Technique T1218

Signed Binary Proxy Execution

Signed Binary Proxy Execution ranks second this year thanks in large part to detections associated with two of its sub-techniques: Rundll32 and Mshta.

Pairs with this song

#2

Overall rank

49.3%

Organizations affected

3755

Confirmed threats
T1218.011
Rundll32
Rundll32

30%

organizations affected

2,380

confirmed threats

Adversaries use this native Windows process to execute malicious code through dynamic link libraries (DLL), often to bypass application controls.

SEE MORE
T1218.005
Mshta
Mshta

18.8%

organizations affected

738

confirmed threats

Mshta is attractive to adversaries both in the early and latter stages of an infection because it enables them to proxy the execution of arbitrary code through a trusted utility.

SEE MORE

Definition