Tip
- Windows environments are equipped with a wide array of command-line utilities.
- These tools collectively provide robust support for efficient system management, troubleshooting, and optimization, helping administrators maintain secure, stable, and high-performing Windows environments.
Important
- Cybercriminals often exploit legitimate Windows administrative tools to execute malicious actions while evading detection.
- These tools, used for tasks such as remote execution, file transfers, and system management, allow attackers to move laterally across networks, download and execute malware, manipulate logs, and gather sensitive information.
- By leveraging these built-in utilities, attackers can conduct their activities stealthily, blending their actions with normal administrative operations.
| Tool Name | Threat Group Usage |
|---|---|
| BITSAdmin | BERSERK BEAR |
| MiniDump | FANCY BEAR |
| PsExec | COZY BEAR, EMBER BEAR, BERSERK BEAR, Gamaredon, Turla |
| Windows Event Utility (wevtutil) | FANCY BEAR |
| WMIC | COZY BEAR |