-
Notifications
You must be signed in to change notification settings - Fork 392
Files
/
Copy pathattacker_tools.csv
38 lines (38 loc) · 4.86 KB
/
attacker_tools.csv
1 | attacker_tool_names | description |
|---|---|---|
2 | remcom.exe | This process is an open source replacement to psexec and is not typically seen in an enterprise environment. |
3 | pwdump.exe | This process is associated with a tool used to dump password hashes on a Windows system. |
4 | pwdump2.exe | This process is associated with a tool used to dump password hashes on a Windows system. |
5 | nc.exe | This process is an open source tool used for network communications. |
6 | wce.exe | This process is associated with a tool used to dump hashes and execute pass-the-hash and pass-the-ticket attacks. |
7 | cain.exe | This process is associated with a tool used to collect user credentials and execute attacks. |
8 | nmap.exe | This process is an open source network mapping tool used to identify hosts and listening services on a network. |
9 | kidlogger.exe | This process is associated with a tool used to collect keyboard input on a host. |
10 | isass.exe | This process name is used by attackers to hide in plain sight and look like a legitimate Windows system process. |
11 | svch0st.exe | This process name is used by attackers to hide in plain sight and look like a legitimate Windows system process. |
12 | at.exe | This process is used to schedule other processes to run. schtasks.exe should be used instead as it provides more flexibility. |
13 | getmail.exe | This process is seen to be used by attackers to extract email files from host machines. |
14 | ntdll.exe | This process was identified as malicious by DHS Alert TA18-074A. |
15 | netpass.exe | This process was identified as malicious by DHS Alert TA18-201A and attackers use this tool to recover all network passwords stored on your system for the current logged-on user. |
16 | WebBrowserPassView.exe | This process was identified as malicious by DHS Alert TA18-201A and is used by attackers as a password recovery tool that reveals the passwords stored in Web Browsers. |
17 | OutlookAddressBookView.exe | This process was identified as malicious by DHS Alert TA18-201A and is used by attackers to steal the details of all recipients stored in the address books of Microsoft Outlook. |
18 | mailpv.exe | This process was identified by DHS Alert TA18-201A and attackers use this tool is a password-recovery tool that reveals the passwords and other account details from various email clients. |
19 | NLBrute.exe | A RDP brute force tool found in botnets for further expansion and and acquisition of targets. This process was identified in the SamSam Ransomware Campaign and attackers use this tool to brute force RDP instances with a range of commonly used passwords. |
20 | selfdel.exe | This executable was delivered in the SamSam Ransomware Campain and the attackers levereged this binary to delete its malicilous activities. |
21 | masscan.exe | This executable was delivered in the XMRig Crypto Miner |
22 | Massscan_GUI.exe | This executable was delivered in the XMRig Crypto Miner |
23 | KPortScan3.exe | This executable was delivered in the XMRig Crypto Miner and is commonly used by attackers to scan the internet |
24 | NLAChecker.exe | A scanner tool that checks for Windows hosts for Network Level Authentication. This tool allows attackers to detect Windows Servers with RDP without NLA enabled which facilitates the use of brute force non microsoft rdp tools or exploits |
25 | ns.exe | A commonly used tool used by attackers to scan and map file shares |
26 | SilverBullet.exe | Malware was discovered in our monitoring of honey pots that abuses this open source software for scanning and connecting to hosts. |
27 | kportscan3.exe | KPortScan 3.0 is a widely used port scanning tool on Hacking Forums to perform network scanning on the internal networks. |
28 | advanced_port_scanner.exe | Advanced Port Scanner is a free network scanner allowing you to quickly find open ports on network computers and retrieve versions of programs running on the detected ports. |
29 | mimikatz.exe | utility Mimikatz is an open-source application that allows users to view and save authentication credentials such as Kerberos tickets. |
30 | certify.exe | A tool used to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS) |
31 | certipy.exe | A tool used to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS) |
32 | ladon.exe | Ladon is a multi-threaded plug-in comprehensive scanning artifact for large-scale network penetration including port scanning service identification network assets password explosion high-risk vulnerability detection and one click getshell. |
33 | sharpTask.exe | SharpTask is a tool that allows you to create scheduled tasks on a Windows system. |
34 | SharpHide.exe | SharpHide is a tool that allows you to hide a process from the task manager. |
35 | SharpStay.exe | SharpStay is a tool that allows you to stay hidden from the task manager. |
36 | seatbelt.exe | A tool used to collect detailed information about a system—such as remote access configurations network shares and other security-relevant data on victim machine. |
37 | SharpGPOAbuse.exe | SharpGPOAbuse is a tool that allows you to abuse and enumerate GPOs on a Windows system. |
38 | fscan.exe | Fscan is a tool used to scan for open ports and services on a network. |