Remove/fix unnecessary Categories field

This commit is contained in:
Wietze 2021-01-10 15:48:20 +00:00
parent 5ec4de562b
commit fc223eb3d8
No known key found for this signature in database
GPG Key ID: E17630129FF993CF
18 changed files with 2 additions and 19 deletions

View File

@ -3,7 +3,6 @@ Name: Explorer.exe
Description: Execute Description: Execute
Author: '' Author: ''
Created: 2018-05-25 Created: 2018-05-25
Categories: []
Commands: Commands:
- Command: explorer.exe calc.exe - Command: explorer.exe calc.exe
Description: 'Executes calc.exe as a subprocess of explorer.exe.' Description: 'Executes calc.exe as a subprocess of explorer.exe.'

View File

@ -3,7 +3,6 @@ Name: Netsh.exe
Description: Execute, Surveillance Description: Execute, Surveillance
Author: '' Author: ''
Created: 2018-05-25 Created: 2018-05-25
Categories: []
Commands: Commands:
- Command: | - Command: |
netsh.exe trace start capture=yes filemode=append persistent=yes tracefile=\\server\share\file.etl IPv4.Address=!(<IPofRemoteFileShare>) netsh.exe trace start capture=yes filemode=append persistent=yes tracefile=\\server\share\file.etl IPv4.Address=!(<IPofRemoteFileShare>)

View File

@ -3,7 +3,6 @@ Name: Nltest.exe
Description: Credentials Description: Credentials
Author: '' Author: ''
Created: 2018-05-25 Created: 2018-05-25
Categories: []
Commands: Commands:
- Command: nltest.exe /SERVER:192.168.1.10 /QUERY - Command: nltest.exe /SERVER:192.168.1.10 /QUERY
Description: '' Description: ''

View File

@ -3,7 +3,6 @@ Name: Openwith.exe
Description: Execute Description: Execute
Author: '' Author: ''
Created: 2018-05-25 Created: 2018-05-25
Categories: []
Commands: Commands:
- Command: OpenWith.exe /c C:\test.hta - Command: OpenWith.exe /c C:\test.hta
Description: Opens the target file with the default application. Description: Opens the target file with the default application.

View File

@ -3,7 +3,6 @@ Name: Powershell.exe
Description: Execute, Read ADS Description: Execute, Read ADS
Author: '' Author: ''
Created: 2018-05-25 Created: 2018-05-25
Categories: []
Commands: Commands:
- Command: powershell -ep bypass - < c:\temp:ttt - Command: powershell -ep bypass - < c:\temp:ttt
Description: Execute the encoded PowerShell command stored in an Alternate Data Stream (ADS). Description: Execute the encoded PowerShell command stored in an Alternate Data Stream (ADS).

View File

@ -3,7 +3,6 @@ Name: Psr.exe
Description: Surveillance Description: Surveillance
Author: '' Author: ''
Created: 2018-05-25 Created: 2018-05-25
Categories: []
Commands: Commands:
- Command: psr.exe /start /gui 0 /output c:\users\user\out.zip - Command: psr.exe /start /gui 0 /output c:\users\user\out.zip
Description: Capture screenshots of the desktop and save them in the target .ZIP file. Description: Capture screenshots of the desktop and save them in the target .ZIP file.

View File

@ -3,7 +3,6 @@ Name: Robocopy.exe
Description: Copy Description: Copy
Author: '' Author: ''
Created: 2018-05-25 Created: 2018-05-25
Categories: []
Commands: Commands:
- Command: Robocopy.exe C:\SourceFolder C:\DestFolder - Command: Robocopy.exe C:\SourceFolder C:\DestFolder
Description: Copy the entire contents of the SourceFolder to the DestFolder. Description: Copy the entire contents of the SourceFolder to the DestFolder.

View File

@ -3,7 +3,6 @@ Name: AcroRd32.exe
Description: Execute Description: Execute
Author: '' Author: ''
Created: 2018-05-25 Created: 2018-05-25
Categories: []
Commands: Commands:
- Command: Replace C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe by your binary - Command: Replace C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe by your binary
Description: Hijack RdrCEF.exe with a payload executable to launch when opening Adobe Description: Hijack RdrCEF.exe with a payload executable to launch when opening Adobe

View File

@ -3,7 +3,6 @@ Name: Gpup.exe
Description: Execute Description: Execute
Author: '' Author: ''
Created: 2018-05-25 Created: 2018-05-25
Categories: []
Commands: Commands:
- Command: Gpup.exe -w whatever -e c:\Windows\System32\calc.exe - Command: Gpup.exe -w whatever -e c:\Windows\System32\calc.exe
Description: Execute another command through gpup.exe (Notepad++ binary). Description: Execute another command through gpup.exe (Notepad++ binary).

View File

@ -3,7 +3,6 @@ Name: Nlnotes.exe
Description: Execute Description: Execute
Author: '' Author: ''
Created: 2018-05-25 Created: 2018-05-25
Categories: []
Commands: Commands:
- Command: NLNOTES.EXE /authenticate "=N:\Lotus\Notes\Data\notes.ini" -Command if((Get-ExecutionPolicy ) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass } - Command: NLNOTES.EXE /authenticate "=N:\Lotus\Notes\Data\notes.ini" -Command if((Get-ExecutionPolicy ) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass }
Description: Run PowerShell via LotusNotes. Description: Run PowerShell via LotusNotes.

