Description
The Shell Access or Remote Shell feature in malware provides attackers with a remote interface to the compromised system, essentially acting as a backdoor that allows them to execute commands as if they were physically present at the machine. This level of access gives attackers a near-omnipotent control over the target, allowing them to perform a wide range of actions from file manipulation to launching additional exploits. One of the most significant capabilities offered by shell access is the potential for privilege escalation. By exploiting vulnerabilities or misconfigurations in the system, an attacker can elevate their access rights, gaining more thorough control and making it easier to carry out further malicious activities. Moreover, a remote shell can be used to pivot to other systems on the network, enabling lateral movement and increasing the scope of the attack.
| Categories | Lateral Movements, Privilege Escalation, System Management |
| Dangerousness | High |
Existing Technique
| Name | Associated Feature(s) | Has Snippet | Matching Sample |
|---|---|---|---|
 Execute Programs
|
File Manager, Shell Access | 0 |
NetBus 1.70
Coma 1.0.9
SubSeven 2.0
SchoolBus 2.0
SubSeven 2.1
SubSeven 2.1.1 GOLD edition
SubSeven 2.1.2 M.U.I.E
SubSeven 2.1.3 BONUS
SubSeven 2.1.4 DEFCON 8
Y3K rat 1.5
SubSeven 2.2
Y3K rat 1.6
Y3K rat 1.6 MS
Net-Devil 1.5
MoSucker 3.0b
SubSeven 2.1.5 Legends
CIA 1.0
Z-dem0n 1.26
CIA 1.1
Optix Pro 1.32
CIA 1.2
Beast 2.05
Beast 2.02
Fearless Lite 1.01
ProRat 1.2
ProRat 1.3
Nuclear RAT 1.0 Beta 5
Beast 2.06
ProRat 1.4
ProRat 1.6
ProRat 1.8
Infector NG 2004 2.1.0
Optix Pro 1.33
Beast 2.07
Institution 2004 0.4.0
CIA 1.3
Messiah 4.0
ProRat 1.9
TrojNa$ 1.0
Bersek 1.1
Bifrost 1.2.1
Hav-Rat 1.2
Bandook 1.35
Poison Ivy 2.3.0
Hav-Rat 1.3.2
sharK 2.4.0 Fwb+
DARKMOON 4.11 Private Edition
Nuclear RAT 2.1.0
Poison Ivy 2.3.2
Lost Door 1.0