Skip to content

Hide Navigation Hide TOC

HackTool - WinRM Access Via Evil-WinRM (a197e378-d31b-41c0-9635-cfdf1c1bb423)

Adversaries may use Valid Accounts to log into a computer using the Remote Desktop Protocol (RDP). The adversary may then perform actions as the logged-on user.

Cluster A Galaxy A Cluster B Galaxy B Level
HackTool - WinRM Access Via Evil-WinRM (a197e378-d31b-41c0-9635-cfdf1c1bb423) Sigma-Rules Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern 1
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern 2