security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generated docs from job=generate-docs branch=master [ci skip]

Browse Source
This commit is contained in:
Atomic Red Team doc generator
2022-09-27 15:14:14 +00:00
parent 29d88cdb48
commit 6586dc3be0
2 changed files with 62 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/Indexes/index.yaml
+40 -28
View File
@@ -45094,27 +45094,30 @@ execution:
radmin_installer:
description: Radmin Viewer installer
type: Path
default: "%TEMP%\\RadminViewer.msi"
default: RadminViewer.msi
radmin_exe:
description: The radmin.exe executable from RadminViewer.msi
type: Path
default: "%PROGRAMFILES(x86)%/Radmin Viewer 3/Radmin.exe"
default: Radmin Viewer 3/Radmin.exe
dependency_executor_name: powershell
dependencies:
- description: 'Radmin Viewer Utility must be installed at specified location
(#{radmin_exe})
'
prereq_command: 'if not exist "#{radmin_exe}" (exit /b 1)
prereq_command: 'if (Test-Path "${env:ProgramFiles(x86)}/#{radmin_exe}") {exit
0} else {exit 1}
'
get_prereq_command: |
echo Downloading radmin installer
bitsadmin /transfer myDownloadJob /download /priority normal "https://www.radmin.com/download/Radmin_Viewer_3.5.2.1_EN.msi" #{radmin_installer}
msiexec /i "#{radmin_installer}" /qn
Write-Host Downloading radmin installer
(New-Object Net.WebClient).DownloadFile("https://www.radmin.com/download/Radmin_Viewer_3.5.2.1_EN.msi","$ENV:Temp\#{radmin_installer}")
Write-Host Install Radmin
Start-Process msiexec -Wait -ArgumentList /i , $ENV:Temp\#{radmin_installer}, /qn
executor:
name: command_prompt
elevation_required: true
command: '"#{radmin_exe}"
command: '"%PROGRAMFILES(x86)%/#{radmin_exe}"
'
- name: PDQ Deploy RAT
@@ -45129,26 +45132,29 @@ execution:
PDQ_Deploy_installer:
description: PDQ Deploy Install
type: Path
default: "%TEMP%\\PDQDeploysetup.exe"
default: PDQDeploysetup.exe
PDQ_Deploy_exe:
description: The PDQDeployConsole.exe executable from PDQDeploysetup.exe
type: Path
default: "%PROGRAMFILES(x86)%\\Admin Arsenal\\PDQ Deploy\\PDQDeployConsole.exe"
default: Admin Arsenal/PDQ Deploy/PDQDeployConsole.exe
dependency_executor_name: powershell
dependencies:
- description: 'PDQ Deploy will be installed at specified location (#{PDQ_Deploy_exe})
'
prereq_command: 'if not exist "#{PDQ_Deploy_exe}" (exit /b 1)
prereq_command: 'if (Test-Path "${env:ProgramFiles(x86)}/#{PDQ_Deploy_exe}")
{exit 0} else {exit 1}
'
get_prereq_command: |
echo Downloading PDQ Deploy installer
bitsadmin /transfer myDownloadJob /download /priority normal "https://download.pdq.com/release/19/Deploy_19.3.350.0.exe" #{PDQ_Deploy_installer}
msiexec /i "#{PDQ_Deploy_installer}" /qn
Write-Host Downloading PDQ Deploy installer
(New-Object Net.WebClient).DownloadFile("https://download.pdq.com/release/19/Deploy_19.3.350.0.exe","$ENV:Temp\#{PDQ_Deploy_installer}")
Write-Host Install PDQ Deploy
Start-Process $ENV:Temp\#{PDQ_Deploy_installer} -Wait -ArgumentList "/s"
executor:
name: command_prompt
elevation_required: true
command: '"#{PDQ_Deploy_exe}"
command: '"%PROGRAMFILES(x86)%/#{PDQ_Deploy_exe}"
'
T1059.001:
@@ -70026,27 +70032,30 @@ lateral-movement:
radmin_installer:
description: Radmin Viewer installer
type: Path
default: "%TEMP%\\RadminViewer.msi"
default: RadminViewer.msi
radmin_exe:
description: The radmin.exe executable from RadminViewer.msi
type: Path
default: "%PROGRAMFILES(x86)%/Radmin Viewer 3/Radmin.exe"
default: Radmin Viewer 3/Radmin.exe
dependency_executor_name: powershell
dependencies:
- description: 'Radmin Viewer Utility must be installed at specified location
(#{radmin_exe})
'
prereq_command: 'if not exist "#{radmin_exe}" (exit /b 1)
prereq_command: 'if (Test-Path "${env:ProgramFiles(x86)}/#{radmin_exe}") {exit
0} else {exit 1}
'
get_prereq_command: |
echo Downloading radmin installer
bitsadmin /transfer myDownloadJob /download /priority normal "https://www.radmin.com/download/Radmin_Viewer_3.5.2.1_EN.msi" #{radmin_installer}
msiexec /i "#{radmin_installer}" /qn
Write-Host Downloading radmin installer
(New-Object Net.WebClient).DownloadFile("https://www.radmin.com/download/Radmin_Viewer_3.5.2.1_EN.msi","$ENV:Temp\#{radmin_installer}")
Write-Host Install Radmin
Start-Process msiexec -Wait -ArgumentList /i , $ENV:Temp\#{radmin_installer}, /qn
