RemoteUtilities is a legitimate remote administration tool that has been used by MuddyWater since at least 2021 for execution on target machines.[1]

ID: S0592
Type: TOOL
Platforms: Windows
Version: 1.0
Created: 18 March 2021
Last Modified: 25 April 2021

Techniques Used

Domain ID Name Use
Enterprise T1083 File and Directory Discovery

RemoteUtilities can enumerate files and directories on a target machine.[1]

Enterprise T1105 Ingress Tool Transfer

RemoteUtilities can upload and download files to and from a target machine.[1]

Enterprise T1113 Screen Capture

RemoteUtilities can take screenshots on a compromised host.[1]

Enterprise T1218 .007 System Binary Proxy Execution: Msiexec

RemoteUtilities can use Msiexec to install a service.[1]

Groups That Use This Software

ID Name References
G0069 MuddyWater