public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-08-03 16:12:50 +02:00
Code Issues Projects Releases Wiki Activity

Revert "MITRE ATT&CK realignment sprint"

Browse Source
This commit is contained in:
bohops
2021-11-05 20:22:14 -04:00
committed by GitHub
parent 03362b8640
commit 61a3d97fad
159 changed files with 571 additions and 253 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Archive-Old-Version/LOLUtilz/OtherBinaries/RunCmd_X64.yml
View File

@@ -10,12 +10,13 @@ Commands:
Category: Execute
Privileges: User
MitreID: T1218
MitreLink: https://attack.mitre.org/wiki/Technique/T1218
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
Full_Path:
- Path: C:\OEM\Preload\utility
Code_Sample:
- Code:
Detection:
Code_Sample:
- Code:
Detection:
- IOC: RunCmd_X64.exe spawned
Resources:
- Link: https://bartblaze.blogspot.com/2019/03/run-applications-and-scripts-using.html

3
Archive-Old-Version/LOLUtilz/OtherBinaries/Upload.yml
View File

@@ -10,9 +10,10 @@ Commands:
Category: Execute
Privileges: User
MitreID: T1218
MitreLink: https://attack.mitre.org/techniques/T1218/
OperatingSystem: Windows 7 and up with Whatsapp installed
Full_Path:
- Path: '%localappdata%\Whatsapp\Update.exe'
Detection:
Detection:
- IOC: '"%localappdata%\Whatsapp\Update.exe" spawned an unknown process'
---

1
Archive-Old-Version/LOLUtilz/OtherMSBinaries/Winword.yml
View File

@@ -10,6 +10,7 @@ Commands:
Category: Execute
Privileges: User
MitreID: T1218
MitreLink: https://attack.mitre.org/wiki/Technique/T1218
OperatingSystem: Windows
Full_Path:
- Path: c:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

2
Archive-Old-Version/LOLUtilz/OtherScripts/Testxlst.yml
View File

@@ -9,12 +9,14 @@ Commands:
Category: Execution
Privileges: User
MitreID: T1064
MitreLink: https://attack.mitre.org/wiki/Technique/T1064
OperatingSystem: Windows
- Command: wscript testxlst.js C:\test\test.xml c:\test\test.xls c:\test\test.out
Description: Test Jscript included in Python tool to perform XSL transform (for payload execution).
Category: Execution
Privileges: User
MitreID: T1064
MitreLink: https://attack.mitre.org/wiki/Technique/T1064
OperatingSystem: Windows
Full_Path:
- c:\python27amd64\Lib\site-packages\win32com\test\testxslt.js (Visual Studio Installation)