Windows

Bitsadmin.exeBitsadmin.exe

Platform
Windows
Abuse functions
4
Mapped techniques
3

Description

Bitsadmin.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: ADS, Download, Copy, Execute. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1105, T1218, T1564.004. Defenders should monitor execution of Bitsadmin.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 4

Performs execution of specified file in the alternate data stream, can be used as a defensive evasion or persistence technique.

DownloadT1105

Download file from Internet

CopyT1105

Copy file

ExecuteT1218

Execute binary file specified. Can be used as a defensive evasion.

MITRE ATT&CK techniques· 3

T1564.004T1105T1218

Uses3

TypeTargetConfidenceTier
TechniqueSystem Binary Proxy Executiont1218100%live
TechniqueIngress Tool Transfert1105100%live
SubTechniqueNTFS File Attributest1564.004100%live

Abuses3

TypeTargetConfidenceTier
SubTechniqueNTFS File Attributest1564.00490%live
TechniqueIngress Tool Transfert110585%live
TechniqueSystem Binary Proxy Executiont121885%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
wbadmin.exe
LOLbin
Extrac32.exe
LOLbin
Control.exe
LOLbin
PrintBrm.exe
LOLbin
adplus.exe
LOLbin
Forfiles.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.