Skip to content

S0592 RemoteUtilities

RemoteUtilities is a legitimate remote administration tool that has been used by MuddyWater since at least 2021 for execution on target machines.1

Item Value
ID S0592
Associated Names
Version 1.0
Created 18 March 2021
Last Modified 25 April 2021
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1083 File and Directory Discovery RemoteUtilities can enumerate files and directories on a target machine.1
enterprise T1105 Ingress Tool Transfer RemoteUtilities can upload and download files to and from a target machine.1
enterprise T1113 Screen Capture RemoteUtilities can take screenshots on a compromised host.1
enterprise T1218 System Binary Proxy Execution -
enterprise T1218.007 Msiexec RemoteUtilities can use Msiexec to install a service.1

Groups That Use This Software

ID Name References
G0069 MuddyWater 1