public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-25 19:53:08 +02:00
Code Issues Projects Releases Wiki Activity

Update Ieadvpack.yml Tags

Browse Source 
Added Tags:
- Execute INF
- Execute EXE
- Execute CMD
This commit is contained in:
hegusung
2024-10-13 18:16:43 +02:00
committed by GitHub
parent f086057104
commit f09cfa5b8c
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
yml/OSLibraries/Ieadvpack.yml
View File

@@ -11,6 +11,8 @@ Commands:
Privileges: User
MitreID: T1218.011
OperatingSystem: Windows 10, Windows 11
Tags:
- Execute: INF
- Command: rundll32.exe ieadvpack.dll,LaunchINFSection c:\test.inf,,1,
Description: Execute the specified (local or remote) .wsh/.sct script with scrobj.dll in the .inf file by calling an information file directive (DefaultInstall section implied).
Usecase: Run local or remote script(let) code through INF file specification.
@@ -18,6 +20,8 @@ Commands:
Privileges: User
MitreID: T1218.011
OperatingSystem: Windows 10, Windows 11
Tags:
- Execute: INF
- Command: rundll32.exe ieadvpack.dll,RegisterOCX test.dll
Description: Launch a DLL payload by calling the RegisterOCX function.
Usecase: Load a DLL payload.
@@ -34,6 +38,8 @@ Commands:
Privileges: User
MitreID: T1218.011
OperatingSystem: Windows 10, Windows 11
Tags:
- Execute: EXE
- Command: rundll32 ieadvpack.dll, RegisterOCX "cmd.exe /c calc.exe"
Description: Launch command line by calling the RegisterOCX function.
Usecase: Run an executable payload.
@@ -41,6 +47,8 @@ Commands:
Privileges: User
MitreID: T1218.011
OperatingSystem: Windows 10, Windows 11
Tags:
- Execute: CMD
Full_Path:
- Path: c:\windows\system32\ieadvpack.dll
- Path: c:\windows\syswow64\ieadvpack.dll