public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-09-16 13:10:05 +02:00
Code Issues Projects Releases Wiki Activity

Update Mofcomp.yml

Browse Source 
Correcting YAML errors
This commit is contained in:
Conor Richard
2023-10-06 21:58:12 -04:00
committed by GitHub
parent dc1bdf0ff9
commit 81688557d0
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
yml/OSBinaries/Mofcomp.yml
View File

@@ -9,9 +9,8 @@ Commands:
Usecase: Threat actors can use mofcomp.exe to decompile a BMOF binary and then register a malicious class in the WMI repository
Category: Execution and Persistence
Privileges: User
MitreID: T1047
MitreID: T1047
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11 & Windows Server 2008 and above
Commands:
- Command: mofcomp.exe C:\Programdata\x.mof
Description: Abuse of mofcomp.exe to parse a file which contains MOF statements in order create new classes as part of the WMI repository
Usecase: Threat actors can use mofcomp.exe to decompile a BMOF binary and then register a malicious class in the WMI repository