View File

@ -3,7 +3,6 @@ Name: Notes.exe
Description: Execute Description: Execute
Author: '' Author: ''
Created: 2018-05-25 Created: 2018-05-25
Categories: []
Commands: Commands:
- Command: Notes.exe "=N:\Lotus\Notes\Data\notes.ini" -Command if((Get-ExecutionPolicy) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass } - Command: Notes.exe "=N:\Lotus\Notes\Data\notes.ini" -Command if((Get-ExecutionPolicy) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass }
Description: Run PowerShell via LotusNotes. Description: Run PowerShell via LotusNotes.

View File

@ -3,7 +3,6 @@ Name: Nvudisp.exe
Description: Execute, Copy, Add registry, Create shortcut, kill process Description: Execute, Copy, Add registry, Create shortcut, kill process
Author: '' Author: ''
Created: 2018-05-25 Created: 2018-05-25
Categories: []
Commands: Commands:
- Command: Nvudisp.exe System calc.exe - Command: Nvudisp.exe System calc.exe
Description: Execute calc.exe as a subprocess. Description: Execute calc.exe as a subprocess.

View File

@ -3,7 +3,6 @@ Name: Nvuhda6.exe
Description: Execute, Copy, Add registry, Create shortcut, kill process Description: Execute, Copy, Add registry, Create shortcut, kill process
Author: '' Author: ''
Created: 2018-05-25 Created: 2018-05-25
Categories: []
Commands: Commands:
- Command: nvuhda6.exe System calc.exe - Command: nvuhda6.exe System calc.exe
Description: Execute calc.exe as a subprocess. Description: Execute calc.exe as a subprocess.

View File

@ -3,7 +3,6 @@ Name: ROCCAT_Swarm.exe
Description: Execute Description: Execute
Author: '' Author: ''
Created: 2018-05-25 Created: 2018-05-25
Categories: []
Commands: Commands:
- Command: Replace ROCCAT_Swarm_Monitor.exe with your binary.exe - Command: Replace ROCCAT_Swarm_Monitor.exe with your binary.exe
Description: Hijack ROCCAT_Swarm_Monitor.exe and launch payload when executing ROCCAT_Swarm.exe Description: Hijack ROCCAT_Swarm_Monitor.exe and launch payload when executing ROCCAT_Swarm.exe

View File

@ -3,7 +3,6 @@ Name: Setup.exe
Description: Execute Description: Execute
Author: '' Author: ''
Created: 2018-05-25 Created: 2018-05-25
Categories: []
Commands: Commands:
- Command: Run Setup.exe - Command: Run Setup.exe
Description: Hijack hpbcsiServiceMarshaller.exe and run Setup.exe to launch a payload. Description: Hijack hpbcsiServiceMarshaller.exe and run Setup.exe to launch a payload.

View File

@ -3,7 +3,6 @@ Name: Usbinst.exe
Description: Execute Description: Execute
Author: '' Author: ''
Created: 2018-05-25 Created: 2018-05-25
Categories: []
Commands: Commands:
- Command: Usbinst.exe InstallHinfSection "DefaultInstall 128 c:\temp\calc.inf" - Command: Usbinst.exe InstallHinfSection "DefaultInstall 128 c:\temp\calc.inf"
Description: Execute calc.exe through DefaultInstall Section Directive in INF file. Description: Execute calc.exe through DefaultInstall Section Directive in INF file.

View File

@ -3,7 +3,6 @@ Name: VBoxDrvInst.exe
Description: Persistence Description: Persistence
Author: '' Author: ''
Created: 2018-05-25 Created: 2018-05-25
Categories: []
Commands: Commands:
- Command: VBoxDrvInst.exe driver executeinf c:\temp\calc.inf - Command: VBoxDrvInst.exe driver executeinf c:\temp\calc.inf
Description: Set registry key-value for persistance via INF file call through VBoxDrvInst.exe Description: Set registry key-value for persistance via INF file call through VBoxDrvInst.exe

View File

@ -6,14 +6,14 @@ Created: 2018-05-25
Commands: Commands:
- Command: cscript testxlst.js C:\test\test.xml c:\test\test.xls c:\test\test.out - Command: cscript testxlst.js C:\test\test.xml c:\test\test.xls c:\test\test.out
Description: Test Jscript included in Python tool to perform XSL transform (for payload execution). Description: Test Jscript included in Python tool to perform XSL transform (for payload execution).
Categories: Execution Category: Execution
Privileges: User Privileges: User
MitreID: T1064 MitreID: T1064
MitreLink: https://attack.mitre.org/wiki/Technique/T1064 MitreLink: https://attack.mitre.org/wiki/Technique/T1064
OperatingSystem: Windows OperatingSystem: Windows
- Command: wscript testxlst.js C:\test\test.xml c:\test\test.xls c:\test\test.out - Command: wscript testxlst.js C:\test\test.xml c:\test\test.xls c:\test\test.out
Description: Test Jscript included in Python tool to perform XSL transform (for payload execution). Description: Test Jscript included in Python tool to perform XSL transform (for payload execution).
Categories: Execution Category: Execution
Privileges: User Privileges: User
MitreID: T1064 MitreID: T1064
MitreLink: https://attack.mitre.org/wiki/Technique/T1064 MitreLink: https://attack.mitre.org/wiki/Technique/T1064