Arsenal Exploits TTP Matrix KillChain Mapa Actores SSLBL RansomLook Ransomwhere Alertas CyberNews

Threat Arsenal

283 herramientas únicas, 836 usos totales, 8 categorías. Herramienta más usada: Cobalt Strike

Credential Theft 97 (12%)Defense Evasion 82 (10%)Exfiltration 117 (14%)LOLBAS 96 (11%)Discovery Enum 156 (19%)Networking 52 (6%)Offsec 128 (15%)RMM-Tools 108 (13%)

Cobalt Strike (34)PsExec (33)Mimikatz (32)AnyDesk (30)SoftPerfect NetScan (29)RClone (26)Advanced IP Scanner (19)MEGA (17)AdFind (17)WinSCP (14)Advanced Port Scanner (13)WMIC (13)Impacket (12)Splashtop (12)Atera (11)ProcDump (10)ScreenConnect (10)GMER (9)Bloodhound (8)FileZilla (8)

MimikatzCredential Theft

32 grupos · 8base Team, akira Team, avaddon Team, avoslocker, beast, blackbasta Team, blacksuit Team, conti Team, cuba, darkside, dr

ProcDumpCredential Theft

10 grupos · 8base Team, conti Team, everest Team, lockbit3 Team, maze, netwalker, pysa Team, quantum, ransomexx, raworld

LaZagneCredential Theft

7 grupos · 8base Team, IMNCrew, akira Team, avoslocker, beast, lockbit3 Team, ransomexx

Veeam-Get-CredsCredential Theft

4 grupos · fog Team, lockbit3 Team, monti, warlock

NirSoft WebBrowserPassViewCredential Theft

3 grupos · 8base Team, Loki, yanluowang

PasswordFoxCredential Theft

2 grupos · 8base Team, lockbit3 Team

DonPAPICredential Theft

2 grupos · akira Team, fog Team

NirSoft DialupassCredential Theft

2 grupos · blacksuit Team, royal Team

NirSoft IEPassView (iepv)Credential Theft

2 grupos · blacksuit Team, royal Team

NirSoft MailPassViewCredential Theft

2 grupos · blacksuit Team, royal Team

NirSoft NetpassCredential Theft

2 grupos · blacksuit Team, royal Team

NirSoft RouterPassViewCredential Theft

2 grupos · blacksuit Team, royal Team

SessionGopherCredential Theft

2 grupos · darkside, pysa Team

NirSoft VNCPassViewCredential Theft

1 grupos · 8base Team

NirSoft ChromePassCredential Theft

1 grupos · Loki

SharpDumpCredential Theft

1 grupos · avaddon Team

XenArmorCredential Theft

1 grupos · avoslocker

AutomimCredential Theft

1 grupos · beast

RDP RecognizerCredential Theft

1 grupos · bianlian Team

AccountRestoreCredential Theft

1 grupos · blacksuit Team

Router ScanCredential Theft

1 grupos · conti Team

SharpChromeCredential Theft

1 grupos · conti Team

GosecretsdumpCredential Theft

1 grupos · lockbit3 Team

LostMyPasswordCredential Theft

1 grupos · lockbit3 Team

NirSoft ExtPasswordCredential Theft

1 grupos · lockbit3 Team

Invoke-TheHashCredential Theft

1 grupos · medusalocker

BetterSafetyKatzCredential Theft

1 grupos · onepercent

SharpKatzCredential Theft

1 grupos · onepercent

HandleKatzCredential Theft

1 grupos · play Team

NanodumpCredential Theft

1 grupos · play Team

DumpBrowserSecretsCredential Theft

1 grupos · thegentlemen Team

HydraCredential Theft

1 grupos · thegentlemen Team

KslDumpCredential Theft

1 grupos · thegentlemen Team

KslKatzCredential Theft

1 grupos · thegentlemen Team

XenAllPasswordProCredential Theft

1 grupos · thegentlemen Team

GrabChromeCredential Theft

1 grupos · yanluowang

GrabFFCredential Theft

1 grupos · yanluowang

KeeThiefCredential Theft

1 grupos · yanluowang

GMERDefense Evasion

9 grupos · 8base Team, avaddon Team, blacksuit Team, conti Team, hive Team, lockbit3 Team, monti, play Team, royal Team

