mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-25 14:29:24 +01:00
38 lines
1.0 KiB
YAML
38 lines
1.0 KiB
YAML
---
|
|
Name: Binary.exe
|
|
Description: Something general about the binary
|
|
Author: The name of the person that created this file
|
|
Created: YYYY-MM-DD (date the person created this file)
|
|
Commands:
|
|
- Command: The command
|
|
Description: Description of the command
|
|
Usecase: A description of the usecase
|
|
Category: Execute
|
|
Privileges: Required privs
|
|
MitreID: T1055
|
|
OperatingSystem: Windows 10 1803, Windows 10 1703
|
|
- Command: The second command
|
|
Description: Description of the second command
|
|
Usecase: A description of the usecase
|
|
Category: AWL Bypass
|
|
Privileges: Required privs
|
|
MitreID: T1033
|
|
OperatingSystem: Windows 10 All
|
|
Full_Path:
|
|
- Path: c:\windows\system32\bin.exe
|
|
- Path: c:\windows\syswow64\bin.exe
|
|
Code_Sample:
|
|
- Code: http://url.com/git.txt
|
|
Detection:
|
|
- IOC: Event ID 10
|
|
- IOC: binary.exe spawned
|
|
Resources:
|
|
- Link: http://blogpost.com
|
|
- Link: http://twitter.com/something
|
|
- Link: Threatintelreport...
|
|
Acknowledgement:
|
|
- Person: John Doe
|
|
Handle: '@johndoe'
|
|
- Person: Ola Norman
|
|
Handle: '@olaNor'
|