File tree Expand file tree Collapse file tree 1 file changed +4
-3
lines changed
Expand file tree Collapse file tree 1 file changed +4
-3
lines changed Original file line number Diff line number Diff line change @@ -6,11 +6,11 @@ Created: 2019-10-04
66Commands :
77 - Command : devtoolslauncher.exe LaunchForDeploy {PATH_ABSOLUTE:.exe} "{CMD:args}" test
88 Description : The above binary will execute other binary.
9- Usecase : Execute any binary with given arguments and it will call developertoolssvc.exe. developertoolssvc is actually executing the binary.
9+ Usecase : Execute any binary with given arguments and it will call ` developertoolssvc.exe`. ` developertoolssvc` is actually executing the binary.
1010 Category : Execute
1111 Privileges : User
1212 MitreID : T1127
13- OperatingSystem : Windows 7 and up with VS/VScode installed
13+ OperatingSystem : Windows
1414 Tags :
1515 - Execute : CMD
1616 - Command : devtoolslauncher.exe LaunchForDebug {PATH_ABSOLUTE:.exe} "{CMD:args}" test
@@ -19,7 +19,7 @@ Commands:
1919 Category : Execute
2020 Privileges : User
2121 MitreID : T1127
22- OperatingSystem : Windows 7 and up with VS/VScode installed
22+ OperatingSystem : Windows
2323 Tags :
2424 - Execute : CMD
2525Full_Path :
@@ -29,6 +29,7 @@ Detection:
2929 - IOC : DeveloperToolsSvc.exe spawned an unknown process
3030Resources :
3131 - Link : https://twitter.com/_felamos/status/1179811992841797632
32+ - Link : https://www.virustotal.com/gui/file/84877a507af8b70c145777a87eaf28a8327c50a1563fe650f34572bef8a42ff6/details
3233Acknowledgement :
3334 - Person : felamos
3435 Handle : ' @_felamos'
You can’t perform that action at this time.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments