#T1021.006 Windows Remote Management

Technique

  • Tactics: Lateral Movement
  • Description:

    Adversaries may use [Valid Accounts](https://attack.mitre.org/techniques/T1078) to interact with remote systems using Windows Remote Management (WinRM). The adversary may then perform actions as the logged-on user.

    WinRM is the name of both a Windows service and a protocol that allows a user to interact with a remote system (e.g., run an executable, modify the Registry, modify services).(Citation: Microsoft WinRM) It may be called with the `winrm` command or by any number of programs such as PowerShell.(Citation: Jacobsen 2014) WinRM can be used as a method of remotely interacting with [Windows Management Instrumentation](https://attack.mitre.org/techniques/T1047).(Citation: MSDN WMI)

  • First Seen: 귀신(Gwisin) 랜섬웨어 공격 전략 분석 리포트 • 2022-08-24
MITRE ATT&CK

Tagged Reports

2025-08-25
Bloo
#GolangGhost #Lazarus #T1055.012 #T1190 #T1562.001 #T1036.007 #T1123 #T1059.005 #T1106 #T1036.003 #T1622 #T1059.010 #T1027.002 #T1132.002 #T1136.001 #T1057 #T1548.002 #T1059.003 #T1134.004 #T1566.001 #T1518.001 #T1614.001 #T1574.007 #T1573.001 #T1547.001 #T1140 #T1027.009 #T1005 #T1070.004 #T1027.007 #T1098.007 #T1041 #T1564.001 #T1010 #T1113 #T1219 #T1071.004 #T1021.002 #T1204.002 #T1055.002 #T1071.001 #T1574.002 #T1115 #T1083 #T1059.001 #T1555.003 #T1056.001 #T1566.002 #T1497.001 #T1217 #T1021.006
2022-08-24
SKShildus
#Ransomware #Gwisin #T1589.001 #T1047 #T1036.003 #T0807 #T1595.002 #T1059.003 #T1003.001 #T1140 #T1587.001 #T1041 #T1608.001 #T1021.002 #T1070.001 #T1590 #T1218.007 #T1083 #T1490 #T1486 #T1110 #T1021.001 #T1021.004 #T1021.006
« Back