Fixed a few categories

2024-12-26 14:59:03 +01:00 · 2018-09-26 10:33:52 -04:00 · 2018-09-26 10:33:52 -04:00 · f8e9ac5a0a
commit f8e9ac5a0a
parent bac3b9e56c
11 changed files with 20 additions and 19 deletions
--- a/yml/OSLibraries/Advpack.yml
+++ b/yml/OSLibraries/Advpack.yml
@ -23,7 +23,7 @@ Commands:
  - Command: rundll32.exe advpack.dll,RegisterOCX test.dll
    Description: Launch a DLL payload by calling the RegisterOCX function.
    UseCase: Load a DLL payload.
-    Category: Execution
+    Category: Execute
    Privileges: User
    MitreID: T1085
    MItreLink: https://attack.mitre.org/wiki/Technique/T1085
@ -31,14 +31,14 @@ Commands:
  - Command: rundll32.exe advpack.dll,RegisterOCX calc.exe
    Description: Launch an executable by calling the RegisterOCX function.
    UseCase: Run an executable payload.
-    Category: Execution
+    Category: Execute
    Privileges: User
    MitreID: T1085
    MItreLink: https://attack.mitre.org/wiki/Technique/T1085
  - Command: rundll32 advpack.dll, RegisterOCX "cmd.exe /c calc.exe"
    Description: Launch command line by calling the RegisterOCX function.
    UseCase: Run an executable payload.
-    Category: Execution
+    Category: Execute
    Privileges: User
    MitreID: T1085
    MItreLink: https://attack.mitre.org/wiki/Technique/T1085
@ -55,7 +55,7 @@ Resources:
  - Link: https://twitter.com/ItsReallyNick/status/967859147977850880
  - Link: https://twitter.com/bohops/status/974497123101179904
  - Link: https://twitter.com/moriarty_meng/status/977848311603380224
-Acknowledgment:
+Acknowledegment:
  - Person: Jimmy (LaunchINFSection)
    Handle: '@bohops'
  - Person: Fabrizio (RegisterOCX - DLL)
--- a/yml/OSLibraries/Ieadvpack.yml
+++ b/yml/OSLibraries/Ieadvpack.yml
@ -23,7 +23,7 @@ Commands:
  - Command: rundll32.exe ieadvpack.dll,RegisterOCX test.dll
    Description: Launch a DLL payload by calling the RegisterOCX function.
    UseCase: Load a DLL payload.
-    Category: Execution
+    Category: Execute
    Privileges: User
    MitreID: T1085
    MItreLink: https://attack.mitre.org/wiki/Technique/T1085
@ -31,14 +31,14 @@ Commands:
  - Command: rundll32.exe ieadvpack.dll,RegisterOCX calc.exe
    Description: Launch an executable by calling the RegisterOCX function.
    UseCase: Run an executable payload.
-    Category: Execution
+    Category: Execute
    Privileges: User
    MitreID: T1085
    MItreLink: https://attack.mitre.org/wiki/Technique/T1085
  - Command: rundll32 ieadvpack.dll, RegisterOCX "cmd.exe /c calc.exe"
    Description: Launch command line by calling the RegisterOCX function.
    UseCase: Run an executable payload.
-    Category: Execution
+    Category: Execute
    Privileges: User
    MitreID: T1085
    MItreLink: https://attack.mitre.org/wiki/Technique/T1085
@ -54,7 +54,7 @@ Resources:
  - Link: https://bohops.com/2018/03/10/leveraging-inf-sct-fetch-execute-techniques-for-bypass-evasion-persistence-part-2/
  - Link: https://twitter.com/pabraeken/status/991695411902599168
  - Link: https://twitter.com/0rbz_/status/974472392012689408
-Acknowledgment:
+Acknowledgement:
  - Person: Jimmy (LaunchINFSection)
    Handle: '@bohops'
  - Person: Fabrizio (RegisterOCX - DLL)
--- a/yml/OSLibraries/Ieframe.yml
+++ b/yml/OSLibraries/Ieframe.yml
@ -24,9 +24,10 @@ Resources:
  - Link: https://bohops.com/2018/03/17/abusing-exported-functions-and-exposed-dcom-interfaces-for-pass-thru-command-execution-and-lateral-movement/
  - Link: https://twitter.com/bohops/status/997690405092290561
  - Link: https://windows10dll.nirsoft.net/ieframe_dll.html
-Acknowledgment:
+Acknowledgement:
  - Person: Jimmy
    Handle: '@bohops'
  - Person: Adam
    Handle: '@hexacorn'
 ---
--- a/yml/OSLibraries/Mshtml.yml
+++ b/yml/OSLibraries/Mshtml.yml
@ -22,7 +22,7 @@ Detection:
 Resources:
  - Link: https://twitter.com/pabraeken/status/998567549670477824
  - Link: https://windows10dll.nirsoft.net/mshtml_dll.html
-Acknowledgment:
+Acknowledgement:
  - Person: Pierre-Alexandre Braeken
    Handle: '@pabraeken'
 ---
--- a/yml/OSLibraries/Pcwutl.yml
+++ b/yml/OSLibraries/Pcwutl.yml
@ -22,6 +22,6 @@ Detection:
 Resources:
  - Link: https://twitter.com/harr0ey/status/989617817849876488
  - Link: https://windows10dll.nirsoft.net/pcwutl_dll.html
-Acknowledgment:
+Acknowledgement:
  - Person: Matt harr0ey
    Handle: '@harr0ey'
--- a/yml/OSLibraries/Setupapi.yml
+++ b/yml/OSLibraries/Setupapi.yml
@ -15,7 +15,7 @@ Commands:
  - Command: rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\\Tools\\calc_exe.inf
    Description: Launch an executable file via the InstallHinfSection function and .inf file section directive.
