From a01bab762ef21447a0b3ae62468c27df143b3a47 Mon Sep 17 00:00:00 2001
From: hegusung <7390383+hegusung@users.noreply.github.com>
Date: Sun, 13 Oct 2024 21:21:32 +0200
Subject: [PATCH] Update Adplus.yml Tags

Changed Tags:
- Execute CMD
- Execute EXE
---
 yml/OtherMSBinaries/Adplus.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/yml/OtherMSBinaries/Adplus.yml b/yml/OtherMSBinaries/Adplus.yml
index 006c8b4..142ad7a 100644
--- a/yml/OtherMSBinaries/Adplus.yml
+++ b/yml/OtherMSBinaries/Adplus.yml
@@ -18,6 +18,8 @@ Commands:
     Privileges: User
     MitreID: T1127
     OperatingSystem: All Windows
+    Tags:
+      - Execute: CMD
   - Command: adplus.exe -c config-adplus.xml
     Description: Dump process memory using adplus config file (see Resources section for a sample file).
     Usecase: Run commands under a trusted Microsoft signed binary
@@ -32,6 +34,9 @@ Commands:
     Privileges: User
     MitreID: T1127
     OperatingSystem: All windows
+    Tags:
+      - Execute: CMD
+      - Execute: EXE
 Full_Path:
   - Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\adplus.exe
   - Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\adplus.exe