route
[route] can be used to find or change information within the local system IP routing table. (Citation: TechNet Route)
esentutl
[esentutl] is a command-line tool that provides database utilities for the Windows Extensible Storage Engine.(Citation: Microsoft Esentutl)
CrackMapExec
[CrackMapExec] or CME, is a post-exploitation tool developed in Python and designed for penetration testing against networks. [CrackMapExec](https://attack.mitre.org/software/S0488) collects Active Directory information to conduct lateral movement through targeted networks.(Citation: CME Github September 2018)
Koadic
[Koadic] is a Windows post-exploitation framework and penetration testing tool. [Koadic] is publicly available on GitHub and the tool is executed via the command-line. [Koadic] has several options for staging payloads and creating implants. [Koadic] performs most of its operations using Windows Script Host. (Citation: Github Koadic) (Citation: Palo Alto Sofacy 06-2018)
schtasks
[schtasks] is used to schedule execution of programs or scripts on a Windows system to run at a specific date and time. (Citation: TechNet Schtasks)
Cachedump
[Cachedump] is a publicly-available tool that program extracts cached password hashes from a system’s registry. (Citation: Mandiant APT1)
Expand
[Expand] is a Windows utility used to expand one or more compressed CAB files.(Citation: Microsoft Expand Utility) It has been used by [BBSRAT](https://attack.mitre.org/software/S0127) to decompress a CAB file into executable content.(Citation: Palo Alto Networks BBSRAT)
Pupy
[Pupy] is an open source, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool. (Citation: GitHub Pupy) It is written in Python and can be generated as a payload in several different ways (Windows exe, Python file, PowerShell oneliner/file, Linux elf, APK, Rubber Ducky, etc.). (Citation: GitHub Pupy) [Pupy] is publicly available on GitHub. (Citation: GitHu
Reg
[Reg] is a Windows utility used to interact with the Windows Registry. It can be used at the command-line interface to query, add, modify, and remove information. (Citation: Microsoft Reg) Utilities such as [Reg] are known to be used by persistent threats. (Citation: Windows Commands JPCERT)
FTP
[FTP] is a utility commonly available with operating systems to transfer information over the File Transfer Protocol (FTP). Adversaries can use it to transfer other tools onto a system or to exfiltrate data. (Citation: Wikipedia FTP)