1. Home
  2. Software
  3. BITSAdmin

BITSAdmin

BITSAdmin is a command line tool used to create and manage BITS Jobs. [1]

ID: S0190
Type: TOOL
Platforms: Windows
Contributors: Edward Millington
Version: 1.4
Created: 18 April 2018
Last Modified: 03 August 2023
Version Permalink
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1197 BITS Jobs

BITSAdmin can be used to create BITS Jobs to launch a malicious process.[2]
Enterprise T1048 .003 Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted Non-C2 Protocol

BITSAdmin can be used to create BITS Jobs to upload files from a compromised host.[1]
Enterprise T1105 Ingress Tool Transfer

BITSAdmin can be used to create BITS Jobs to upload and/or download files.[1]
Enterprise T1570 Lateral Tool Transfer

BITSAdmin can be used to create BITS Jobs to upload and/or download files from SMB file servers.[3]

Groups That Use This Software

ID Name References
G0102 Wizard Spider

[4]
G0096 APT41

[5]
G1034 Daggerfly

Daggerfly has used BITSAdmin to retrieve files from remote locations to run on victim systems.[6]
G1001 HEXANE

[7]
G0065 Leviathan

[8]
G0081 Tropic Trooper

[2]
G0137 Ferocious Kitten

[9]

References

  1. Microsoft. (n.d.). BITSAdmin Tool. Retrieved January 12, 2018.
  2. Horejsi, J., et al. (2018, March 14). Tropic Trooper’s New Strategy. Retrieved November 9, 2018.
  3. Microsoft. (2019, July 12). About BITS. Retrieved March 16, 2020.
  4. Shilko, J., et al. (2021, October 7). FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets. Retrieved June 15, 2023.
  5. Glyer, C, et al. (2020, March). This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits. Retrieved April 28, 2020.
  1. Threat Hunter Team. (2023, April 20). Daggerfly: APT Actor Targets Telecoms Company in Africa. Retrieved July 25, 2024.
  2. Kayal, A. et al. (2021, October). LYCEUM REBORN: COUNTERINTELLIGENCE IN THE MIDDLE EAST. Retrieved June 14, 2022.
  3. FireEye. (2018, March 16). Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries. Retrieved April 11, 2018.
  4. GReAT. (2021, June 16). Ferocious Kitten: 6 Years of Covert Surveillance in Iran. Retrieved September 22, 2021.