    UseCase: Load an executable payload.
-    Category: Execution
+    Category: Execute
    Privileges: User
    MitreID: T1085
    MitreLink: https://attack.mitre.org/wiki/Technique/T1085
@ -34,7 +34,7 @@ Resources:
  - Link: https://github.com/huntresslabs/evading-autoruns
  - Link: https://twitter.com/pabraeken/status/994742106852941825
  - Link: https://windows10dll.nirsoft.net/setupapi_dll.html
-Acknowledgment:
+Acknowledgement:
  - Person: Kyle Hanslovan (COM Scriptlet)
    Handle: '@KyleHanslovan'
  - Person:  Huntress Labs (COM Scriptlet)
--- a/yml/OSLibraries/Shdocvw.yml
+++ b/yml/OSLibraries/Shdocvw.yml
@ -24,7 +24,7 @@ Resources:
    - Link: https://bohops.com/2018/03/17/abusing-exported-functions-and-exposed-dcom-interfaces-for-pass-thru-command-execution-and-lateral-movement/
    - Link: https://twitter.com/bohops/status/997690405092290561
    - Link: https://windows10dll.nirsoft.net/shdocvw_dll.html
-Acknowledgment:
+Acknowledgement:
  - Person: Adam
    Handle: '@hexacorn'
  - Person: Jimmy
--- a/yml/OSLibraries/Shell32.yml
+++ b/yml/OSLibraries/Shell32.yml
@ -39,7 +39,7 @@ Resources:
  - Link: https://twitter.com/mattifestation/status/776574940128485376
  - Link: https://twitter.com/KyleHanslovan/status/905189665120149506
  - Link: https://windows10dll.nirsoft.net/shell32_dll.html
-Acknowledgment:
+Acknowledgement:
  - Person: Adam (Control_RunDLL)
    Handle: '@hexacorn'
  - Person: Pierre-Alexandre Braeken (ShellExec_RunDLL)
--- a/yml/OSLibraries/Syssetup.yml
+++ b/yml/OSLibraries/Syssetup.yml
@ -15,7 +15,7 @@ Commands:
  - Command: rundll32 syssetup.dll,SetupInfObjectInstallAction DefaultInstall 128 c:\temp\something.inf
    Description: Launch an executable file via the SetupInfObjectInstallAction function and .inf file section directive.
    UseCase: Load an executable payload.
-    Category: Execution
+    Category: Execute
    Privileges: User
    MitreID: T1085
    MitreLink: https://attack.mitre.org/wiki/Technique/T1085
@ -34,7 +34,7 @@ Resources:
  - Link: https://twitter.com/harr0ey/status/975350238184697857
  - Link: https://twitter.com/bohops/status/975549525938135040
  - Link: https://windows10dll.nirsoft.net/syssetup_dll.html
-Acknowledgment:
+Acknowledgement:
  - Person: Pierre-Alexandre Braeken (Execute)
    Handle: '@pabraeken'
  - Person: Matt harr0ey (Execute)
--- a/yml/OSLibraries/Url.yml
+++ b/yml/OSLibraries/Url.yml
@ -66,7 +66,7 @@ Resources:
  - Link: https://twitter.com/yeyint_mth/status/997355558070927360
  - Link: https://twitter.com/Hexacorn/status/974063407321223168
  - Link: https://windows10dll.nirsoft.net/url_dll.html
-Acknowledgment:
+Acknowledgement:
  - Person: Adam (OpenURL)
    Handle: '@hexacorn'
  - Person: Jimmy (OpenURL)
--- a/yml/OSLibraries/Zipfldr.yml
+++ b/yml/OSLibraries/Zipfldr.yml
@ -31,7 +31,7 @@ Resources:
  - Link: https://twitter.com/moriarty_meng/status/977848311603380224
  - Link: https://twitter.com/bohops/status/997896811904929792
  - Link: https://windows10dll.nirsoft.net/zipfldr_dll.html
-Acknowledgment:
+Acknowledgement:
  - Person: Moriarty (Execution)
    Handle: '@moriarty_meng'
  - Person: r0lan (Obfuscation)