public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-27 12:42:19 +02:00
Code Issues Projects Releases Wiki Activity

MITRE ATT&CK realignment sprint

Browse Source
This commit is contained in:
Wietze
2021-11-05 18:58:26 +00:00
committed by GitHub
parent 97f5042a58
commit 4f7ec8d2af
159 changed files with 190 additions and 506 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
yml/OSBinaries/DataSvcUtil.yml
View File

@@ -10,13 +10,12 @@ Commands:
Category: Upload
Privileges: User
MitreID: T1567
MitreLink: https://attack.mitre.org/techniques/T1567/
OperatingSystem: Windows 10
Full_Path:
- Path: C:\Windows\Microsoft.NET\Framework64\v3.5\DataSvcUtil.exe
Code_Sample:
Code_Sample:
- Code: https://gist.github.com/teixeira0xfffff/837e5bfed0d1b0a29a7cb1e5dbdd9ca6
Detection:
Detection:
- IOC: The DataSvcUtil.exe tool is installed in the .NET Framework directory.
- IOC: Preventing/Detecting DataSvcUtil with non-RFC1918 addresses by Network IPS/IDS.
- IOC: Monitor process creation for non-SYSTEM and non-LOCAL SERVICE accounts launching DataSvcUtil.