Windows

Rpcping.exeRpcping.exe

Platform
Windows
Abuse functions
2
Mapped techniques
2

Description

Rpcping.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: Credentials. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1003. Defenders should monitor execution of Rpcping.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 2

CredentialsT1003

Capture credentials on a non-standard port

CredentialsT1187

Relay a NTLM authentication over RPC (ncacn_ip_tcp) on a custom port

MITRE ATT&CK techniques· 2

T1003T1187

Uses2

TypeTargetConfidenceTier
TechniqueForced Authenticationt1187100%live
TechniqueOS Credential Dumpingt1003100%live

Abuses1

TypeTargetConfidenceTier
TechniqueOS Credential Dumpingt100385%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
rcsi.exe
LOLbin
Remote.exe
LOLbin
rdrleakdiag.exe
LOLbin
Pktmon.exe
LOLbin
Bcp.exe
LOLbin
Appvlp.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.