1. Home
  2. Software
  3. cmd

cmd

cmd is the Windows command-line interpreter that can be used to interact with systems and execute other processes and utilities. [1]

Cmd.exe contains native functionality to perform many operations to interact with the system, including listing files in a directory (e.g., dir [2]), deleting files (e.g., del [3]), and copying files (e.g., copy [4]).

ID: S0106
Associated Software: cmd.exe
Type: TOOL
Platforms: Windows
Version: 1.1
Created: 31 May 2017
Last Modified: 20 March 2020
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1059 .003 Command and Scripting Interpreter: Windows Command Shell

cmd is used to execute programs and other actions at the command-line interface.[1]
Enterprise T1083 File and Directory Discovery

cmd can be used to find files and directories with native functionality such as dir commands.[2]
Enterprise T1070 .004 Indicator Removal on Host: File Deletion

cmd can be used to delete files from the file system.[3]
Enterprise T1105 Ingress Tool Transfer

cmd can be used to copy files to/from a remotely connected external system.[4]
Enterprise T1570 Lateral Tool Transfer

cmd can be used to copy files to/from a remotely connected internal system.[4]
Enterprise T1082 System Information Discovery

cmd can be used to find information about the operating system.[2]

Groups That Use This Software

ID Name References
G0060 BRONZE BUTLER

[5]
G0072 Honeybee

[6]
G0026 APT18

[7]
G0071 Orangeworm

[8]
G0045 menuPass

[9]
G0093 GALLIUM

[10][11]

References

  1. Microsoft. (n.d.). Cmd. Retrieved April 18, 2016.
  2. Microsoft. (n.d.). Dir. Retrieved April 18, 2016.
  3. Microsoft. (n.d.). Del. Retrieved April 22, 2016.
  4. Microsoft. (n.d.). Copy. Retrieved April 26, 2016.
  5. Counter Threat Unit Research Team. (2017, October 12). BRONZE BUTLER Targets Japanese Enterprises. Retrieved January 4, 2018.
  6. Sherstobitoff, R. (2018, March 02). McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018.
  1. Carvey, H.. (2014, September 2). Where you AT?: Indicators of lateral movement using at.exe on Windows 7 systems. Retrieved January 25, 2016.
  2. Symantec Security Response Attack Investigation Team. (2018, April 23). New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia. Retrieved May 8, 2018.
  3. PwC and BAE Systems. (2017, April). Operation Cloud Hopper: Technical Annex. Retrieved April 13, 2017.
  4. Cybereason Nocturnus. (2019, June 25). Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers. Retrieved July 18, 2019.
  5. MSTIC. (2019, December 12). GALLIUM: Targeting global telecom. Retrieved January 13, 2021.