| ID | Name |
|---|---|
| ATAGS-T1108.001 | ClickOnce |
| ATAGS-T1108.002 | JamPlus |
| ATAGS-T1108.003 | MSBuild |
Threat Actors may use MSBuild to proxy execution of code through a trusted Windows utility. MSBuild.exe (Microsoft Build Engine) is a software build platform used by Visual Studio. It handles XML formatted project files that define requirements for loading and building various platforms and configurations.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.