Can the MSDTC backdoor be exploited in a workgroup environment or only in a domain?

The MSDTC service starts by default in both domain and workgroup environments, so the backdoor works regardless of whether the computer is joined to a domain. This expands its applicability beyond the initial domain-focused attack described by Trend Micro, making it a versatile persistence method.