ConnectWise is a legitimate remote administration tool that has been used since at least 2016 by threat actors including MuddyWater and GOLD SOUTHFIELD to connect to and conduct lateral movement in target environments.[1][2]
Name | Description |
---|---|
ScreenConnect |
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .001 | Command and Scripting Interpreter: PowerShell |
ConnectWise can be used to execute PowerShell commands on target machines.[1] |
Enterprise | T1113 | Screen Capture |
ConnectWise can take screenshots on remote hosts.[1] |
|
Enterprise | T1125 | Video Capture |
ConnectWise can record video on remote hosts.[1] |
ID | Name | References |
---|---|---|
G0069 | MuddyWater | |
G0115 | GOLD SOUTHFIELD |