PowerToolDefense Evasion

7 grupos · akira Team, avaddon Team, blacksuit Team, lockbit3 Team, play Team, qilin Team, royal Team

PCHunterDefense Evasion

6 grupos · 8base Team, conti Team, hive Team, lockbit3 Team, medusalocker, qilin Team

ProcessHackerDefense Evasion

4 grupos · 8base Team, interlock, lockbit3 Team, medusalocker

Zemana Anti-Rootkit driverDefense Evasion

4 grupos · akira Team, blackbyte Team, crazyhunter, qilin Team

Avast Anti-Rootkit driverDefense Evasion

3 grupos · avoslocker, cuba, monti

EDRSandBlastDefense Evasion

3 grupos · cicada3301, medusa Team, qilin Team

ThrottleStop driverDefense Evasion

2 grupos · akira Team, medusa Team

icardagt.exe (version.dll DLL sideload)Defense Evasion

2 grupos · akira Team, play Team

TDSSKillerDefense Evasion

2 grupos · avaddon Team, lockbit3 Team

Backstab (Process Explorer driver)Defense Evasion

2 grupos · blackbasta Team, lockbit3 Team

EraserDefense Evasion

2 grupos · blacksuit Team, royal Team

VirtualBoxDefense Evasion

2 grupos · blacksuit Team, ragnarlocker

HRSwordDefense Evasion

2 grupos · helldown, medusalocker

ThreatFire System Monitor driver (BYOVD)Defense Evasion

2 grupos · interlock, ransomhub Team

Defender ControlDefense Evasion

2 grupos · lockbit3 Team, spacebears

churchill_driver.sys / fidget.sysDefense Evasion

1 grupos · akira Team

consent.exe (msimg32.dll / wmsgapi.dll)Defense Evasion

1 grupos · akira Team

mfpmp.exe (rtworkq.dll DLL sideload)Defense Evasion

1 grupos · akira Team

Dell Client driver (BYOVD)Defense Evasion

1 grupos · blackbyte Team

GIGABYTE Motherboard driver (BYOVD)Defense Evasion

1 grupos · blackbyte Team

MSI Afterburner driver (BYOVD)Defense Evasion

1 grupos · blackbyte Team

Inno SetupDefense Evasion

1 grupos · blacksuit Team

av-1m.exe (AV bypass)Defense Evasion

1 grupos · crazyhunter

go.exe / go2.exe (BYOVD loader)Defense Evasion

1 grupos · crazyhunter

s4killer (Minifilter Driver)Defense Evasion

1 grupos · embargo

KillAVDefense Evasion

1 grupos · medusa Team

EDRKill (echo_driver.sys + DBUtil 2.3)Defense Evasion

1 grupos · play Team

IOBitDefense Evasion

1 grupos · play Team

Toshiba power management driver (BYOVD)Defense Evasion

1 grupos · qilin Team

Updater for Carbon Black’s Cloud Sensor AV (upd.exe)Defense Evasion

1 grupos · qilin Team

YDArkDefense Evasion

1 grupos · qilin Team

Acronis Disk DirectorDefense Evasion

1 grupos · ransomhub Team

BadRentdrv2Defense Evasion

1 grupos · ransomhub Team

Revo UninstallerDefense Evasion

1 grupos · ransomhub Team

Bluetooth Stack for Windows by Toshiba (toshdpdb.exe)Defense Evasion

1 grupos · raworld

NSudoDefense Evasion

1 grupos · royal Team

EDRStartupHinderDefense Evasion

1 grupos · thegentlemen Team

GFreezeDefense Evasion

1 grupos · thegentlemen Team

GLinkerDefense Evasion

1 grupos · thegentlemen Team

Antiy System In-Depth Analysis Toolkit driver (BYOVD)Defense Evasion

1 grupos · warlock

NsecSoft driver (BYOVD)Defense Evasion

1 grupos · warlock

Rising Antivirus driver (BYOVD)Defense Evasion

1 grupos · warlock

VMTools AV Killer (BYOVD)Defense Evasion

1 grupos · warlock

SoftPerfect NetScanDiscovery Enum

29 grupos · akira Team, avaddon Team, avoslocker, beast, bianlian Team, blackbasta Team, blackbyte Team, blacksuit Team, cactus Team

