cmd
dir
(Citation: TechNet Dir)), deleting files (e.g., del
(Citation: TechNet Del)), and copying files (e.g., copy
(Citation: TechNet Copy)).
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
cmd is used to execute programs and other actions at the command-line interface.(Citation: TechNet Cmd) |
Enterprise | T1070 | .004 | Indicator Removal: File Deletion |
cmd can be used to delete files from the file system.(Citation: TechNet Del) |
Groups That Use This Software |
||
ID | Name | References |
---|---|---|
G0093 | GALLIUM |
(Citation: Cybereason Soft Cell June 2019) (Citation: Microsoft GALLIUM December 2019) |
G0060 | BRONZE BUTLER |
(Citation: Secureworks BRONZE BUTLER Oct 2017) |
G0026 | APT18 |
(Citation: Dell Lateral Movement) |
G0045 | menuPass |
(Citation: PWC Cloud Hopper Technical Annex April 2017) |
G0071 | Orangeworm |
(Citation: Symantec Orangeworm April 2018) |
G0072 | Honeybee |
(Citation: McAfee Honeybee) |
(Citation: McAfee Honeybee) |
||
G1017 | Volt Typhoon |
(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024) |
References
- Sherstobitoff, R. (2018, March 02). McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018.
- Microsoft. (n.d.). Cmd. Retrieved April 18, 2016.
- Microsoft. (n.d.). Copy. Retrieved April 26, 2016.
- Microsoft. (n.d.). Del. Retrieved April 22, 2016.
- Microsoft. (n.d.). Dir. Retrieved April 18, 2016.
- Cybereason Nocturnus. (2019, June 25). Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers. Retrieved July 18, 2019.
- MSTIC. (2019, December 12). GALLIUM: Targeting global telecom. Retrieved January 13, 2021.
- Counter Threat Unit Research Team. (2017, October 12). BRONZE BUTLER Targets Japanese Enterprises. Retrieved January 4, 2018.
- Carvey, H.. (2014, September 2). Where you AT?: Indicators of lateral movement using at.exe on Windows 7 systems. Retrieved January 25, 2016.
- PwC and BAE Systems. (2017, April). Operation Cloud Hopper: Technical Annex. Retrieved April 13, 2017.
- Symantec Security Response Attack Investigation Team. (2018, April 23). New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia. Retrieved May 8, 2018.
- CISA et al.. (2024, February 7). PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure. Retrieved May 15, 2024.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.