New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mofcomp.exe #137
Labels
Comments
danielgottt
added a commit
to danielgottt/LOLBAS
that referenced
this issue
Jul 19, 2022
Create lolbas yml entry for the Windows binary "mofcomp.exe". This relates to issue LOLBAS-Project#137
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please add mofcomp.exe (Compile, Execution)
Event Triggered Execution: Windows Management Instrumentation Event Subscription (T1546.003)
mofcomp.exe can be used to establish WMI Event Subscription persistence mechanisms configured from a .mof/.bmof file.
Example:
iisstt.dat
This BMOF-file contains malicious VBS-script
mofcomp.exe iisstt.dat
As a result, this script is injected in WMI repository and runs every day 23:00
The text was updated successfully, but these errors were encountered: