Common Information
| Type | Value |
|---|---|
| Value |
Unix Shell - T1059.004 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may abuse Unix shell commands and scripts for execution. Unix shells are the primary command prompt on Linux and macOS systems, though many variations of the Unix shell exist (e.g. sh, bash, zsh, etc.) depending on the specific OS or distribution.(Citation: DieNet Bash)(Citation: Apple ZShell) Unix shells can control every aspect of a system, with certain commands requiring elevated privileges. Unix shells also support scripts that enable sequential execution of commands as well as other typical programming operations such as conditionals and loops. Common uses of shell scripts include long or repetitive tasks, or the need to run the same set of commands on multiple systems. Adversaries may abuse Unix shells to execute various commands or payloads. Interactive shells may be accessed through command and control channels or during lateral movement such as with [SSH](https://attack.mitre.org/techniques/T1021/004). Adversaries may also leverage shell scripts to deliver and execute multiple commands on victims or as part of payloads used for persistence. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-10-30 | 154 | Крысиный король: как Android-троян CraxsRAT ворует данные пользователей | Блог F.A.C.C.T. | ||
| Details | Website | 2024-10-30 | 28 | Attacker Abuses Victim Resources to Reap Rewards from Titan Network | ||
| Details | Website | 2024-10-28 | 21 | Malware Trends Report: Q3, 2024 | ||
| Details | Website | 2024-10-22 | 21 | Malware Trends Report: Q3, 2024 | ||
| Details | Website | 2024-10-22 | 21 | Malware Trends Report: Q3, 2024 - ANY.RUN's Cybersecurity Blog | ||
| Details | Website | 2024-10-21 | 21 | Attackers Target Exposed Docker Remote API Servers With perfctl Malware | ||
| Details | Website | 2024-10-17 | 42 | New macOS vulnerability, “HM Surf”, could lead to unauthorized data access | ||
| Details | Website | 2024-10-10 | 9 | AhnLab EDR을 활용한 BPFDoor 리눅스 악성코드 탐지 - ASEC | ||
| Details | Website | 2024-10-10 | 14 | Building a Automated Linux Sandbox for Malware Analysis | ||
| Details | Website | 2024-10-09 | 22 | APT 40 Advisory PRC MSS Tradecraft In Action Summary | ||
| Details | Website | 2024-10-09 | 9 | BPFDoor Linux Malware Detected by AhnLab EDR - ASEC | ||
| Details | Website | 2024-09-27 | 123 | Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse — Elastic Security Labs | ||
| Details | Website | 2024-09-27 | 58 | OSINT Investigation: Hunting Malicious Infrastructure Linked to Transparent Tribe - CYFIRMA | ||
| Details | Website | 2024-09-12 | 41 | From Automation to Exploitation: The Growing Misuse of Selenium Grid for Cryptomining and Proxyjacking | ||
| Details | Website | 2024-09-12 | 11 | Hadooken Malware Targets Weblogic Applications | ||
| Details | Website | 2024-09-12 | 25 | Hygiene, Hygiene, Hygiene! [Guest Diary] - SANS Internet Storm Center | ||
| Details | Website | 2024-09-09 | 14 | 静默入侵:Godzilla 无文件后门攻击 Atlassian Confluence | CTF导航 | ||
| Details | Website | 2024-08-28 | 11 | Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem | ||
| Details | Website | 2024-08-21 | 30 | Linux Detection Engineering - A primer on persistence mechanisms — Elastic Security Labs | ||
| Details | Website | 2024-08-20 | 28 | Мейнфреймы: устройство и особенности тестирования на проникновение | ||
| Details | Website | 2024-08-20 | 28 | Mainframes: structure and features of penetration testing | ||
| Details | Website | 2024-08-19 | 20 | PG_MEM: A Malware Hidden in the Postgres Processes | ||
| Details | Website | 2024-08-12 | 9 | Maldoc Execution Chain | ||
| Details | Website | 2024-07-25 | 18 | SeleniumGreed Cryptomining Campaign Exploiting Grid Services | Wiz Blog | ||
| Details | Website | 2024-07-22 | 6 | Threat Hunting Case Study: Looking for Volt Typhoon |