Esc
Network Device CLI - T1059.008
(ATT&CK® Technique)
Definition
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads. The CLI is the primary means through which users and administrators interact with the device in order to view system information, modify device operations, or perform diagnostic and administrative functions. CLIs typically contain various permission levels required for different commands.
D3FEND Inferred Relationships
Browse the D3FEND knowledge graph by clicking on the nodes below.
graph LR; T1059008["Network Device CLI"] --> |executes| ExecutableScript["Executable Script"]; class T1059008 OffensiveTechniqueNode; class ExecutableScript ArtifactNode; click ExecutableScript href "/dao/artifact/d3f:ExecutableScript"; click T1059008 href "/offensive-technique/attack/T1059.008/"; click ExecutableScript href "/dao/artifact/d3f:ExecutableScript";DecoyFile["Decoy File"] --> | spoofs | ExecutableScript["Executable Script"]; DecoyFile["Decoy File"] -.-> | may-deceive | T1059008["Network Device CLI"] ; class DecoyFile DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click DecoyFile href "/technique/d3f:DecoyFile"; DynamicAnalysis["Dynamic Analysis"] --> | analyzes | ExecutableScript["Executable Script"]; DynamicAnalysis["Dynamic Analysis"] -.-> | may-detect | T1059008["Network Device CLI"] ; class DynamicAnalysis DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click DynamicAnalysis href "/technique/d3f:DynamicAnalysis"; EmulatedFileAnalysis["Emulated File Analysis"] --> | analyzes | ExecutableScript["Executable Script"]; EmulatedFileAnalysis["Emulated File Analysis"] -.-> | may-detect | T1059008["Network Device CLI"] ; class EmulatedFileAnalysis DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click EmulatedFileAnalysis href "/technique/d3f:EmulatedFileAnalysis"; FileIntegrityMonitoring["File Integrity Monitoring"] --> | analyzes | ExecutableScript["Executable Script"]; FileIntegrityMonitoring["File Integrity Monitoring"] -.-> | may-detect | T1059008["Network Device CLI"] ; class FileIntegrityMonitoring DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click FileIntegrityMonitoring href "/technique/d3f:FileIntegrityMonitoring"; FileEviction["File Eviction"] --> | deletes | ExecutableScript["Executable Script"]; FileEviction["File Eviction"] -.-> | may-evict | T1059008["Network Device CLI"] ; class FileEviction DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click FileEviction href "/technique/d3f:FileEviction"; FileEncryption["File Encryption"] --> | encrypts | ExecutableScript["Executable Script"]; FileEncryption["File Encryption"] -.-> | may-harden | T1059008["Network Device CLI"] ; class FileEncryption DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click FileEncryption href "/technique/d3f:FileEncryption"; ExecutableAllowlisting["Executable Allowlisting"] --> | blocks | ExecutableScript["Executable Script"]; ExecutableAllowlisting["Executable Allowlisting"] -.-> | may-isolate | T1059008["Network Device CLI"] ; class ExecutableAllowlisting DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click ExecutableAllowlisting href "/technique/d3f:ExecutableAllowlisting"; ExecutableDenylisting["Executable Denylisting"] --> | blocks | ExecutableScript["Executable Script"]; ExecutableDenylisting["Executable Denylisting"] -.-> | may-isolate | T1059008["Network Device CLI"] ; class ExecutableDenylisting DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click ExecutableDenylisting href "/technique/d3f:ExecutableDenylisting"; LocalFilePermissions["Local File Permissions"] --> | restricts | ExecutableScript["Executable Script"]; LocalFilePermissions["Local File Permissions"] -.-> | may-isolate | T1059008["Network Device CLI"] ; class LocalFilePermissions DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click LocalFilePermissions href "/technique/d3f:LocalFilePermissions"; RestoreFile["Restore File"] --> | restores | ExecutableScript["Executable Script"]; RestoreFile["Restore File"] -.-> | may-restore | T1059008["Network Device CLI"] ; class RestoreFile DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click RestoreFile href "/technique/d3f:RestoreFile"; FileAnalysis["File Analysis"] --> | analyzes | ExecutableScript["Executable Script"]; FileAnalysis["File Analysis"] -.-> | may-detect | T1059008["Network Device CLI"] ; class FileAnalysis DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click FileAnalysis href "/technique/d3f:FileAnalysis"; RemoteFileAccessMediation["Remote File Access Mediation"] --> | isolates | ExecutableScript["Executable Script"]; RemoteFileAccessMediation["Remote File Access Mediation"] -.-> | may-isolate | T1059008["Network Device CLI"] ; class RemoteFileAccessMediation DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click RemoteFileAccessMediation href "/technique/d3f:RemoteFileAccessMediation";