CSPY Downloader
[CSPY Downloader] is a tool designed to evade analysis and download additional payloads used by [Kimsuky](https://attack.mitre.org/groups/G0094).(Citation: Cybereason Kimsuky November 2020)
MimiPenguin
[MimiPenguin] is a credential dumper, similar to [Mimikatz](https://attack.mitre.org/software/S0002), designed specifically for Linux platforms. (Citation: MimiPenguin GitHub May 2017)
netsh
[netsh] is a scripting utility used to interact with networking components on local or remote systems. (Citation: TechNet Netsh)
CARROTBALL
[CARROTBALL] is an FTP downloader utility that has been in use since at least 2019. [CARROTBALL] has been used as a downloader to install [SYSCON](https://attack.mitre.org/software/S0464).(Citation: Unit 42 CARROTBAT January 2020)
BITSAdmin
[BITSAdmin] is a command line tool used to create and manage [BITS Jobs](https://attack.mitre.org/techniques/T1197). (Citation: Microsoft BITSAdmin)
meek
[meek] is an open-source Tor plugin that tunnels Tor traffic through HTTPS connections.
Remcos
[Remcos] is a closed-source tool that is marketed as a remote control and surveillance software by a company called Breaking Security. [Remcos] has been observed being used in malware campaigns.(Citation: Riskiq Remcos Jan 2018)(Citation: Talos Remcos Aug 2018)
Systeminfo
[Systeminfo] is a Windows utility that can be used to gather detailed information about a computer. (Citation: TechNet Systeminfo)
Out1
[Out1] is a remote access tool written in python and used by [MuddyWater](https://attack.mitre.org/groups/G0069) since at least 2021.(Citation: Trend Micro Muddy Water March 2021)
ConnectWise
[ConnectWise] is a legitimate remote administration tool that has been used since at least 2016 by threat actors including [MuddyWater](https://attack.mitre.org/groups/G0069) and [GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) to connect to and conduct lateral movement in target environments.(Citation: Anomali Static Kitten February 2021)(Citation: Trend Micro Muddy Water March 2021)