Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 22:36:03 UTC
Home > List all groups > List all tools > List all groups using tool CMD365
 Tool: CMD365
Names CMD365
Category Malware
Type Backdoor
Description
(SentinelLabs) The main functionality of CMD365 is to execute commands from a C2 hosted
on a Microsoft 365 Mail instance. This capability was used to conduct a variety of activities,
such as reconnaissance, privilege escalation, staging of additional malware, and data
exfiltration.
Information
Last change to this tool card: 17 February 2023
Download this tool card in JSON format
All groups using tool CMD365
Changed Name Country Observed
APT groups
 WIP26 [Unknown] 2022
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ced9033b-40f7-435d-bdb7-2c63dc76e452
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ced9033b-40f7-435d-bdb7-2c63dc76e452
Page 1 of 1