mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2025-07-27 12:42:19 +02:00
Removed MD files, we only use the webportal from now on. All MD files moved to archive
This commit is contained in:
@@ -1,29 +0,0 @@
|
||||
---
|
||||
Name: winword.exe
|
||||
Description: Document editor included with Microsoft Office.
|
||||
Author: 'Oddvar Moe'
|
||||
Created: '2018-05-25'
|
||||
Commands:
|
||||
- Command: winword.exe /l dllfile.dll
|
||||
Description: Launch DLL payload.
|
||||
Usecase: Execute a locally stored DLL using winword.exe.
|
||||
Category: Execute
|
||||
Privileges: User
|
||||
MitreID: T1218
|
||||
MItreLink: https://attack.mitre.org/wiki/Technique/T1218
|
||||
OperatingSystem: Windows
|
||||
Full Path:
|
||||
- Path: c:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
||||
Code Sample:
|
||||
- Code:
|
||||
Detection:
|
||||
- IOC:
|
||||
Resources:
|
||||
- Link: https://twitter.com/vysecurity/status/884755482707210241
|
||||
- Link: https://twitter.com/Hexacorn/status/885258886428725250
|
||||
Acknowledgement:
|
||||
- Person: Vincent Yiu (cmd)
|
||||
Handle: '@@vysecurity'
|
||||
- Person: Adam (Internals)
|
||||
Handle: '@Hexacorn'
|
||||
---
|
Reference in New Issue
Block a user