public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-28 15:58:24 +01:00
Code Issues Projects Releases Wiki Activity

Create fsutil.yml

Browse Source
This commit is contained in:
Elliot Killick 2021-08-16 19:37:37 -04:00
parent 7c1a4a7959
commit 5ba729ee1d
No known key found for this signature in database
GPG Key ID: F9B90D44F83DD5F2
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
yml/OSBinaries/fsutil.yml Normal file
View File

@ -0,0 +1,24 @@
---
Name: fsutil.exe
Description: File System Utility
Author: 'Elliot Killick'
Created: '2021-08-16'
Commands:
- Command: fsutil file setZeroData offset=0 length=9999999999 C:\Windows\Temp\payload.dll
Description: Zero out a file
Usecase: Can be used to forensically erase a file
Category: Forensics
Privileges: User
MitreID: T1485
MitreLink: https://attack.mitre.org/techniques/T1485/
OperatingSystem: Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10
Full_Path:
- Path: C:\Windows\System32\fsutil.exe
- Path: C:\Windows\SysWOW64\fsutil.exe
Detection:
- IOC: fsutil.exe should not be run on a normal workstation
- IOC: file setZeroData (not case-sensitive) in the process arguments
Acknowledgement:
- Person: Elliot Killick
Handle: '@elliotkillick'
---