Common Information
| Type | Value |
|---|---|
| Value |
Windows Command Shell - T1059.003 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may abuse the Windows command shell for execution. The Windows command shell ([cmd](https://attack.mitre.org/software/S0106)) is the primary command prompt on Windows systems. The Windows command prompt can be used to control almost any aspect of a system, with various permission levels required for different subsets of commands. The command prompt can be invoked remotely via [Remote Services](https://attack.mitre.org/techniques/T1021) such as [SSH](https://attack.mitre.org/techniques/T1021/004).(Citation: SSH in Windows) Batch files (ex: .bat or .cmd) also provide the shell with a list of sequential commands to run, as well as normal scripting operations such as conditionals and loops. Common uses of batch files include long or repetitive tasks, or the need to run the same set of commands on multiple systems. Adversaries may leverage [cmd](https://attack.mitre.org/software/S0106) to execute various commands and payloads. Common uses include [cmd](https://attack.mitre.org/software/S0106) to execute a single command, or abusing [cmd](https://attack.mitre.org/software/S0106) interactively with input and output forwarded over a command and control channel. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2022-05-02 | 39 | UNC3524: Eye Spy on Your Email | Mandiant | ||
| Details | Website | 2022-05-02 | 39 | UNC3524: Eye Spy on Your Email | Mandiant | ||
| Details | Website | 2022-04-28 | 128 | Tracking APT29 Phishing Campaigns | Atlassian Trello | ||
| Details | Website | 2022-04-25 | 104 | Quantum Ransomware | ||
| Details | Website | 2022-04-04 | 34 | Ransomware Spotlight: AvosLocker - Security News | ||
| Details | Website | 2022-03-30 | 100 | New Milestones for Deep Panda: Log4Shell and Digitally Signed Fire Chili Rootkits | ||
| Details | Website | 2022-03-25 | 121 | Mustang Panda’s Hodur : Vieux trucs, nouvelle variante de Korplug | WeLiveSecurity | ||
| Details | Website | 2022-03-25 | 125 | Tales of Ransomwares 2021 | ||
| Details | Website | 2022-03-18 | 30 | Ransomware Spotlight: Hive - Security News | ||
| Details | Website | 2022-03-16 | 23 | DirtyMoe: Worming Modules - Avast Threat Labs | ||
| Details | Website | 2022-03-01 | 65 | IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine | WeLiveSecurity | ||
| Details | Website | 2022-02-25 | 104 | The Hunt for the Lost Soul: Unraveling the Evolution of the SoulSearcher Malware | FortiGuard Labs | ||
| Details | Website | 2022-02-24 | 123 | Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks | CISA | ||
| Details | Website | 2022-02-21 | 89 | Qbot and Zerologon Lead To Full Domain Compromise | ||
| Details | Website | 2022-02-15 | 48 | Guard Your Drive from DriveGuard: Moses Staff Campaigns Against Israeli Organizations Span Several Months | FortiGuard Labs | ||
| Details | Website | 2022-02-08 | 36 | LolZarus: Lazarus Group Incorporating Lolbins into Campaigns | Qualys Security Blog | ||
| Details | Website | 2022-02-01 | 96 | SEO Poisoning to Distribute BATLOADER and Atera Agent | ||
| Details | Website | 2022-01-26 | 54 | ALPHV ransomware gang analysis | ||
| Details | Website | 2022-01-18 | 158 | DoNot Go! Do not respawn! | WeLiveSecurity | ||
| Details | Website | 2022-01-01 | 30 | Threat Report | ||
| Details | Website | 2022-01-01 | 29 | Threat Report | ||
| Details | Website | 2021-12-16 | 36 | Threat Thursday: Warzone RAT Breeds a Litter of ScriptKiddies | ||
| Details | Website | 2021-12-15 | 54 | No Unaccompanied Miners: Supply Chain Compromises Through Node.js Packages | Mandiant | ||
| Details | Website | 2021-12-14 | 56 | Tropic Trooper Targets Transportation and Government Organizations | ||
| Details | Website | 2021-12-02 | 95 | SideCopy APT: Connecting lures to victims, payloads to infrastructure |