From 559d9bc3ff0969f450ec2adb8423f63a25b8e7fe Mon Sep 17 00:00:00 2001 From: TimWhite <36320909+timwhitez@users.noreply.github.com> Date: Fri, 24 Sep 2021 15:28:01 +0800 Subject: [PATCH 1/2] Create VSIISExeLauncher.yml --- yml/OtherMSBinaries/VSIISExeLauncher.yml | 26 ++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 yml/OtherMSBinaries/VSIISExeLauncher.yml diff --git a/yml/OtherMSBinaries/VSIISExeLauncher.yml b/yml/OtherMSBinaries/VSIISExeLauncher.yml new file mode 100644 index 0000000..5c92f3d --- /dev/null +++ b/yml/OtherMSBinaries/VSIISExeLauncher.yml @@ -0,0 +1,26 @@ +--- +Name: VSIISExeLauncher.exe +Description: Binary will execute specified binary. Part of VS/VScode installation. +Author: 'timwhite' +Created: '2021-09-24' +Commands: + - Command: VSIISExeLauncher.exe -p [PATH_TO_BIN] -a "argument here" + Description: The above binary will execute other binary. + Usecase: Execute any binary with given arguments. + Category: Execute + Privileges: User + MitreID: T1218 + MitreLink: https://attack.mitre.org/techniques/T1218/ + OperatingSystem: Windows 10 and up with VS/VScode installed +Full_Path: + - Path: 'C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE\Extensions\Microsoft\Web Tools\ProjectSystem\VSIISExeLauncher.exe' +Code_Sample: + - Code: +Detection: + - IOC: VSIISExeLauncher.exe spawned an unknown process +Resources: + - Link: +Acknowledgement: + - Person: timwhite + Handle: +--- From 9336b4d599c241d86720a6e9b833f9dc173d4cd4 Mon Sep 17 00:00:00 2001 From: TimWhite <36320909+timwhitez@users.noreply.github.com> Date: Fri, 24 Sep 2021 15:28:39 +0800 Subject: [PATCH 2/2] Update VSIISExeLauncher.yml --- yml/OtherMSBinaries/VSIISExeLauncher.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yml/OtherMSBinaries/VSIISExeLauncher.yml b/yml/OtherMSBinaries/VSIISExeLauncher.yml index 5c92f3d..33d36a5 100644 --- a/yml/OtherMSBinaries/VSIISExeLauncher.yml +++ b/yml/OtherMSBinaries/VSIISExeLauncher.yml @@ -19,7 +19,7 @@ Code_Sample: Detection: - IOC: VSIISExeLauncher.exe spawned an unknown process Resources: - - Link: + - Link: https://github.com/timwhitez Acknowledgement: - Person: timwhite Handle: