Skip to content

S0108 netsh

netsh is a scripting utility used to interact with networking components on local or remote systems. 1

Item Value
ID S0108
Associated Names
Version 1.1
Created 31 May 2017
Last Modified 31 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1546 Event Triggered Execution -
enterprise T1546.007 Netsh Helper DLL netsh can be used as a persistence proxy technique to execute a helper DLL when netsh.exe is executed.4
enterprise T1562 Impair Defenses -
enterprise T1562.004 Disable or Modify System Firewall netsh can be used to disable local firewall settings.12
enterprise T1090 Proxy netsh can be used to set up a proxy tunnel to allow remote host access to an infected host.3
enterprise T1518 Software Discovery -
enterprise T1518.001 Security Software Discovery netsh can be used to discover system firewall settings.12

Groups That Use This Software

ID Name References
G0019 Naikon 5
G0050 APT32 6
G0008 Carbanak 7
G0032 Lazarus Group 8
G0035 Dragonfly 9


Back to top