Lateral Movement
The adversary is trying to move through your environment. https://attack.mitre.org/tactics/TA0008/
Disable Remote UAC Restrictions
WMIC
WMI allows users with the required privileges to execute commands in remote hosts without additional tools. Adversaries abuse this feature to move laterally in a compromised network. Adversaries used the following commands to execute commands in a remote host.
Or, with PowerShell:
Conti TTP
Russian Foreign Intelligence Service (SVR) TTP
Last updated