216.73.216.6

Threat tools

Software used in attacks (Cobalt Strike, Mimikatz, etc.) with STIX relationships.

  • Windows Credential Editor
    The MITRE Corporation Confidence 100 1 MITRE 7 APTs

    [Windows Credential Editor](https://attack.mitre.org/software/S0005) is a password dumping tool. (Citation: Amplia WCE)

  • PowerSploit
    The MITRE Corporation Confidence 100 28 MITREs 9 APTs 2 Campaigns

    [PowerSploit](https://attack.mitre.org/software/S0194) is an open source, offensive security framework comprised of [PowerShell](https://attack.mitre.org/techniques/T1059/001) modules and scripts that perform a wide range of tasks related to penetration testing such as code…

  • SILENTTRINITY
    The MITRE Corporation Confidence 100 56 MITREs

    [SILENTTRINITY](https://attack.mitre.org/software/S0692) is an open source remote administration and post-exploitation framework primarily written in Python that includes stagers written in Powershell, C, and Boo. [SILENTTRINITY](https://attack.mitre.org/software/S0692) was used in a…

  • Sliver
    The MITRE Corporation Confidence 100 23 MITREs 3 APTs 1 Campaign

    [Sliver](https://attack.mitre.org/software/S0633) is an open source, cross-platform, red team command and control (C2) framework written in Golang. [Sliver](https://attack.mitre.org/software/S0633) includes its own package manager, "armory," for staging and downloading additional…

  • at
    The MITRE Corporation Confidence 100 1 MITRE 3 APTs 1 Campaign

    [at](https://attack.mitre.org/software/S0110) is used to schedule tasks on a system to run at a specified date or time.(Citation: TechNet At)(Citation: Linux at)

  • ShimRatReporter
    The MITRE Corporation Confidence 100 16 MITREs 1 APT

    [ShimRatReporter](https://attack.mitre.org/software/S0445) is a tool used by suspected Chinese adversary [Mofang](https://attack.mitre.org/groups/G0103) to automatically conduct initial discovery. The details from this discovery are used to customize follow-on payloads (such as…

  • UACMe
    The MITRE Corporation Confidence 100 1 MITRE

    [UACMe](https://attack.mitre.org/software/S0116) is an open source assessment tool that contains many methods for bypassing Windows User Account Control on multiple versions of the operating system. (Citation: Github UACMe)

  • BloodHound
    The MITRE Corporation Confidence 100 11 MITREs 6 APTs 1 Campaign

    [BloodHound](https://attack.mitre.org/software/S0521) is an Active Directory (AD) reconnaissance tool that can reveal hidden relationships and identify attack paths within an AD environment.(Citation: GitHub Bloodhound)(Citation: CrowdStrike BloodHound April 2018)(Citation: FoxIT…

  • NPPSPY
    The MITRE Corporation Confidence 100 8 MITREs

    NPPSPY is an implementation of a theoretical mechanism first presented in 2004 for capturing credentials submitted to a Windows system via a rogue Network Provider API item. NPPSPY…

  • certutil
    The MITRE Corporation Confidence 100 4 MITREs 14 APTs 2 Campaigns

    [certutil](https://attack.mitre.org/software/S0160) is a command-line utility that can be used to obtain certificate authority information and configure Certificate Services. (Citation: TechNet Certutil)

  • Covenant
    The MITRE Corporation Confidence 100 10 MITREs 1 APT

    [Covenant](https://attack.mitre.org/software/S1155) is a multi-platform command and control framework written in .NET. While designed for penetration testing and security research, the tool has also been used by threat actors…

  • Net
    The MITRE Corporation Confidence 100 16 MITREs 33 APTs 1 Campaign

    The [Net](https://attack.mitre.org/software/S0039) utility is a component of the Windows operating system. It is used in command-line operations for control of users, groups, services, and network connections. (Citation: Microsoft…