cmd
cmd is the Windows command-line interpreter that can be used to interact with systems and execute other processes and utilities. [1]
Cmd.exe contains native functionality to perform many operations to interact with the system, including listing files in a directory (e.g., dir
[2]), deleting files (e.g., del
[3]), and copying files (e.g., copy
[4]).
Techniques Used
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
cmd is used to execute programs and other actions at the command-line interface.[1] |
Enterprise | T1083 | File and Directory Discovery |
cmd can be used to find files and directories with native functionality such as |
|
Enterprise | T1070 | .004 | Indicator Removal on Host: File Deletion | |
Enterprise | T1105 | Ingress Tool Transfer |
cmd can be used to copy files to/from a remotely connected external system.[4] |
|
Enterprise | T1570 | Lateral Tool Transfer |
cmd can be used to copy files to/from a remotely connected internal system.[4] |
|
Enterprise | T1082 | System Information Discovery |
cmd can be used to find information about the operating system.[2] |
Groups That Use This Software
ID | Name | References |
---|---|---|
G0060 | BRONZE BUTLER | |
G0072 | Honeybee | |
G0026 | APT18 | |
G0071 | Orangeworm | |
G0045 | menuPass | |
G0093 | Soft Cell |
References
- Microsoft. (n.d.). Cmd. Retrieved April 18, 2016.
- Microsoft. (n.d.). Dir. Retrieved April 18, 2016.
- Microsoft. (n.d.). Del. Retrieved April 22, 2016.
- Microsoft. (n.d.). Copy. Retrieved April 26, 2016.
- Counter Threat Unit Research Team. (2017, October 12). BRONZE BUTLER Targets Japanese Enterprises. Retrieved January 4, 2018.
- Sherstobitoff, R. (2018, March 02). McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018.
- Carvey, H.. (2014, September 2). Where you AT?: Indicators of lateral movement using at.exe on Windows 7 systems. Retrieved January 25, 2016.
- Symantec Security Response Attack Investigation Team. (2018, April 23). New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia. Retrieved May 8, 2018.
- PwC and BAE Systems. (2017, April). Operation Cloud Hopper: Technical Annex. Retrieved April 13, 2017.
- Cybereason Nocturnus. (2019, June 25). Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers. Retrieved July 18, 2019.