Advanced IP ScannerDiscovery Enum

19 grupos · Loki, akira Team, beast, bianlian Team, blacksuit Team, darkside, diavol, dragonforce Team, hive Team, hunters Team, inc

AdFindDiscovery Enum

17 grupos · blackbasta Team, blacksuit Team, conti Team, dagonlocker, darkside, diavol, incransom Team, lockbit3 Team, maze, netwalk

Advanced Port ScannerDiscovery Enum

13 grupos · akira Team, beast, bianlian Team, fog Team, helldown, hunters Team, interlock, lockbit3 Team, medusalocker, pysa Team, r

BloodhoundDiscovery Enum

8 grupos · akira Team, blackbasta Team, conti Team, hive Team, lockbit3 Team, maze, revil, xinglocker

PowerViewDiscovery Enum

7 grupos · blackbasta Team, blackbyte Team, cicada3301, conti Team, maze, rhysida Team, xinglocker

ShareFinderDiscovery Enum

6 grupos · akira Team, conti Team, dagonlocker, diavol, maze, xinglocker

SharpSharesDiscovery Enum

5 grupos · akira Team, bianlian Team, blacksuit Team, fog Team, royal Team

NmapDiscovery Enum

4 grupos · avoslocker, cactus Team, qilin Team, ransomhub Team

Everything.exeDiscovery Enum

4 grupos · beast, nightspire Team, warlock, yurei

PingCastleDiscovery Enum

3 grupos · bianlian Team, dragonforce Team, maze

WKToolsDiscovery Enum

3 grupos · bianlian Team, play Team, ransomhub Team

ADReconDiscovery Enum

3 grupos · cicada3301, darkside, pysa Team

SeatbeltDiscovery Enum

3 grupos · conti Team, dagonlocker, lockbit3 Team

SharpHoundDiscovery Enum

2 grupos · akira Team, blacksuit Team

ldapdomaindumpDiscovery Enum

2 grupos · akira Team, thegentlemen Team

MasscanDiscovery Enum

1 grupos · akira Team

ReconFTWDiscovery Enum

1 grupos · akira Team

NirSoft WinListerDiscovery Enum

1 grupos · avoslocker

PSNmapDiscovery Enum

1 grupos · blackbasta Team

SharpViewDiscovery Enum

1 grupos · conti Team

NbtscanDiscovery Enum

1 grupos · dagonlocker

Azure Storage ExplorerDiscovery Enum

1 grupos · interlock

ADExplorerDiscovery Enum

1 grupos · lapsus$

NavicatDiscovery Enum

1 grupos · medusa Team

PDQ InventoryDiscovery Enum

1 grupos · medusa Team

RoboCopyDiscovery Enum

1 grupos · medusa Team

NpingDiscovery Enum

1 grupos · qilin Team

DsqueryDiscovery Enum

1 grupos · ragnarlocker

PsInfoDiscovery Enum

1 grupos · ragnarlocker

SoftPerfect LanSearchProDiscovery Enum

1 grupos · ragnarlocker

Angry IP ScannerDiscovery Enum

1 grupos · ransomhub Team

Invoke-ShareFinderDiscovery Enum

1 grupos · safepay Team

ADFindDiscovery Enum

1 grupos · thegentlemen Team

BloodHoundDiscovery Enum

1 grupos · thegentlemen Team

CensysDiscovery Enum

1 grupos · thegentlemen Team

CertiHoundDiscovery Enum

1 grupos · thegentlemen Team

MANSPIDERDiscovery Enum

1 grupos · thegentlemen Team

PowerZureDiscovery Enum

1 grupos · thegentlemen Team

ShodanDiscovery Enum

1 grupos · thegentlemen Team

gogo scannerDiscovery Enum

1 grupos · thegentlemen Team

SecurityCheckDiscovery Enum

1 grupos · warlock

Cent BrowserDiscovery Enum

1 grupos · yanluowang

S3 BrowserDiscovery Enum

1 grupos · yanluowang

RCloneExfiltration

26 grupos · 8base Team, akira Team, avoslocker, bianlian Team, blackbasta Team, blacksuit Team, cactus Team, cicada3301, conti Team,

MEGAExfiltration

17 grupos · akira Team, avaddon Team, beast, bianlian Team, conti Team, darkside, hive Team, incransom Team, karakurt, lockbit3 Team

