mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-25 14:29:24 +01:00
Cipher.YML updated
This commit is contained in:
parent
abbb1e1ccf
commit
f92708015b
@ -1,6 +1,6 @@
|
||||
---
|
||||
Name: Cipher.exe
|
||||
Description: Windows binary can be used to overwrite deleted data in Windows direoctry and volume
|
||||
Description: Windows binary can be used to overwrite deleted data in Windows directory and volume
|
||||
Author: Adetutu Ogunsowo
|
||||
Created: 2024-11-22 # YYYY-MM-DD (date the person created this file)
|
||||
Commands:
|
||||
@ -9,15 +9,12 @@ Commands:
|
||||
Usecase: Attacker wants to permanently delete their artefacts, evidence, logs etc. and cannot be retrived by forensics means
|
||||
Category: Encode
|
||||
Privileges: User
|
||||
MitreID: T1485.001
|
||||
MitreID: T1485.001
|
||||
OperatingSystem: Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
|
||||
Full_Path:
|
||||
- Path: c:\windows\system32\cipher.exe
|
||||
- Path: c:\windows\syswow64\cipher.exe
|
||||
Code_Sample:
|
||||
- Code:
|
||||
Detection:
|
||||
- IOC: Event ID 10
|
||||
- IOC: cipher.exe spawned
|
||||
Resources:
|
||||
- Link: https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/
|
Loading…
Reference in New Issue
Block a user