Common Information
Type | Value |
---|---|
Value |
Windows Command Shell - T1059.003 |
Category | Attack-Pattern |
Type | Mitre-Attack-Pattern |
Misp Type | Cluster |
Description | Adversaries may abuse the Windows command shell for execution. The Windows command shell ([cmd](https://attack.mitre.org/software/S0106)) is the primary command prompt on Windows systems. The Windows command prompt can be used to control almost any aspect of a system, with various permission levels required for different subsets of commands. The command prompt can be invoked remotely via [Remote Services](https://attack.mitre.org/techniques/T1021) such as [SSH](https://attack.mitre.org/techniques/T1021/004).(Citation: SSH in Windows) Batch files (ex: .bat or .cmd) also provide the shell with a list of sequential commands to run, as well as normal scripting operations such as conditionals and loops. Common uses of batch files include long or repetitive tasks, or the need to run the same set of commands on multiple systems. Adversaries may leverage [cmd](https://attack.mitre.org/software/S0106) to execute various commands and payloads. Common uses include [cmd](https://attack.mitre.org/software/S0106) to execute a single command, or abusing [cmd](https://attack.mitre.org/software/S0106) interactively with input and output forwarded over a command and control channel. |
Details | Published | Attributes | CTI | Title | ||
---|---|---|---|---|---|---|
Details | Website | 2024-11-18 | 30 | LetsDefend — Log Analysis with Sysmon Walkthrough | ||
Details | Website | 2024-11-15 | 33 | DONOT's Attack On Maritime & Defense Manufacturing | ||
Details | Website | 2024-11-08 | 25 | Dark Web Profile: CosmicBeetle (NoName) Ransomware - SOCRadar® Cyber Intelligence Inc. | ||
Details | Website | 2024-11-07 | 9 | 5 Most Common Malware Techniques in 2024 | ||
Details | Website | 2024-11-04 | 57 | Threat Intelligence Report October 29 - November 4 2024 | Red Piranha | ||
Details | Website | 2024-11-03 | 35 | Threat Actor — Cl0P | ||
Details | Website | 2024-11-01 | 39 | Dark Web Profile: Tropic Trooper (APT23) - SOCRadar® Cyber Intelligence Inc. | ||
Details | Website | 2024-10-29 | 207 | WarmCookie Malware Threat Intel | ||
Details | Website | 2024-10-28 | 21 | Malware Trends Report: Q3, 2024 | ||
Details | Website | 2024-10-24 | 79 | Arctic Wolf Labs Observes Increased Fog and Akira Ransomware Activity Linked to SonicWall SSL VPN - Arctic Wolf | ||
Details | Website | 2024-10-23 | 44 | Highlighting TA866/Asylum Ambuscade Activity Since 2021 | ||
Details | Website | 2024-10-23 | 76 | Embargo ransomware: Rock’n’Rust | ||
Details | Website | 2024-10-22 | 21 | Malware Trends Report: Q3, 2024 | ||
Details | Website | 2024-10-22 | 21 | Malware Trends Report: Q3, 2024 - ANY.RUN's Cybersecurity Blog | ||
Details | Website | 2024-10-18 | 44 | Weekly Intelligence Report - 18 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
Details | Website | 2024-10-18 | 56 | Vietnamese Threat Actor’s Multi-Layered Strategy On Digital Marketing Professionals - Cyble | ||
Details | Website | 2024-10-17 | 75 | APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere | ||
Details | Website | 2024-10-16 | 13 | UAC-0050 Attack Detection: russia-Backed APT Performs Cyber Espionage, Financial Crimes, and Disinformation Operations Against Ukraine - SOC Prime | ||
Details | Website | 2024-10-13 | 17 | Fog Ransomware – Technical Analysis | Blog | Dark Atlas | Dark Web Monitoring Platform | Compromised Credentials Monitoring | Account Takeover Prevention Platform | Threat Intelligence | Buguard | ||
Details | Website | 2024-10-10 | 33 | Malware by the (Bit)Bucket: Uncovering AsyncRAT | ||
Details | Website | 2024-10-10 | 182 | Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware | CTF导航 | ||
Details | Website | 2024-10-08 | 21 | MisterioLNK: The Open-Source Builder Behind Malicious Loaders - Cyble | ||
Details | Website | 2024-10-07 | 141 | Mind the (air) gap: GoldenJackal gooses government guardrails | ||
Details | Website | 2024-10-04 | 32 | LemonDuck Unleashes Cryptomining Attacks Through SMB Service Exploits | ||
Details | Website | 2024-10-04 | 100 | Агент SIEM используется в атаках SilentCryptoMiner |