<<< Hide Navigation Hide TOC >>>

Makecab (cf7f05a7-4093-4855-b9d9-b93226056aec)

This object contains information sourced from the Living Off The Land Binaries, Scripts and Libraries (LOLBAS) project, which is licensed under GNU General Public License v3.0.

Description: Binary to package existing files into a cabinet (.cab) file

Author: Oddvar Moe

Paths: * C:\Windows\System32\makecab.exe * C:\Windows\SysWOW64\makecab.exe

Resources: * https://gist.github.com/api0cradle/cdd2d0d0ec9abb686f0e89306e277b8f

Detection: * Sigma: proc_creation_win_susp_alternate_data_streams.yml * Elastic: defense_evasion_misc_lolbin_connecting_to_the_internet.toml * IOC: Makecab retrieving files from Internet * IOC: Makecab storing data into alternate data streams^{[Makecab.exe - LOLBAS Project]}

Rows: 2

Loading extensions...

Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

---

TableFilter v0.7.2

https://www.tablefilter.com/
©2015-2025 Max Guglielmi

Close

?

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
	Clear Tidal Groups Tidal Software		Clear Tidal Groups Tidal Software	Clear 1
MuddyWater (dcb260d8-9d53-404f-9ff5-dbee2c6effe6)	Tidal Groups	Makecab (cf7f05a7-4093-4855-b9d9-b93226056aec)	Tidal Software	1
Makecab (cf7f05a7-4093-4855-b9d9-b93226056aec)	Tidal Software	Volt Typhoon (4ea1245f-3f35-5168-bd10-1fc49142fd4e)	Tidal Groups	1