Windows

Advpack.dllAdvpack.dll

Platform
Windows
Abuse functions
5
Mapped techniques
1

Description

Advpack.dll is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: AWL Bypass, Execute. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1218. Defenders should monitor execution of Advpack.dll under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 5

AWL BypassT1218.011

Run local or remote script(let) code through INF file specification.

AWL BypassT1218.011

Run local or remote script(let) code through INF file specification.

ExecuteT1218.011

Load a DLL payload.

ExecuteT1218.011

Run an executable payload.

ExecuteT1218.011

Run an executable payload.

MITRE ATT&CK techniques· 1

T1218.011

Uses1

TypeTargetConfidenceTier
SubTechniqueRundll32t1218.011100%live

Abuses1

TypeTargetConfidenceTier
TechniqueSystem Binary Proxy Executiont121885%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
Ieadvpack.dll
LOLbin
adplus.exe
LOLbin
DefaultPack.EXE
LOLbin
Syssetup.dll
LOLbin
Setupapi.dll
LOLbin
Rundll32.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.