Skip to content

Commit f927080

Browse files
iamtutuiamtutu
authored
Cipher.YML updated
1 parent abbb1e1 commit f927080

File tree

1 file changed

+2
-5
lines changed

1 file changed

+2
-5
lines changed

yml/OSBinaries/cipher.yml renamed to yml/OSBinaries/Cipher.yml

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
---
22
Name: Cipher.exe
3-
Description: Windows binary can be used to overwrite deleted data in Windows direoctry and volume
3+
Description: Windows binary can be used to overwrite deleted data in Windows directory and volume
44
Author: Adetutu Ogunsowo
55
Created: 2024-11-22 # YYYY-MM-DD (date the person created this file)
66
Commands:
@@ -9,15 +9,12 @@ Commands:
99
Usecase: Attacker wants to permanently delete their artefacts, evidence, logs etc. and cannot be retrived by forensics means
1010
Category: Encode
1111
Privileges: User
12-
MitreID: T1485.001
12+
MitreID: T1485.001
1313
OperatingSystem: Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
1414
Full_Path:
1515
- Path: c:\windows\system32\cipher.exe
1616
- Path: c:\windows\syswow64\cipher.exe
17-
Code_Sample:
18-
- Code:
1917
Detection:
20-
- IOC: Event ID 10
2118
- IOC: cipher.exe spawned
2219
Resources:
2320
- Link: https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/

0 commit comments

Comments
 (0)