WinSCPExfiltration

14 grupos · akira Team, beast, conti Team, hunters Team, interlock, lockbit3 Team, maze, monti, nightspire Team, play Team, pysa Tea

FileZillaExfiltration

8 grupos · akira Team, avoslocker, diavol, karakurt, lockbit3 Team, nokoyawa, pysa Team, ransomhub Team

SendspaceExfiltration

7 grupos · avaddon Team, conti Team, darkside, hive Team, lockbit3 Team, mallox, revil

PrivatLabExfiltration

4 grupos · blackmatter, hive Team, mountlocker, revil

ResticExfiltration

3 grupos · IMNCrew, incransom Team, lynx Team

Temp[.]shExfiltration

3 grupos · akira Team, blacksuit Team, lockbit3 Team

WinRARExfiltration

3 grupos · akira Team, incransom Team, safepay Team

PSCPExfiltration

3 grupos · avoslocker, monti, ransomhub Team

File[.]ioExfiltration

3 grupos · babuk, lockbit3 Team, mallox

7-ZipExfiltration

3 grupos · blacksuit Team, incransom Team, safepay Team

AnonfilesExfiltration

2 grupos · avaddon Team, lockbit3 Team

Qaz[.]imExfiltration

2 grupos · blackbasta Team, conti Team

UFileExfiltration

2 grupos · hive Team, ranzy

ProtonMailExfiltration

1 grupos · avaddon Team

Gofile[.]ioExfiltration

1 grupos · avoslocker

share[.]riseup[.]netExfiltration

1 grupos · avoslocker

BublupExfiltration

1 grupos · blacksuit Team

DropfilesExfiltration

1 grupos · conti Team

BashuploadExfiltration

1 grupos · darkside

pCloudExfiltration

1 grupos · darkside

BackBlazeExfiltration

1 grupos · incransom Team

s5cmdExfiltration

1 grupos · incransom Team

AZCopyExfiltration

1 grupos · interlock

FreeFileSyncExfiltration

1 grupos · lockbit3 Team

TempsendExfiltration

1 grupos · lockbit3 Team

Transfer[.]shExfiltration

1 grupos · lockbit3 Team

Transfert-my-filesExfiltration

1 grupos · lockbit3 Team

DropmefilesExfiltration

1 grupos · mallox

EasyUpload.ioExfiltration

1 grupos · qilin Team

rcloneExfiltration

1 grupos · thegentlemen Team

PsExecLOLBAS

33 grupos · 8base Team, avoslocker, beast, bianlian Team, blackbasta Team, blacksuit Team, cicada3301, conti Team, cuba, darkside, f

WMICLOLBAS

13 grupos · avoslocker, blacksuit Team, cicada3301, conti Team, hive Team, maze, pysa Team, quantum, ragnarlocker, ransomhub Team, r

BCDEditLOLBAS

7 grupos · cicada3301, embargo, hive Team, lockbit3 Team, ransomexx, snatch Team, spacebears

BITSAdminLOLBAS

6 grupos · blackbasta Team, conti Team, hive Team, medusa Team, ransomhub Team, revil

NTDS Utility (ntdsutil)LOLBAS

6 grupos · blacksuit Team, conti Team, lapsus$, rhysida Team, vicesociety Team, yanluowang

Windows Event Utility (wevtutil)LOLBAS

4 grupos · hive Team, ransomexx, rhysida Team, yanluowang

netshLOLBAS

2 grupos · akira Team, spacebears

vssadminLOLBAS

2 grupos · akira Team, spacebears

PowerShellLOLBAS

2 grupos · blacksuit Team, qilin Team

ServiceControl (sc.exe)LOLBAS

2 grupos · embargo, snatch Team

fsutilLOLBAS

2 grupos · qilin Team, spacebears

MinidumpLOLBAS

2 grupos · vicesociety Team, warlock

netLOLBAS

1 grupos · akira Team

nltestLOLBAS

1 grupos · akira Team

Quick AssistLOLBAS

1 grupos · blackbasta Team

attribLOLBAS

1 grupos · blacksuit Team

FingerLOLBAS

1 grupos · incransom Team

Process ExplorerLOLBAS

1 grupos · medusa Team

WinRMLOLBAS

1 grupos · qilin Team

CMSTPLUALOLBAS

1 grupos · safepay Team

Regsvr32.exeLOLBAS

1 grupos · safepay Team

dllhost.exeLOLBAS

1 grupos · safepay Team

VmConnectLOLBAS

1 grupos · spacebears

MsiexecLOLBAS

1 grupos · warlock

PowerShell Remoting (PSRemoting)LOLBAS

1 grupos · warlock

RDP PatcherLOLBAS

1 grupos · warlock

SDeleteLOLBAS

1 grupos · yurei

CloudflaredNetworking

6 grupos · akira Team, blacksuit Team, medusa Team, ransomhub Team, royal Team, warlock

OpenSSHNetworking

5 grupos · akira Team, beast, blacksuit Team, royal Team, warlock

ChiselNetworking

5 grupos · avoslocker, blacksuit Team, cactus Team, royal Team, yanluowang

NgrokNetworking

4 grupos · akira Team, karakurt, lockbit3 Team, ransomhub Team

PlinkNetworking

4 grupos · cicada3301, darkside, lockbit3 Team, play Team

LigoloNetworking

3 grupos · avoslocker, lockbit3 Team, medusa Team

ProxychainsNetworking

3 grupos · fog Team, qilin Team, vicesociety Team

PuTTYNetworking

2 grupos · interlock, medusa Team

FRPNetworking

2 grupos · medusa Team, play Team

KlinkNetworking

1 grupos · beast

GOSTNetworking

1 grupos · cicada3301

TermiteNetworking

1 grupos · cuba

PowercatNetworking

1 grupos · fog Team

Bitvise SSH ClientNetworking

1 grupos · incransom Team

RevSocksNetworking

1 grupos · medusa Team

StowawayNetworking

1 grupos · ransomhub Team

NPSNetworking

1 grupos · raworld

Chisel-ngNetworking

1 grupos · thegentlemen Team

ProxyChainsNetworking

1 grupos · thegentlemen Team

Tor / Onion C2Networking

1 grupos · thegentlemen Team

openconnectNetworking

1 grupos · thegentlemen Team

Azure Blog StorageNetworking

1 grupos · warlock

Catbox[.]moeNetworking

1 grupos · warlock

MinIONetworking

1 grupos · warlock

SupabaseNetworking

1 grupos · warlock

VS Code TunnelNetworking

1 grupos · warlock

YuzeNetworking

1 grupos · warlock

Cobalt StrikeOffsec

34 grupos · avoslocker, blackbasta Team, blackbyte Team, blacksuit Team, cactus Team, clop Team, conti Team, cuba, dagonlocker, dark

ImpacketOffsec

12 grupos · akira Team, bianlian Team, darkside, fog Team, hive Team, lockbit3 Team, medusalocker, ransomhub Team, raworld, rhysida

PowerShell EmpireOffsec

8 grupos · avaddon Team, blackbyte Team, clop Team, conti Team, hive Team, lockbit3 Team, pysa Team, vicesociety Team

PowerSploitOffsec

8 grupos · avaddon Team, blackbasta Team, cicada3301, conti Team, darkside, maze, pysa Team, vicesociety Team

MetasploitOffsec

8 grupos · blackbasta Team, conti Team, everest Team, fog Team, hive Team, lockbit3 Team, maze, ransomhub Team

