From e15a9c3e278096d86b276425faf85ec311442c07 Mon Sep 17 00:00:00 2001
From: Wietze <wietze@users.noreply.github.com>
Date: Sat, 26 Apr 2025 20:23:10 +0100
Subject: [PATCH] Updates for ATT&CK v17

---
 yml/HonorableMentions/Code.yml | 2 +-
 yml/OSBinaries/Dfsvc.yml       | 2 +-
 yml/OSLibraries/Dfshim.yml     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/yml/HonorableMentions/Code.yml b/yml/HonorableMentions/Code.yml
index 6ea9982..72de9ea 100644
--- a/yml/HonorableMentions/Code.yml
+++ b/yml/HonorableMentions/Code.yml
@@ -9,7 +9,7 @@ Commands:
     Usecase: Reverse PowerShell session over MS provided infrastructure.
     Category: Execute
     Privileges: User
-    MitreID: T1219
+    MitreID: T1219.001
     OperatingSystem: Windows 10, Windows 11
 Full_Path:
   - Path: 'C:\Users\<username>\AppData\Local\Programs\Microsoft VS Code\Code.exe'
diff --git a/yml/OSBinaries/Dfsvc.yml b/yml/OSBinaries/Dfsvc.yml
index f8df5a7..10fc3a0 100644
--- a/yml/OSBinaries/Dfsvc.yml
+++ b/yml/OSBinaries/Dfsvc.yml
@@ -9,7 +9,7 @@ Commands:
     Usecase: Use binary to bypass Application whitelisting
     Category: AWL Bypass
     Privileges: User
-    MitreID: T1127
+    MitreID: T1127.002
     OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
     Tags:
       - Execute: ClickOnce
diff --git a/yml/OSLibraries/Dfshim.yml b/yml/OSLibraries/Dfshim.yml
index f7c0a06..b143fbc 100644
--- a/yml/OSLibraries/Dfshim.yml
+++ b/yml/OSLibraries/Dfshim.yml
@@ -9,7 +9,7 @@ Commands:
     Usecase: Use binary to bypass Application whitelisting
     Category: AWL Bypass
     Privileges: User
-    MitreID: T1127
+    MitreID: T1127.002
     OperatingSystem: Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
     Tags:
       - Execute: ClickOnce