Register to stream ATT&CKcon 2.0 October 29-30


netsh is a scripting utility used to interact with networking components on local or remote systems. [1]

ID: S0108
Associated Software: netsh.exe
Type: TOOL
Platforms: Windows
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1090 Connection Proxy netsh can be used to set up a proxy tunnel to allow remote host access to an infected host. [3]
Enterprise T1089 Disabling Security Tools netsh can be used to disable local firewall settings. [1] [2]
Enterprise T1128 Netsh Helper DLL netsh can be used as a persistence proxy technique to execute a helper DLL when netsh.exe is executed. [4]
Enterprise T1063 Security Software Discovery netsh can be used to discover system firewall settings. [1] [2]

Groups That Use This Software

ID Name References
G0008 Carbanak [5]
G0032 Lazarus Group [6]
G0074 Dragonfly 2.0 [7]
G0019 Naikon [8]
G0050 APT32 [9]