Windows

Remote.exeRemote.exe

Platform
Windows
Abuse functions
3
Mapped techniques
1

Description

Remote.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: AWL Bypass, Execute. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1218. Defenders should monitor execution of Remote.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 3

AWL BypassT1127

Executes a process under a trusted Microsoft signed binary

ExecuteT1127

Executes a process under a trusted Microsoft signed binary

ExecuteT1127

Executing a remote binary without saving file to disk

MITRE ATT&CK techniques· 1

T1127

Uses1

TypeTargetConfidenceTier
TechniqueTrusted Developer Utilities Proxy Executiont1127100%live

Abuses1

TypeTargetConfidenceTier
TechniqueSystem Binary Proxy Executiont121885%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
TestWindowRemoteAgent.exe
LOLbin
At.exe
LOLbin
te.exe
LOLbin
AgentExecutor.exe
LOLbin
Control.exe
LOLbin
ssh.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.