From da4f6e54078ee8214d873594f35d9de95970fa85 Mon Sep 17 00:00:00 2001
From: Avihay Eldad <46644022+avihayeldad@users.noreply.github.com>
Date: Mon, 15 Jul 2024 22:53:17 +0300
Subject: [PATCH] Update Msdeploy.yml and add copy utility (#354)

---
 yml/OtherMSBinaries/Msdeploy.yml | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/yml/OtherMSBinaries/Msdeploy.yml b/yml/OtherMSBinaries/Msdeploy.yml
index 2055d91..cc3754c 100644
--- a/yml/OtherMSBinaries/Msdeploy.yml
+++ b/yml/OtherMSBinaries/Msdeploy.yml
@@ -10,16 +10,30 @@ Commands:
     Category: Execute
     Privileges: User
     MitreID: T1218
-    OperatingSystem: Windows server
+    OperatingSystem: Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11, Windows Server
   - Command: msdeploy.exe -verb:sync -source:RunCommand -dest:runCommand="c:\temp\calc.bat"
     Description: Launch calc.bat via msdeploy.exe.
     Usecase: Local execution of batch file using msdeploy.exe.
     Category: AWL Bypass
     Privileges: User
     MitreID: T1218
-    OperatingSystem: Windows server
+    OperatingSystem: Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11, Windows Server
+  - Command: msdeploy.exe -verb:sync -source:filePath=C:\windows\system32\calc.exe -dest:filePath=C:\Users\Public\calc.exe
+    Description: Copy file from source to destination.
+    Usecase: Copy file.
+    Category: Copy
+    Privileges: User
+    MitreID: T1105
+    OperatingSystem: Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11, Windows Server
 Full_Path:
+  - Path: C:\Program Files\IIS\Microsoft Web Deploy V2\msdeploy.exe
+  - Path: C:\Program Files (x86)\IIS\Microsoft Web Deploy V2\msdeploy.exe
+  - Path: C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe
   - Path: C:\Program Files (x86)\IIS\Microsoft Web Deploy V3\msdeploy.exe
+  - Path: C:\Program Files\IIS\Microsoft Web Deploy V4\msdeploy.exe
+  - Path: C:\Program Files (x86)\IIS\Microsoft Web Deploy V4\msdeploy.exe
+  - Path: C:\Program Files\IIS\Microsoft Web Deploy V5\msdeploy.exe
+  - Path: C:\Program Files (x86)\IIS\Microsoft Web Deploy V5\msdeploy.exe
 Code_Sample:
   - Code:
 Detection:
@@ -30,3 +44,5 @@ Resources:
 Acknowledgement:
   - Person: Pierre-Alexandre Braeken
     Handle: '@pabraeken'
+  - Person: Avihay Eldad
+    Handle: '@AvihayEldad'