Common Information
Type Value
Value
Windows Command Shell - T1059.003
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may abuse the Windows command shell for execution. The Windows command shell ([cmd](https://attack.mitre.org/software/S0106)) is the primary command prompt on Windows systems. The Windows command prompt can be used to control almost any aspect of a system, with various permission levels required for different subsets of commands. The command prompt can be invoked remotely via [Remote Services](https://attack.mitre.org/techniques/T1021) such as [SSH](https://attack.mitre.org/techniques/T1021/004).(Citation: SSH in Windows) Batch files (ex: .bat or .cmd) also provide the shell with a list of sequential commands to run, as well as normal scripting operations such as conditionals and loops. Common uses of batch files include long or repetitive tasks, or the need to run the same set of commands on multiple systems. Adversaries may leverage [cmd](https://attack.mitre.org/software/S0106) to execute various commands and payloads. Common uses include [cmd](https://attack.mitre.org/software/S0106) to execute a single command, or abusing [cmd](https://attack.mitre.org/software/S0106) interactively with input and output forwarded over a command and control channel.
Details Published Attributes CTI Title
Details Website 2024-11-18 30 LetsDefend — Log Analysis with Sysmon Walkthrough
Details Website 2024-11-15 33 DONOT's Attack On Maritime & Defense Manufacturing
Details Website 2024-11-08 25 Dark Web Profile: CosmicBeetle (NoName) Ransomware - SOCRadar® Cyber Intelligence Inc.
Details Website 2024-11-07 9 5 Most Common Malware Techniques in 2024
Details Website 2024-11-04 57 Threat Intelligence Report October 29 - November 4 2024 | Red Piranha
Details Website 2024-11-03 35 Threat Actor — Cl0P
Details Website 2024-11-01 39 Dark Web Profile: Tropic Trooper (APT23) - SOCRadar® Cyber Intelligence Inc.
Details Website 2024-10-29 207 WarmCookie Malware Threat Intel
Details Website 2024-10-28 21 Malware Trends Report: Q3, 2024
Details Website 2024-10-24 79 Arctic Wolf Labs Observes Increased Fog and Akira Ransomware Activity Linked to SonicWall SSL VPN - Arctic Wolf
Details Website 2024-10-23 44 Highlighting TA866/Asylum Ambuscade Activity Since 2021
Details Website 2024-10-23 76 Embargo ransomware: Rock’n’Rust
Details Website 2024-10-22 21 Malware Trends Report: Q3, 2024
Details Website 2024-10-22 21 Malware Trends Report: Q3, 2024 - ANY.RUN's Cybersecurity Blog
Details Website 2024-10-18 44 Weekly Intelligence Report - 18 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
Details Website 2024-10-18 56 Vietnamese Threat Actor’s Multi-Layered Strategy On Digital Marketing Professionals - Cyble
Details Website 2024-10-17 75 APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere
Details Website 2024-10-16 13 UAC-0050 Attack Detection: russia-Backed APT Performs Cyber Espionage, Financial Crimes, and Disinformation Operations Against Ukraine - SOC Prime
Details Website 2024-10-13 17 Fog Ransomware – Technical Analysis | Blog | Dark Atlas | Dark Web Monitoring Platform | Compromised Credentials Monitoring | Account Takeover Prevention Platform | Threat Intelligence | Buguard
Details Website 2024-10-10 33 Malware by the (Bit)Bucket: Uncovering AsyncRAT
Details Website 2024-10-10 182 Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware | CTF导航
Details Website 2024-10-08 21 MisterioLNK: The Open-Source Builder Behind Malicious Loaders - Cyble
Details Website 2024-10-07 141 Mind the (air) gap: GoldenJackal gooses government guardrails
Details Website 2024-10-04 32 LemonDuck Unleashes Cryptomining Attacks Through SMB Service Exploits
Details Website 2024-10-04 100 Агент SIEM используется в атаках SilentCryptoMiner