Bypassing Applocker with MSBuild.exe
Tags
| attack-pattern: | Msbuild - T1127.001 Powershell - T1059.001 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | d6a2f0be-997e-46c2-9265-e5bbc060bfc3 |
| Fingerprint | ae8422493f1b1830 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Sept. 18, 2016, 8:43 a.m. |
| Added to db | Jan. 18, 2023, 9:41 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | UNKNOWN |
| Title | Bypassing Applocker with MSBuild.exe |
| Detected Hints/Tags/Attributes | 18/1/18 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://evi1cg.me/archives/ypassing_Applocker_with_MSBuild-exe.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 6 | msdn.microsoft |
|
| Details | Domain | 201 | msdn.microsoft.com |
|
| Details | Domain | 73 | schemas.microsoft.com |
|
| Details | Domain | 285 | microsoft.net |
|
| Details | Domain | 7 | microsoft.build |
|
| Details | Domain | 228 | system.io |
|
| Details | Domain | 107 | system.management |
|
| Details | Domain | 4 | runspace.open |
|
| Details | File | 149 | msbuild.exe |
|
| Details | File | 1 | dd722601.aspx |
|
| Details | File | 1 | simpletasks.cs |
|
| Details | File | 28 | 0.dll |
|
| Details | File | 1 | 以上文件保存为123.cs |
|
| Details | File | 3 | pshell.xml |
|
| Details | File | 6 | collections.obj |
|
| Details | Url | 1 | https://msdn.microsoft.c |
|
| Details | Url | 1 | https://msdn.microsoft.com/en-us/library/dd722601.aspx |
|
| Details | Url | 4 | http://schemas.microsoft.com/developer/msbuild/2003 |