From a7f7ec2cc236481ea64f2901b235505d37657fc8 Mon Sep 17 00:00:00 2001 From: akshat pradhan Date: Mon, 24 Jan 2022 03:54:59 +0530 Subject: [PATCH] Changing ATT&CK TID of wuauclt.exe entry (#193) --- yml/OSBinaries/Wuauclt.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/yml/OSBinaries/Wuauclt.yml b/yml/OSBinaries/Wuauclt.yml index 3e5df11..c5608aa 100644 --- a/yml/OSBinaries/Wuauclt.yml +++ b/yml/OSBinaries/Wuauclt.yml @@ -4,12 +4,12 @@ Description: Windows Update Client Author: 'David Middlehurst' Created: 2020-09-23 Commands: - - Command: wuauclt.exe /UpdateDeploymentProvider /RunHandlerComServer + - Command: wuauclt.exe /UpdateDeploymentProvider Full_Path_To_DLL /RunHandlerComServer Description: Full_Path_To_DLL would be the abosolute path to .DLL file and would execute code on attach. Usecase: Execute dll via attach/detach methods Category: Execute Privileges: User - MitreID: T1218.011 + MitreID: T1218 OperatingSystem: Windows 10 Full_Path: - Path: C:\Windows\System32\wuauclt.exe