PSExec - Tool

Threat entity extracted from intelligence sources

Frequency
28
occurrences
First Seen
November 10, 2025
Last Seen
July 18, 2026

PSExec is a tool tracked across 18 threat clusters and 28 intelligence report mentions on ThreatCluster. First observed November 10, 2025; most recent activity July 18, 2026.

Overview

PSExec is a Windows Sysinternals utility that enables remote command execution on Windows hosts. While legitimate for administrative tasks, it is frequently abused by threat actors to move laterally, deploy payloads, and automate post-compromise actions. Its capability to run processes remotely with elevated privileges makes it a significant tool in breach campaigns and incident response challenges.

Related Threat Clusters

Recent Intelligence Reports

  • According to Symantec Threat Hunter Team findings — www.security.com · July 18, 2026
  • Attackers execute a complete ransomware operation in under 24 hours | news — Scworld · July 16, 2026
  • New Spirals ransomware can lock down an entire network in under 24 hours — Pcquest · July 16, 2026
  • New Spirals ransomware encrypts victim network in under 24 hours — Bleepingcomputer · July 16, 2026
  • GodDamn Ransomware: Latest Beast Rebrand Uses Malicious Driver to Disable Defenses — Security · July 9, 2026
  • GodDamn Ransomware Attack Uses PsExec Lateral Movement and NirSoft Toolkit for Credential Theft — Gbhackers · July 9, 2026
  • MITRE ATT&CK - Lyceum — attack.mitre.org · July 8, 2026
  • Go-Based Gentlemen Ransomware Uses PsExec, WMIC, and PowerShell Remoting for ... — Gbhackers · July 6, 2026

CVSS v3.1 Breakdown