Show in Graph
Common Information
Type Value
Value 
Windows Command Shell - T1059.003
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may abuse the Windows command shell for execution. The Windows command shell ([cmd](https://attack.mitre.org/software/S0106)) is the primary command prompt on Windows systems. The Windows command prompt can be used to control almost any aspect of a system, with various permission levels required for different subsets of commands. The command prompt can be invoked remotely via [Remote Services](https://attack.mitre.org/techniques/T1021) such as [SSH](https://attack.mitre.org/techniques/T1021/004).(Citation: SSH in Windows) Batch files (ex: .bat or .cmd) also provide the shell with a list of sequential commands to run, as well as normal scripting operations such as conditionals and loops. Common uses of batch files include long or repetitive tasks, or the need to run the same set of commands on multiple systems. Adversaries may leverage [cmd](https://attack.mitre.org/software/S0106) to execute various commands and payloads. Common uses include [cmd](https://attack.mitre.org/software/S0106) to execute a single command, or abusing [cmd](https://attack.mitre.org/software/S0106) interactively with input and output forwarded over a command and control channel.
Details Published Attributes CTI Title
Details Website 2024-09-30 174 Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware
Details Website 2024-09-19 142 Black Basta Ransomware: What You Need to Know | Qualys Security Blog
Details Website 2024-09-17 0 Construction firms breached in brute force attacks on accounting software
Details Website 2024-09-10 129 CosmicBeetle steps up: Probation period at RansomHub
Details Website 2024-09-08 114 深入剖析针对中国用户的攻击活动(判断为Hvv样本被捕获了,红队速来认领) | CTF导航
Details Website 2024-09-02 28 Threat Intelligence Report 27th August – 2nd September 2024
Details Website 2024-08-30 97 From Cobalt Strike to Mimikatz: A Deep Dive into the SLOW#TEMPEST Campaign Targeting Chinese Users
Details Website 2024-08-26 30 Threat Intelligence Report 20th August – 26th August 2024
Details Website 2024-08-22 82 Threat Tracking: Analysis of puNK-003’s Lilith RAT ported to AutoIt Script
Details Website 2024-08-21 13 UAC-0020 (Vermin) Activity Detection: A New Phishing Attack Abusing the Topic of Prisoners of War at the Kursk Front and Using FIRMACHAGENT Malware - SOC Prime
Details Website 2024-08-13 2 What Are Emerging Threats and How to Investigate Them - ANY.RUN's Cybersecurity Blog
Details Website 2024-07-29 20 Attackers (Crowd)Strike with Infostealer Malware - Perception Point
Details Website 2024-07-24 29 Malware Distributed Using Falcon Sensor Update Phishing Lure | CrowdStrike
Details Website 2024-07-02 5 Pentesting results for 2023
Details Website 2024-06-20 114 深入剖析针对中国用户的攻击活动(判断为Hvv样本被捕获了,红队速来认领)
Details Website 2024-06-18 1 Threat Hunting Case Study: Looking for Evil Corp
Details Website 2024-06-12 27 Dipping into Danger: The WARMCOOKIE backdoor — Elastic Security Labs
Details Website 2024-06-04 56 Lost in the Fog: A New Ransomware Threat - Arctic Wolf
Details Website 2024-05-28 127 AllaSenha: AllaKore variant leverages Azure cloud C2 to steal banking details in Latin America
Details Website 2024-05-22 48 Invisible miners: unveiling GHOSTENGINE’s crypto mining operations — Elastic Security Labs
Details Website 2024-05-16 73 Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID — Elastic Security Labs
Details Website 2024-05-15 45 To the Moon and back(doors): Lunar landing in diplomatic missions
Details Website 2024-05-01 26 LOLBin to INC Ransomware | Huntress
Details Website 2024-04-21 21 CVE-2024-3400: Critical Palo Alto PAN-OS Command Injection Vulnerability Exploited by Sysrv Botnet's XMRig Malware
Details Website 2024-04-01 124 From OneNote to RansomNote: An Ice Cold Intrusion