216.73.216.6

Threat tools

Software used in attacks (Cobalt Strike, Mimikatz, etc.) with STIX relationships.

  • dsquery
    The MITRE Corporation Confidence 100 4 MITREs 2 APTs 3 Campaigns

    [dsquery](https://attack.mitre.org/software/S0105) is a command-line utility that can be used to query Active Directory for information from a system within a domain. (Citation: TechNet Dsquery) It is typically installed…

  • Empire
    The MITRE Corporation Confidence 100 73 MITREs 17 APTs 1 Campaign

    [Empire](https://attack.mitre.org/software/S0363) is an open-source, cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python, the post-exploitation agents…

  • ifconfig
    The MITRE Corporation Confidence 100 1 MITRE

    [ifconfig](https://attack.mitre.org/software/S0101) is a Unix-based utility used to gather information about and interact with the TCP/IP settings on a system. (Citation: Wikipedia Ifconfig)

  • spwebmember
    The MITRE Corporation Confidence 100 1 MITRE 1 APT

    [spwebmember](https://attack.mitre.org/software/S0227) is a Microsoft SharePoint enumeration and data dumping tool written in .NET. (Citation: NCC Group APT15 Alive and Strong)

  • Arp
    The MITRE Corporation Confidence 100 2 MITREs 4 APTs 3 Campaigns

    [Arp](https://attack.mitre.org/software/S0099) displays and modifies information about a system's Address Resolution Protocol (ARP) cache. (Citation: TechNet Arp)

  • ngrok
    The MITRE Corporation Confidence 100 5 MITREs 5 APTs 1 Campaign

    [ngrok](https://attack.mitre.org/software/S0508) is a legitimate reverse proxy tool that can create a secure tunnel to servers located behind firewalls or on local machines that do not have a public…

  • Lslsass
    The MITRE Corporation Confidence 100 1 MITRE 1 APT

    [Lslsass](https://attack.mitre.org/software/S0121) is a publicly-available tool that can dump active logon session password hashes from the lsass process. (Citation: Mandiant APT1)

  • AADInternals
    The MITRE Corporation Confidence 100 24 MITREs 2 APTs

    [AADInternals](https://attack.mitre.org/software/S0677) is a PowerShell-based framework for administering, enumerating, and exploiting Azure Active Directory. The tool is publicly available on GitHub.(Citation: AADInternals Github)(Citation: AADInternals Documentation)

  • Tasklist
    The MITRE Corporation Confidence 100 3 MITREs 13 APTs 3 Campaigns

    The [Tasklist](https://attack.mitre.org/software/S0057) utility displays a list of applications and services with their Process IDs (PID) for all tasks running on either a local or a remote computer. It…

  • ipconfig
    The MITRE Corporation Confidence 100 1 MITRE 14 APTs 1 Campaign

    [ipconfig](https://attack.mitre.org/software/S0100) is a Windows utility that can be used to find information about a system's TCP/IP, DNS, DHCP, and adapter configuration. (Citation: TechNet Ipconfig)

  • Impacket
    The MITRE Corporation Confidence 100 11 MITREs 18 APTs 6 Campaigns

    [Impacket](https://attack.mitre.org/software/S0357) is an open source collection of modules written in Python for programmatically constructing and manipulating network protocols. [Impacket](https://attack.mitre.org/software/S0357) contains several tools for remote service execution, Kerberos manipulation,…

  • Pacu
    The MITRE Corporation Confidence 100 23 MITREs

    Pacu is an open-source AWS exploitation framework. The tool is written in Python and publicly available on GitHub.(Citation: GitHub Pacu)