DETECTION OVERVIEW

New Dual-Use Software Activity

Risk Factors

Dual-use software is easy to acquire and can be leveraged for both legitimate and malicious activity. Malware and advanced persistent threat (APT) groups have been known to install new instances of dual-use software such as AdFind, Rclone, PingCastle, BloodHound, and Impacket to carry out attack objectives. The impact of this activity depends on the type of attack campaign. For example, dual-use software such as AdFind enables reconnaissance while Rclone enables data exfiltration.

The system might change the risk score for this detection.

Kill Chain

Caution

Risk Score

Attack Background

N/A

Mitigation Options

Investigate unusual or unexpected activity associated with dual-use software
Apply the principles of least privilege to domain users to reduce the information users can enumerate through tools such as AdFind

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

What else can RevealX do for you?

View our Periodic Table of use cases