Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

netsh

netsh is a scripting utility used to interact with networking components on local or remote systems. [1]

ID: S0108
Aliases: netsh, netsh.exe
Type: TOOL
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1090Connection Proxynetsh can be used to set up a proxy tunnel to allow remote host access to an infected host.[2]
EnterpriseT1089Disabling Security Toolsnetsh can be used to disable local firewall settings.[1][3]
EnterpriseT1128Netsh Helper DLLnetsh can be used as a persistence proxy technique to execute a helper DLL when netsh.exe is executed.[4]
EnterpriseT1063Security Software Discoverynetsh can be used to discover system firewall settings.[1][3]

Groups

Groups that use this software:

Carbanak
Dragonfly 2.0
Lazarus Group
Naikon

References