Windows

Url.dllUrl.dll

Platform
Windows
Abuse functions
6
Mapped techniques
1

Description

Url.dll is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: Execute. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1218. Defenders should monitor execution of Url.dll under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 6

ExecuteT1218.011

Invoke an HTML Application via mshta.exe (Default Handler).

ExecuteT1218.011

Load an executable payload by calling a .url file.

ExecuteT1218.011

Load an executable payload by specifying the file protocol handler (obfuscated).

ExecuteT1218.011

Launch an executable.

ExecuteT1218.011

Load an executable payload by specifying the file protocol handler (obfuscated).

ExecuteT1218.011

Invoke an HTML Application via mshta.exe (Default Handler).

MITRE ATT&CK techniques· 1

T1218.011

Uses1

TypeTargetConfidenceTier
SubTechniqueRundll32t1218.011100%live

Abuses1

TypeTargetConfidenceTier
TechniqueSystem Binary Proxy Executiont121885%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
Shell32.dll
LOLbin
Mshtml.dll
LOLbin
Pcwutl.dll
LOLbin
Rundll32.exe
LOLbin
Shdocvw.dll
LOLbin
Ieframe.dll
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.