diff --git a/yml/OSScripts/CL_LoadAssembly.yml b/yml/OSScripts/CL_LoadAssembly.yml index f3693b0..b619d37 100644 --- a/yml/OSScripts/CL_LoadAssembly.yml +++ b/yml/OSScripts/CL_LoadAssembly.yml @@ -9,7 +9,7 @@ Commands: Usecase: Execute proxied payload with Microsoft signed binary Category: Execute Privileges: User - MitreID: T1059.001 + MitreID: T1216 OperatingSystem: Windows 10 21H1 (likely other versions as well) Full_Path: - Path: C:\Windows\diagnostics\system\Audio\CL_LoadAssembly.ps1 diff --git a/yml/OSScripts/UtilityFunctions.yml b/yml/OSScripts/UtilityFunctions.yml index 1bb25de..c05e914 100644 --- a/yml/OSScripts/UtilityFunctions.yml +++ b/yml/OSScripts/UtilityFunctions.yml @@ -9,7 +9,7 @@ Commands: Usecase: Execute proxied payload with Microsoft signed binary Category: Execute Privileges: User - MitreID: T1059.001 + MitreID: T1216 OperatingSystem: Windows 10 21H1 (likely other versions as well) Full_Path: - Path: C:\Windows\diagnostics\system\Networking\UtilityFunctions.ps1