From b463e865f3ecfb3b17441c798aa5bce381accc67 Mon Sep 17 00:00:00 2001
From: Avihay Eldad <46644022+avihayeldad@users.noreply.github.com>
Date: Sun, 7 Dec 2025 00:05:02 +0200
Subject: [PATCH] Create IntelliTrace.yml (#464)

---
 yml/OtherMSBinaries/IntelliTrace.yml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 yml/OtherMSBinaries/IntelliTrace.yml

diff --git a/yml/OtherMSBinaries/IntelliTrace.yml b/yml/OtherMSBinaries/IntelliTrace.yml
new file mode 100644
index 0000000..6fb7fcf
--- /dev/null
+++ b/yml/OtherMSBinaries/IntelliTrace.yml
@@ -0,0 +1,23 @@
+---
+Name: IntelliTrace.exe
+Description: Visual Studio command-line tool for collecting and managing diagnostic trace files.
+Author: Avihay Eldad
+Created: 2025-09-21
+Commands:
+  - Command: IntelliTrace.exe launch /cp:"collectionplan.xml" /f:"c:\users\public\log" "C:\Windows\System32\calc.exe"
+    Description: Launches an executable via Visual Studio command line utility.
+    Usecase: Executes an executable under a trusted microsoft signed binary.
+    Category: Execute
+    Privileges: User
+    MitreID: T1127
+    OperatingSystem: Windows
+    Tags:
+      - Execute: EXE
+Full_Path:
+  - Path: C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\IntelliTrace\IntelliTrace.exe
+  - Path: C:\Program Files (x86)\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\IntelliTrace\IntelliTrace.exe
+Resources:
+  - Link: https://learn.microsoft.com/en-us/visualstudio/debugger/intellitrace
+Acknowledgement:
+  - Person: Avihay Eldad
+    Handle: '@AvihayEldad'