APT 3 - Multi-Tool Discovery via CMD Shell (T1059.003)

Detects multiple native Windows discovery tools launched from cmd.exe by the same user on the same host. Characteristic pattern of APT 3 (Gothic Panda) using Windows Command Shell (T1059.003) to run commands like whoami, ipconfig, and systeminfo during initial compromise phases.