From 8fc69956788bed2b3496b2161b1d1ef8b8cb157c Mon Sep 17 00:00:00 2001
From: hegusung <7390383+hegusung@users.noreply.github.com>
Date: Sun, 13 Oct 2024 21:23:22 +0200
Subject: [PATCH] Update Agentexecutor.yml Tags

Added Tags:
Execute Powershell
Execute EXE
---
 yml/OtherMSBinaries/Agentexecutor.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/yml/OtherMSBinaries/Agentexecutor.yml b/yml/OtherMSBinaries/Agentexecutor.yml
index 8bb87dc..3517a54 100644
--- a/yml/OtherMSBinaries/Agentexecutor.yml
+++ b/yml/OtherMSBinaries/Agentexecutor.yml
@@ -11,6 +11,8 @@ Commands:
     Privileges: User
     MitreID: T1218
     OperatingSystem: Windows 10
+    Tags:
+      - Execute: Powershell
   - Command: AgentExecutor.exe -powershell "c:\temp\malicious.ps1" "c:\temp\test.log" "c:\temp\test1.log" "c:\temp\test2.log" 60000 "C:\temp\" 0 1
     Description: If we place a binary named powershell.exe in the path c:\temp, agentexecutor.exe will execute it successfully
     Usecase: Execute a provided EXE
@@ -18,6 +20,8 @@ Commands:
     Privileges: User
     MitreID: T1218
     OperatingSystem: Windows 10
+    Tags:
+      - Execute: EXE
 Full_Path:
   - Path: C:\Program Files (x86)\Microsoft Intune Management Extension\AgentExecutor.exe
 Code_Sample: