Show in Graph
Common Information
Type Value
Value 
Windows Command Shell - T1059.003
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may abuse the Windows command shell for execution. The Windows command shell ([cmd](https://attack.mitre.org/software/S0106)) is the primary command prompt on Windows systems. The Windows command prompt can be used to control almost any aspect of a system, with various permission levels required for different subsets of commands. The command prompt can be invoked remotely via [Remote Services](https://attack.mitre.org/techniques/T1021) such as [SSH](https://attack.mitre.org/techniques/T1021/004).(Citation: SSH in Windows) Batch files (ex: .bat or .cmd) also provide the shell with a list of sequential commands to run, as well as normal scripting operations such as conditionals and loops. Common uses of batch files include long or repetitive tasks, or the need to run the same set of commands on multiple systems. Adversaries may leverage [cmd](https://attack.mitre.org/software/S0106) to execute various commands and payloads. Common uses include [cmd](https://attack.mitre.org/software/S0106) to execute a single command, or abusing [cmd](https://attack.mitre.org/software/S0106) interactively with input and output forwarded over a command and control channel.
Details Published Attributes CTI Title
Details Website 2022-09-30 98 A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion
Details Website 2022-09-29 73 Malware Persistence Within ESXi Hypervisors | Malicious VIBs
Details Website 2022-09-22 24 Hunting attackers using Microsoft Protection Logs (MPLogs)!
Details Website 2022-09-14 53 DPRK Job Opportunity Phishing via WhatsApp | PuTTY Utility
Details Website 2022-09-12 74 Chiseling In: Lorenz Ransomware Group Cracks MiVoice And Calls Back For Free - Arctic Wolf
Details Website 2022-09-09 17 BUGHATCH Malware Analysis — Elastic Security Labs
Details Website 2022-09-08 85 CUBA Ransomware Campaign Analysis — Elastic Security Labs
Details Website 2022-08-31 156 Ryuk Ransomware: History, Timeline, and Adversary Simulation - FourCore
Details Website 2022-08-18 181 APT41 World Tour 2021 on a tight schedule
Details Website 2022-08-17 100 UNC3890 | Suspected Iranian Threat Actor Targets Israel
Details Website 2022-08-17 100 Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors | Mandiant
Details Website 2022-08-08 143 BumbleBee Roasts Its Way to Domain Admin
Details Website 2022-08-02 34 Raspberry Robin gets the worm early
Details Website 2022-07-26 65 New Wave of Emotet - When Project X Turns Into Y - Cynet
Details Website 2022-07-20 4 APT41: A Case Sudy
Details Website 2022-07-20 120 Securonix Threat Labs Initial Coverage Advisory: STIFF#BIZON Detection Using Securonix – New Attack Campaign Observed Possibly Linked to Konni/APT37 (North Korea)
Details Website 2022-07-18 28 MAR-10382580-r2.v1 – RAT | CISA
Details Website 2022-06-10 76 Threat Attribution — Chimera “Under the Radar”
Details Website 2022-06-10 39 Taiwan Government Targeted by Multiple Cyberattacks in April 2020
Details Website 2022-06-02 99 To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions | Mandiant
Details Website 2022-06-01 50 Analyzing AsyncRAT distributed in Colombia | Welcome to Jstnk webpage
Details Website 2022-05-27 50 Emotet Analysis: New LNKs in the Infection Chain | Kroll
Details Website 2022-05-17 679 Space Pirates: analyzing the tools and connections of a new hacker group
Details Website 2022-05-17 21 Ransomware Spotlight: RansomEXX - Security News
Details Website 2022-05-02 39 UNC3524: Eye Spy on Your Email | Mandiant