Cmd.exe contains native functionality to perform many operations to interact with the system, including listing files in a directory (e.g.,
dir ), deleting files (e.g.,
del ), and copying files (e.g.,
Associated Software: cmd.exe
Created: 31 May 2017
Last Modified: 20 March 2020
|Enterprise||T1059||.003||Command and Scripting Interpreter: Windows Command Shell|
|Enterprise||T1083||File and Directory Discovery|
|Enterprise||T1070||.004||Indicator Removal on Host: File Deletion|
|Enterprise||T1105||Ingress Tool Transfer|
|Enterprise||T1570||Lateral Tool Transfer|
|Enterprise||T1082||System Information Discovery|
Groups That Use This Software
- Microsoft. (n.d.). Cmd. Retrieved April 18, 2016.
- Microsoft. (n.d.). Dir. Retrieved April 18, 2016.
- Microsoft. (n.d.). Del. Retrieved April 22, 2016.
- Microsoft. (n.d.). Copy. Retrieved April 26, 2016.
- Counter Threat Unit Research Team. (2017, October 12). BRONZE BUTLER Targets Japanese Enterprises. Retrieved January 4, 2018.
- Sherstobitoff, R. (2018, March 02). McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018.
- Carvey, H.. (2014, September 2). Where you AT?: Indicators of lateral movement using at.exe on Windows 7 systems. Retrieved January 25, 2016.
- Symantec Security Response Attack Investigation Team. (2018, April 23). New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia. Retrieved May 8, 2018.
- PwC and BAE Systems. (2017, April). Operation Cloud Hopper: Technical Annex. Retrieved April 13, 2017.
- Cybereason Nocturnus. (2019, June 25). Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers. Retrieved July 18, 2019.
- MSTIC. (2019, December 12). GALLIUM: Targeting global telecom. Retrieved January 13, 2021.