Windows Remote Management (WinRM) is the name of both a Windows service and a protocol that allows a user to interact with a remote system (e.g., run an executable, modify the Registry, modify services). It may be called with the winrm command or by any number of programs such as PowerShell.

Malware/Threat actors

Name	Type	Years	Source
Threat Group 3390	threat actor	2010-2018	threat-group-3390-targets-organizations-for-cyberespionage bronze-union 86083

Preventions

Detections

Toolkit

Similar techniques

• WMI
• SSH HiJacking
• SMB
• Remote Desktop
• Exploit

References

• Windows Remote Management
• Investigating PowerShell Attacks