Create T1219.yaml (#838)
* Create T1219.yaml Added first atomic for T1219 * spacing corrections * spacing corrections Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
This commit is contained in:
Luminous-InfiniTom
committed by
GitHub
GitHub
parent
ec50c4b064
commit
381ba9d449
@@ -0,0 +1,16 @@
|
||||
---
|
||||
attack_technique: T1219
|
||||
display_name: Remote Access Tools
|
||||
|
||||
atomic_tests:
|
||||
- name: TeamViewer Files Detected Test on Windows
|
||||
description: |
|
||||
An adversary may attempt to trick the user into downloading teamviewer and using this to maintain access to the machine.
|
||||
supported_platforms:
|
||||
- windows
|
||||
executor:
|
||||
name: powershell
|
||||
elevation_required: false
|
||||
command: |
|
||||
$client = new-object System.Net.WebClient
|
||||
$client.DownloadFile("https://download.teamviewer.com/download/TeamViewer_Setup.exe","C:\tmp\teamviewer.exe")
|
||||
Reference in New Issue
Block a user