Windows

Cmd.exeCmd.exe

Platform
Windows
Abuse functions
4
Mapped techniques
4

Description

Cmd.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: ADS, Download, Upload. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1105, T1564.004, T1567. Defenders should monitor execution of Cmd.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 4

Can be used to evade defensive countermeasures or to hide as a persistence mechanism

Can be used to evade defensive countermeasures or to hide as a persistence mechanism

DownloadT1105

Download/copy a file from a WebDAV server

UploadT1048.003

Upload a file to a WebDAV server

MITRE ATT&CK techniques· 4

T1564.004T1059.003T1105T1048.003

Uses4

TypeTargetConfidenceTier
SubTechniqueNTFS File Attributest1564.004100%live
SubTechniqueExfiltration Over Unencrypted Non-C2 Protocolt1048.003100%live
TechniqueIngress Tool Transfert1105100%live
SubTechniqueWindows Command Shellt1059.003100%live

Abuses3

TypeTargetConfidenceTier
TechniqueExfiltration Over Web Servicet1567100%live
SubTechniqueNTFS File Attributest1564.00490%live
TechniqueIngress Tool Transfert110585%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
cmdl32.exe
LOLbin
Cmdkey.exe
LOLbin
MpCmdRun.exe
LOLbin
Cscript.exe
LOLbin
Dnscmd.exe
LOLbin
Cdb.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.