![]() The Deep Panda group is known to utilize WMI for lateral movement. ĭEATHRANSOM has the ability to use WMI to delete volume shadow copies. ĭarkWatchman can use WMI to execute commands. ĬrackMapExec can execute remote commands using Windows Management Instrumentation. Ĭobalt Strike can use WMI to deliver a payload to a remote host. ![]() Ĭhimera has used WMIC to execute remote commands. ĬharmPower can use wmic to gather information from a system. īlue Mockingbird has used wmic.exe to set environment variables. Ī BlackEnergy 2 plug-in uses WMI to gather victim host details. īazar can execute a WMI query to gather information about the installed antivirus engine. Īvaddon uses wmic.exe to delete shadow copies. ĪPT41 used WMI in several ways, including for execution of commands via WMIEXEC as well as for persistence via PowerSploit. ĪPT32 used WMI to deploy their tools on remote machines and to gather information about the Outlook process. They have also used WMI for the remote execution of files for lateral movement. ĪPT29 used WMI to steal credentials and execute backdoors at a future time. Agent Tesla has used wmi queries to gather information from the system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |