Windows

Cipher.exeCipher.exe

Platform
Windows
Abuse functions
2
Mapped techniques
2

Description

Cipher.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: Tamper. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1565. Defenders should monitor execution of Cipher.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 2

TamperT1485

Can be used to forensically erase a file.

TamperT1562

Can be used to impair defences by e.g. encrypting a critical EDR solution file.

MITRE ATT&CK techniques· 2

T1485T1562

Uses2

TypeTargetConfidenceTier
TechniqueImpair Defensest1562100%live
TechniqueData Destructiont1485100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
Logger.exe
LOLbin
te.exe
LOLbin
CertOC.exe
LOLbin
Certutil.exe
LOLbin
Tracker.exe
LOLbin
csi.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.