S0191 Winexe
Winexe is a lightweight, open source tool similar to PsExec designed to allow system administrators to execute commands on remote servers. 1 Winexe is unique in that it is a GNU/Linux based client. 2
| Item | Value |
|---|---|
| ID | S0191 |
| Type | TOOL |
| Version | 1.0 |
| Created | 18 April 2018 |
| Last Modified | 17 October 2018 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1569 | System Services | - |
| enterprise | T1569.002 | Service Execution | Winexe installs a service on the remote system, executes the command, then uninstalls the service.3 |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0007 | APT28 | 24 |
| G0091 | Silence | 5 |
| G0105 | DarkVishnya | 6 |
References
-
Skalkotos, N. (2013, September 20). WinExe. Retrieved January 22, 2018. ↩
-
Guarnieri, C. (2015, June 19). Digital Attack on German Parliament: Investigative Report on the Hack of the Left Party Infrastructure in Bundestag. Retrieved January 22, 2018. ↩↩
-
Prakash, T. (2017, June 21). Run commands on Windows system remotely using Winexe. Retrieved January 22, 2018. ↩
-
Secureworks CTU. (2017, March 30). IRON TWILIGHT Supports Active Measures. Retrieved February 28, 2022. ↩
-
GReAT. (2017, November 1). Silence – a new Trojan attacking financial organizations. Retrieved May 24, 2019. ↩
-
Golovanov, S. (2018, December 6). DarkVishnya: Banks attacked through direct connection to local network. Retrieved May 15, 2020. ↩