From dfec93e7deec5e6737803c2d8e50da98c4cf860c Mon Sep 17 00:00:00 2001
From: hegusung <7390383+hegusung@users.noreply.github.com>
Date: Sun, 13 Oct 2024 17:13:41 +0200
Subject: [PATCH] Update Stordiag.yml Tags

Added Tags:
- Execute: EXE
---
 yml/OSBinaries/Stordiag.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/yml/OSBinaries/Stordiag.yml b/yml/OSBinaries/Stordiag.yml
index a2f312e..aa42bf6 100644
--- a/yml/OSBinaries/Stordiag.yml
+++ b/yml/OSBinaries/Stordiag.yml
@@ -11,6 +11,8 @@ Commands:
     Privileges: User
     MitreID: T1218
     OperatingSystem: Windows 10
+    Tags:
+    - Execute: EXE
   - Command: stordiag.exe
     Description: Once executed, Stordiag.exe will execute schtasks.exe and powershell.exe - if stordiag.exe is copied to a folder and an arbitrary executable is renamed to one of these names, stordiag.exe will execute it.
     Usecase: Possible defence evasion purposes.
@@ -18,6 +20,8 @@ Commands:
     Privileges: User
     MitreID: T1218
     OperatingSystem: Windows 11
+    Tags:
+    - Execute: EXE
 Full_Path:
   - Path: c:\windows\system32\stordiag.exe
   - Path: c:\windows\syswow64\stordiag.exe