PsExec
Associated Software Descriptions |
|
| Name | Description |
|---|---|
Groups That Use This Software |
||
| ID | Name | References |
|---|---|---|
| G1017 | Volt Typhoon |
(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024) |
| G0010 | Turla |
(Citation: Symantec Waterbug Jun 2019) |
| G0114 | Chimera |
(Citation: NCC Group Chimera January 2021) |
| G0006 | APT1 |
(Citation: Mandiant APT1) |
| G0076 | Thrip |
(Citation: Symantec Thrip June 2018) |
| G1009 | Moses Staff |
(Citation: Checkpoint MosesStaff Nov 2021) |
| G0098 | BlackTech |
(Citation: Symantec Palmerworm Sep 2020) |
| G0003 | Cleaver |
(Citation: Cylance Cleaver) |
| G0105 | DarkVishnya |
(Citation: Securelist DarkVishnya Dec 2018) |
| G1032 | INC Ransom |
(Citation: Secureworks GOLD IONIC April 2024) (Citation: Cybereason INC Ransomware November 2023) (Citation: SOCRadar INC Ransom January 2024) (Citation: Huntress INC Ransom Group August 2023) |
| G0034 | Sandworm Team |
(Citation: Dragos Crashoverride 2018) |
| G1046 | Storm-1811 |
(Citation: Microsoft Storm-1811 2024) |
| G0125 | HAFNIUM |
(Citation: Volexity Exchange Marauder March 2021) |
| G1024 | Akira |
(Citation: Arctic Wolf Akira 2023) |
| G0087 | APT39 |
(Citation: FireEye APT39 Jan 2019) (Citation: BitDefender Chafer May 2020) (Citation: Symantec Chafer February 2018) |
| G1040 | Play |
(Citation: CISA Play Ransomware Advisory December 2023) |
| G0053 | FIN5 |
(Citation: Mandiant FIN5 GrrCON Oct 2016) |
| G0037 | FIN6 |
(Citation: FireEye FIN6 April 2016) (Citation: FireEye FIN6 Apr 2019) |
| G0119 | Indrik Spider |
(Citation: Symantec WastedLocker June 2020) |
| G0088 | TEMP.Veles |
(Citation: FireEye TRITON 2019) (Citation: Dragos Xenotime 2018) |
| G0014 | Night Dragon |
(Citation: McAfee Night Dragon) |
| G0094 | Kimsuky |
(Citation: Netscout Stolen Pencil Dec 2018) |
| G0093 | GALLIUM |
(Citation: Cybereason Soft Cell June 2019) (Citation: Microsoft GALLIUM December 2019) |
| G0074 | Dragonfly 2.0 |
(Citation: US-CERT TA18-074A) (Citation: Symantec Dragonfly Sept 2017) |
| G0016 | APT29 |
(Citation: F-Secure The Dukes) (Citation: ESET Dukes October 2019) |
| G1043 | BlackByte |
(Citation: Microsoft BlackByte 2023) |
| G1003 | Ember Bear |
(Citation: CISA GRU29155 2024) |
| G0008 | Carbanak |
(Citation: Kaspersky Carbanak) |
| G0077 | Leafminer |
(Citation: Symantec Leafminer July 2018) |
| G0061 | FIN8 |
(Citation: Symantec FIN8 Jul 2023) |
| G0117 | Fox Kitten |
(Citation: CISA AA20-259A Iran-Based Actor September 2020) (Citation: Check Point Pay2Key November 2020) |
| G0035 | Dragonfly |
(Citation: Secureworks IRON LIBERTY July 2019) (Citation: US-CERT TA18-074A) (Citation: Symantec Dragonfly Sept 2017) (Citation: Gigamon Berserk Bear October 2021) |
| G0059 | Magic Hound |
(Citation: FireEye APT35 2018) |
| G0049 | OilRig |
(Citation: FireEye APT34 Webinar Dec 2017) |
| G0086 | Stolen Pencil |
(Citation: Netscout Stolen Pencil Dec 2018) |
| G0080 | Cobalt Group |
(Citation: PTSecurity Cobalt Group Aug 2017) (Citation: Group IB Cobalt Aug 2017) |
| G0019 | Naikon |
(Citation: Baumgartner Naikon 2015) |
| G0028 | Threat Group-1314 |
(Citation: Dell TG-1314) |
| G0045 | menuPass |
(Citation: FireEye APT10 April 2017) (Citation: PWC Cloud Hopper Technical Annex April 2017) |
| G0102 | Wizard Spider |
(Citation: CrowdStrike Grim Spider May 2019) (Citation: FireEye KEGTAP SINGLEMALT October 2020) (Citation: Mandiant FIN12 Oct 2021) |
References
- Pilkington, M. (2012, December 17). Protecting Privileged Domain Accounts: PsExec Deep-Dive. Retrieved August 17, 2016.
- Russinovich, M. (2004, June 28). PsExec. Retrieved December 17, 2015.
- Matthews, M. and Backhouse, W. (2021, June 15). Handy guide to a new Fivehands ransomware variant. Retrieved June 24, 2021.
- CISA et al.. (2024, February 7). PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure. Retrieved May 15, 2024.
- Russinovich, M. (2014, May 2). Windows Sysinternals PsExec v2.11. Retrieved May 13, 2015.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.