • xCmd
    The MITRE Corporation Confidence 100 1 MITRE 1 APT

    [xCmd](https://attack.mitre.org/software/S0123) is an open source tool that is similar to [PsExec](https://attack.mitre.org/software/S0029) and allows the user to execute applications on remote systems. (Citation: xCmd)

  • CSPY Downloader
    The MITRE Corporation Confidence 100 12 MITREs 1 APT

    [CSPY Downloader](https://attack.mitre.org/software/S0527) is a tool designed to evade analysis and download additional payloads used by [Kimsuky](https://attack.mitre.org/groups/G0094).(Citation: Cybereason Kimsuky November 2020)

  • Fgdump
    The MITRE Corporation Confidence 100 1 MITRE

    [Fgdump](https://attack.mitre.org/software/S0120) is a Windows password hash dumper. (Citation: Mandiant APT1)

  • PoshC2
    The MITRE Corporation Confidence 100 32 MITREs 3 APTs

    [PoshC2](https://attack.mitre.org/software/S0378) is an open source remote administration and post-exploitation framework that is publicly available on GitHub. The server-side components of the tool are primarily written in Python, while…

  • RawDisk
    The MITRE Corporation Confidence 100 3 MITREs 1 APT 1 Campaign

    [RawDisk](https://attack.mitre.org/software/S0364) is a legitimate commercial driver from the EldoS Corporation that is used for interacting with files, disks, and partitions. The driver allows for direct modification of data…

  • netstat
    The MITRE Corporation Confidence 100 1 MITRE 11 APTs 4 Campaigns

    [netstat](https://attack.mitre.org/software/S0104) is an operating system utility that displays active TCP connections, listening ports, and network statistics. (Citation: TechNet Netstat)

  • FRP
    The MITRE Corporation Confidence 100 10 MITREs 3 APTs 3 Campaigns

    [FRP](https://attack.mitre.org/software/S1144), which stands for Fast Reverse Proxy, is an openly available tool that is capable of exposing a server located behind a firewall or Network Address Translation (NAT)…

  • PcShare
    The MITRE Corporation Confidence 100 21 MITREs 1 APT 1 Campaign

    [PcShare](https://attack.mitre.org/software/S1050) is an open source remote access tool that has been modified and used by Chinese threat actors, most notably during the FunnyDream campaign since late 2018.(Citation: Bitdefender…