From 9d20e06e07881362d2fceca4b9eb3980d47003d1 Mon Sep 17 00:00:00 2001
From: Will Summerhill <35749735+wsummerhill@users.noreply.github.com>
Date: Fri, 22 Nov 2024 14:52:17 -0500
Subject: [PATCH] Create cryptnet.yml

---
 yml/microsoft/built-in/cryptnet.yml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 yml/microsoft/built-in/cryptnet.yml

diff --git a/yml/microsoft/built-in/cryptnet.yml b/yml/microsoft/built-in/cryptnet.yml
new file mode 100644
index 0000000..07cb7dc
--- /dev/null
+++ b/yml/microsoft/built-in/cryptnet.yml
@@ -0,0 +1,24 @@
+---
+Name: cryptnet.dll
+Author: Will Summerhill
+Created: 2024-11-22
+Vendor: Microsoft
+ExpectedLocations:
+- '%SYSTEM32%'
+- '%SYSWOW64%'
+ExpectedSignatureInformation:
+- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
+  Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
+  Type: Catalog
+VulnerableExecutables:
+- Path: 'C:\Program Files\Microsoft Deployment Toolkit\Bin\Microsoft.BDD.Catalog35.exe'
+  Type: Sideloading
+  ExpectedSignatureInformation:
+  - Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
+    Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
+    Type: Catalog
+Resources:
+- https://x.com/BSummerz/status/1860045985919205645
+Acknowledgements:
+- Name: Will Summerhill
+  Twitter: '@BSummerz'