MalCommands

Designed to document and present in an easily searchable and filter-capable manner commands often associated with malicious activity.

Commands are documented with the below attributes;

• Commandline
• Description
• Cyber Killchain Phases
• MITRE Tactics and Techniques
• Applicable OS[s]
• Reference[s]
• Risk [Low, Medium, High, Critical]
• Risk Reason
• Fidelity [Low, Medium, High]
• Fidelity Reason
• Threat Actors with Associated References

Tools - included attributes

• Tool Name
• Tool Description
• Common Arguments
• Tool URL
• Tool Operating Systems
• ? - Threat Actor References

Kill-Chain Phases Used in Command Mapping

• Reconnaissance
• Weaponization
• Delivery
• Exploitation
• Installation
• Command and Control
• Actions on Objectives

TO DOCUMENT STILL

• Lots...

Project References and Credits

• https://github.com/3CORESec/MAL-CL
• https://gist.github.com/MHaggis/df2de612615ef6bd01ea936cc8351ab2
• https://lolbas-project.github.io/
• https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
• https://kwcsec.gitbook.io/the-red-team-handbook/