netsh

netsh is a scripting utility used to interact with networking components on local or remote systems. [1]

ID: S0108
Associated Software: netsh.exe

Type: TOOL
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1090Connection Proxynetsh can be used to set up a proxy tunnel to allow remote host access to an infected host.[2]
EnterpriseT1089Disabling Security Toolsnetsh can be used to disable local firewall settings.[1][3]
EnterpriseT1128Netsh Helper DLLnetsh can be used as a persistence proxy technique to execute a helper DLL when netsh.exe is executed.[4]
EnterpriseT1063Security Software Discoverynetsh can be used to discover system firewall settings.[1][3]

Groups

Groups that use this software:

APT32
Carbanak
Dragonfly 2.0
Lazarus Group
Naikon

References