Command and Scripting Interpreter (T1059)

View on ATT&CK

In Playbook

Associated Tactics

  • Execution

Execution (TA0002)

The adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.

View on ATT&CK

Procedure Examples

Description Source(s)
Abdou Rockikz. (2020, July). How to Execute Shell Commands in a Remote Machine in Python. Retrieved July 26, 2021. Remote Shell Execution in Python
Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Command History. Retrieved October 21, 2020. Cisco IOS Software Integrity Assurance - Command History
Microsoft. (2020, August 21). Running Remote Commands. Retrieved July 26, 2021. Powershell Remote Commands