From 8257d60aadf15a2c258fea5e74b418ae40fe4679 Mon Sep 17 00:00:00 2001 From: Wietze Date: Fri, 5 Nov 2021 20:29:07 +0000 Subject: [PATCH] Realigning .ps1 scripts to T1216 --- yml/OSScripts/CL_LoadAssembly.yml | 2 +- yml/OSScripts/UtilityFunctions.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/yml/OSScripts/CL_LoadAssembly.yml b/yml/OSScripts/CL_LoadAssembly.yml index f3693b0..b619d37 100644 --- a/yml/OSScripts/CL_LoadAssembly.yml +++ b/yml/OSScripts/CL_LoadAssembly.yml @@ -9,7 +9,7 @@ Commands: Usecase: Execute proxied payload with Microsoft signed binary Category: Execute Privileges: User - MitreID: T1059.001 + MitreID: T1216 OperatingSystem: Windows 10 21H1 (likely other versions as well) Full_Path: - Path: C:\Windows\diagnostics\system\Audio\CL_LoadAssembly.ps1 diff --git a/yml/OSScripts/UtilityFunctions.yml b/yml/OSScripts/UtilityFunctions.yml index 1bb25de..c05e914 100644 --- a/yml/OSScripts/UtilityFunctions.yml +++ b/yml/OSScripts/UtilityFunctions.yml @@ -9,7 +9,7 @@ Commands: Usecase: Execute proxied payload with Microsoft signed binary Category: Execute Privileges: User - MitreID: T1059.001 + MitreID: T1216 OperatingSystem: Windows 10 21H1 (likely other versions as well) Full_Path: - Path: C:\Windows\diagnostics\system\Networking\UtilityFunctions.ps1