1. Home
  2. Techniques
  3. Command and Scripting Interpreter

Command and Scripting Interpreter

Sub-techniques (1)
ID Name
T1059.009 Cloud API

MITRE ATT&CK Content


Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell [MITRE] while Windows installations include the Windows Command Shell [MITRE] and PowerShell [MITRE] .

There are also cross-platform interpreters such as Python [MITRE] , as well as those commonly associated with client applications such as JavaScript [MITRE] and Visual Basic [MITRE] .

Adversaries may abuse these technologies in various ways as a means of executing arbitrary commands. Commands and scripts can be embedded in Initial Access [MITRE] payloads delivered to victims as lure documents or as secondary payloads downloaded from an existing C2. Adversaries may also execute commands through interactive terminals/shells, as well as utilize various Remote Services [MITRE] in order to achieve remote Execution.

References

  1. mitre-attack
  2. Remote Shell Execution in Python
  3. Cisco IOS Software Integrity Assurance - Command History
  4. Powershell Remote Commands

Technique Information

ID: T1059
Aliases: T1059
Sub-techniques:
Tactics:
  • Execution
Platforms:
  • Linux
  • macOS
  • Windows
  • Network
  • Office 365
  • Azure AD
  • IaaS
  • Google Workspace
  • Amazon Web Services (AWS)
Created: 12 Sep 2024
Last Modified: 03 Jun 2025