public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-05-09 23:04:09 +02:00
Code Issues Projects Releases Wiki Activity

Added Cipher (#410)

Browse Source 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
This commit is contained in:
iamtutu 2025-04-26 15:42:34 -04:00 committed by GitHub
parent 18b1648e97
commit f8b06c611f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
yml/OSBinaries/Cipher.yml Normal file
View File

@ -0,0 +1,23 @@
---
Name: Cipher.exe
Description: File Encryption Utility
Author: Adetutu Ogunsowo
Created: 2024-11-22
Commands:
- Command: cipher /w:{PATH_ABSOLUTE:folder}
Description: Zero out a file
Usecase: Can be used to forensically erase a file
Category: Tamper
Privileges: User
MitreID: T1485
OperatingSystem: Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Full_Path:
- Path: c:\windows\system32\cipher.exe
- Path: c:\windows\syswow64\cipher.exe
Detection:
- IOC: cipher.exe process with /w on the command line
Resources:
- Link: https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/
Acknowledgement:
- Person: Ade Ogunsowo
Handle: "@i_am_tutu"