cmd
cmd is the Windows command-line interpreter that can be used to interact with systems and execute other processes and utilities.[1]
Cmd.exe contains native functionality to perform many operations to interact with the system, including listing files in a directory (e.g.,dir[2]), deleting files (e.g.,del[3]), and copying files (e.g.,copy[4]).
ID: S0106
ⓘ
Associated Software: cmd.exe
ⓘ
Type: TOOL
ⓘ
Platforms: Windows
Version: 1.2
Created: 31 May 2017
Last Modified: 16 April 2025
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1059 | .003 | Command and Scripting Interpreter:Windows Command Shell | cmd is used to execute programs and other actions at the command-line interface.[1] |
| Enterprise | T1083 | File and Directory Discovery | cmd can be used to find files and directories with native functionality such as | |
| Enterprise | T1070 | .004 | Indicator Removal:File Deletion | |
| Enterprise | T1105 | Ingress Tool Transfer | cmd can be used to copy files to/from a remotely connected external system.[4] | |
| Enterprise | T1570 | Lateral Tool Transfer | cmd can be used to copy files to/from a remotely connected internal system.[4] | |
| Enterprise | T1082 | System Information Discovery | cmd can be used to find information about the operating system.[2] | |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0093 | GALLIUM | |
| G0060 | BRONZE BUTLER | |
| G0026 | APT18 | |
| G0045 | menuPass | |
| G0071 | Orangeworm | |
| G1017 | Volt Typhoon |
Campaigns
| ID | Name | Description |
|---|---|---|
| C0006 | Operation Honeybee |
References
- Microsoft. (n.d.). Cmd. Retrieved April 18, 2016.
- Microsoft. (n.d.). Dir. Retrieved April 18, 2016.
- Microsoft. (n.d.). Del. Retrieved April 22, 2016.
- Microsoft. (n.d.). Copy. Retrieved April 26, 2016.
- Cybereason Nocturnus. (2019, June 25). Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers. Retrieved July 18, 2019.
- MSTIC. (2019, December 12). GALLIUM: Targeting global telecom. Retrieved January 13, 2021.
- Counter Threat Unit Research Team. (2017, October 12). BRONZE BUTLER Targets Japanese Enterprises. Retrieved January 4, 2018.
- Carvey, H.. (2014, September 2). Where you AT?: Indicators of lateral movement using at.exe on Windows 7 systems. Retrieved January 25, 2016.
- PwC and BAE Systems. (2017, April). Operation Cloud Hopper: Technical Annex. Retrieved April 13, 2017.
- Symantec Security Response Attack Investigation Team. (2018, April 23). New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia. Retrieved May 8, 2018.
- CISA et al.. (2024, February 7). PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure. Retrieved May 15, 2024.
- Sherstobitoff, R. (2018, March 02). McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018.
×