public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-09-18 06:00:28 +02:00
Code Issues Projects Releases Wiki Activity

Update Mofcomp.yml

Browse Source 
Fixing more YAML errors
This commit is contained in:
Conor Richard
2023-10-06 22:01:49 -04:00
committed by GitHub
parent 81688557d0
commit bc58497c1a
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
yml/OSBinaries/Mofcomp.yml
View File

@@ -7,14 +7,14 @@ Commands:
- Command: mofcomp.exe C:\Windows\SERVIC~1\MSSQL$~1\AppData\Local\Temp\xitmf
Description: Abuse of mofcomp.exe to parse a file which contains MOF statements in order create new classes as part of the WMI repository
Usecase: Threat actors can use mofcomp.exe to decompile a BMOF binary and then register a malicious class in the WMI repository
Category: Execution and Persistence
Category: Execution
Privileges: User
MitreID: T1047
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11 & Windows Server 2008 and above
- Command: mofcomp.exe C:\Programdata\x.mof
Description: Abuse of mofcomp.exe to parse a file which contains MOF statements in order create new classes as part of the WMI repository
Usecase: Threat actors can use mofcomp.exe to decompile a BMOF binary and then register a malicious class in the WMI repository
Category: Execution and Persistence
Category: Execution
Privileges: User
MitreID: T1047
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11 & Windows Server 2008 and above