MeterpreterOffsec

6 grupos · conti Team, cuba, everest Team, hive Team, maze, snatch Team

NetExecOffsec

5 grupos · akira Team, fog Team, qilin Team, ransomhub Team, yurei

RubeusOffsec

5 grupos · blacksuit Team, cicada3301, conti Team, diavol, yurei

CrackMapExecOffsec

3 grupos · akira Team, darkside, ransomhub Team

SliverOffsec

3 grupos · avoslocker, fog Team, ransomhub Team

Brute Ratel C4Offsec

3 grupos · blackbasta Team, blacksuit Team, royal Team

KoadicOffsec

2 grupos · lockbit3 Team, pysa Team

WinPEASOffsec

2 grupos · play Team, yurei

VelociraptorOffsec

2 grupos · thegentlemen Team, warlock

TinyMetOffsec

1 grupos · clop Team

DonutOffsec

1 grupos · crazyhunter

Prince RansomwareOffsec

1 grupos · crazyhunter

SharpGPOAbuseOffsec

1 grupos · crazyhunter

bb.exe (shellcode loader)Offsec

1 grupos · crazyhunter

CertipyOffsec

1 grupos · fog Team

OrpheusOffsec

1 grupos · fog Team

Zer0dumpOffsec

1 grupos · fog Team

ThunderShellOffsec

1 grupos · lockbit3 Team

SharpSploitOffsec

1 grupos · onepercent

ChashellOffsec

1 grupos · pysa Team

EvilginxOffsec

1 grupos · qilin Team

Kali LinuxOffsec

1 grupos · qilin Team

SystemBCOffsec

1 grupos · qilin Team

TofseeOffsec

1 grupos · qilin Team

KerbruteOffsec

1 grupos · ransomhub Team

Custom Go Locker (Windows/Linux/NAS)Offsec

1 grupos · thegentlemen Team

NetExec (nxc)Offsec

1 grupos · thegentlemen Team

PetitPotamOffsec

1 grupos · thegentlemen Team

PrivHoundOffsec

1 grupos · thegentlemen Team

RegPwnOffsec

1 grupos · thegentlemen Team

RelayKingOffsec

1 grupos · thegentlemen Team

ResponderOffsec

1 grupos · thegentlemen Team

TrustedSec TitanisOffsec

1 grupos · thegentlemen Team

ZeroPulseOffsec

1 grupos · thegentlemen Team

ntlmrelayxOffsec

1 grupos · thegentlemen Team

Invoke-TheHashOffsec

1 grupos · yurei

AnyDeskRMM-Tools

30 grupos · akira Team, avoslocker, beast, bianlian Team, blackbasta Team, blackbyte Team, blacksuit Team, cactus Team, conti Team,

SplashtopRMM-Tools

12 grupos · avoslocker, bianlian Team, blackbasta Team, cactus Team, conti Team, everest Team, hive Team, lockbit3 Team, medusa Team

AteraRMM-Tools

11 grupos · avoslocker, bianlian Team, blackbasta Team, blacksuit Team, conti Team, everest Team, hive Team, medusa Team, quantum, r

ScreenConnectRMM-Tools

10 grupos · bianlian Team, blackbasta Team, hive Team, interlock, lockbit3 Team, medusa Team, qilin Team, ransomhub Team, trigona, y

TeamViewerRMM-Tools

6 grupos · akira Team, bianlian Team, helldown, lockbit3 Team, trigona, yanluowang

LogMeInRMM-Tools

4 grupos · blacksuit Team, royal Team, trigona, yanluowang

MobaXtermRMM-Tools

3 grupos · akira Team, blacksuit Team, royal Team

NetSupportRMM-Tools

3 grupos · blackbasta Team, cuba, qilin Team

TightVNCRMM-Tools

3 grupos · darkside, ransomhub Team, warlock

RadminRMM-Tools

2 grupos · akira Team, warlock

PDQ DeployRMM-Tools

2 grupos · avoslocker, medusa Team

Action1RMM-Tools

2 grupos · lockbit3 Team, monti

N-AbleRMM-Tools

2 grupos · medusa Team, ransomhub Team

MeshAgentRMM-Tools

1 grupos · akira Team

RustDeskRMM-Tools

1 grupos · akira Team

TacticalRMMRMM-Tools

1 grupos · avoslocker

AmmyyAdminRMM-Tools

1 grupos · bianlian Team

SupremoRMM-Tools

1 grupos · blackbasta Team

SuperOpsRMM-Tools

1 grupos · cactus Team

GoToAssistRMM-Tools

1 grupos · darkside

FixMeItRMM-Tools

1 grupos · lockbit3 Team

ZohoAssistRMM-Tools

1 grupos · lockbit3 Team

HCL BigFixRMM-Tools

1 grupos · medusa Team

SimpleHelpRMM-Tools

1 grupos · medusa Team

eHorusRMM-Tools

1 grupos · medusa Team

Remote Desktop Plus (RDP+)RMM-Tools

1 grupos · medusalocker

RSATRMM-Tools

1 grupos · quantum

Remote Manipulator System (RMS)RMM-Tools

1 grupos · ragnarlocker

RemoteUtilitiesRMM-Tools

1 grupos · ragnarlocker

SyncroRMM-Tools

1 grupos · royal Team

PowerAdminRMM-Tools

1 grupos · vicesociety Team