Winexe
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1569 | .002 | System Services: Service Execution |
Winexe installs a service on the remote system, executes the command, then uninstalls the service.(Citation: Secpod Winexe June 2017) |
Groups That Use This Software |
||
| ID | Name | References |
|---|---|---|
| G0105 | DarkVishnya |
(Citation: Securelist DarkVishnya Dec 2018) |
| G0091 | Silence |
(Citation: SecureList Silence Nov 2017) |
| G0007 | APT28 |
(Citation: Überwachung APT28 Forfiles June 2015) (Citation: Secureworks IRON TWILIGHT Active Measures March 2017) |
References
- Skalkotos, N. (2013, September 20). WinExe. Retrieved January 22, 2018.
- Guarnieri, C. (2015, June 19). Digital Attack on German Parliament: Investigative Report on the Hack of the Left Party Infrastructure in Bundestag. Retrieved January 22, 2018.
- Secureworks CTU. (2017, March 30). IRON TWILIGHT Supports Active Measures. Retrieved February 28, 2022.
- Prakash, T. (2017, June 21). Run commands on Windows system remotely using Winexe. Retrieved January 22, 2018.
- GReAT. (2017, November 1). Silence – a new Trojan attacking financial organizations. Retrieved May 24, 2019.
- Golovanov, S. (2018, December 6). DarkVishnya: Banks attacked through direct connection to local network. Retrieved May 15, 2020.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.