executor:
name: command_prompt
elevation_required: true
command: '"#{radmin_exe}"
command: '"%PROGRAMFILES(x86)%/#{radmin_exe}"
'
- name: PDQ Deploy RAT
@@ -70061,26 +70070,29 @@ lateral-movement:
PDQ_Deploy_installer:
description: PDQ Deploy Install
type: Path
default: "%TEMP%\\PDQDeploysetup.exe"
default: PDQDeploysetup.exe
PDQ_Deploy_exe:
description: The PDQDeployConsole.exe executable from PDQDeploysetup.exe
type: Path
default: "%PROGRAMFILES(x86)%\\Admin Arsenal\\PDQ Deploy\\PDQDeployConsole.exe"
default: Admin Arsenal/PDQ Deploy/PDQDeployConsole.exe
dependency_executor_name: powershell
dependencies:
- description: 'PDQ Deploy will be installed at specified location (#{PDQ_Deploy_exe})
'
prereq_command: 'if not exist "#{PDQ_Deploy_exe}" (exit /b 1)
prereq_command: 'if (Test-Path "${env:ProgramFiles(x86)}/#{PDQ_Deploy_exe}")
{exit 0} else {exit 1}
'
get_prereq_command: |
echo Downloading PDQ Deploy installer
bitsadmin /transfer myDownloadJob /download /priority normal "https://download.pdq.com/release/19/Deploy_19.3.350.0.exe" #{PDQ_Deploy_installer}
msiexec /i "#{PDQ_Deploy_installer}" /qn
Write-Host Downloading PDQ Deploy installer
(New-Object Net.WebClient).DownloadFile("https://download.pdq.com/release/19/Deploy_19.3.350.0.exe","$ENV:Temp\#{PDQ_Deploy_installer}")
Write-Host Install PDQ Deploy
Start-Process $ENV:Temp\#{PDQ_Deploy_installer} -Wait -ArgumentList "/s"
executor:
name: command_prompt
elevation_required: true
command: '"#{PDQ_Deploy_exe}"
command: '"%PROGRAMFILES(x86)%/#{PDQ_Deploy_exe}"
'
T1210:
atomics/T1072/T1072.md
+22 -20
View File
@@ -30,31 +30,32 @@ An adversary may use Radmin Viewer Utility to remotely control Windows device, t
#### Inputs:
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| radmin_installer | Radmin Viewer installer | Path | %TEMP%\RadminViewer.msi|
| radmin_exe | The radmin.exe executable from RadminViewer.msi | Path | %PROGRAMFILES(x86)%/Radmin Viewer 3/Radmin.exe|
| radmin_installer | Radmin Viewer installer | Path | RadminViewer.msi|
| radmin_exe | The radmin.exe executable from RadminViewer.msi | Path | Radmin Viewer 3/Radmin.exe|
#### Attack Commands: Run with `command_prompt`! Elevation Required (e.g. root or admin)
```cmd
"#{radmin_exe}"
"%PROGRAMFILES(x86)%/#{radmin_exe}"
```
#### Dependencies: Run with `command_prompt`!
#### Dependencies: Run with `powershell`!
##### Description: Radmin Viewer Utility must be installed at specified location (#{radmin_exe})
##### Check Prereq Commands:
```cmd
if not exist "#{radmin_exe}" (exit /b 1)
```powershell
if (Test-Path "${env:ProgramFiles(x86)}/#{radmin_exe}") {exit 0} else {exit 1}
```
##### Get Prereq Commands:
```cmd
echo Downloading radmin installer
bitsadmin /transfer myDownloadJob /download /priority normal "https://www.radmin.com/download/Radmin_Viewer_3.5.2.1_EN.msi" #{radmin_installer}
msiexec /i "#{radmin_installer}" /qn
```powershell
Write-Host Downloading radmin installer
(New-Object Net.WebClient).DownloadFile("https://www.radmin.com/download/Radmin_Viewer_3.5.2.1_EN.msi","$ENV:Temp\#{radmin_installer}")
Write-Host Install Radmin
Start-Process msiexec -Wait -ArgumentList /i , $ENV:Temp\#{radmin_installer}, /qn
```
@@ -78,31 +79,32 @@ An adversary may use PDQ Deploy Software to deploy the Remote Adminstartion Tool
#### Inputs:
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| PDQ_Deploy_installer | PDQ Deploy Install | Path | %TEMP%\PDQDeploysetup.exe|
| PDQ_Deploy_exe | The PDQDeployConsole.exe executable from PDQDeploysetup.exe | Path | %PROGRAMFILES(x86)%\Admin Arsenal\PDQ Deploy\PDQDeployConsole.exe|
| PDQ_Deploy_installer | PDQ Deploy Install | Path | PDQDeploysetup.exe|
| PDQ_Deploy_exe | The PDQDeployConsole.exe executable from PDQDeploysetup.exe | Path | Admin Arsenal/PDQ Deploy/PDQDeployConsole.exe|
#### Attack Commands: Run with `command_prompt`! Elevation Required (e.g. root or admin)
```cmd
"#{PDQ_Deploy_exe}"
"%PROGRAMFILES(x86)%/#{PDQ_Deploy_exe}"
```
#### Dependencies: Run with `command_prompt`!
#### Dependencies: Run with `powershell`!
##### Description: PDQ Deploy will be installed at specified location (#{PDQ_Deploy_exe})
##### Check Prereq Commands:
```cmd
if not exist "#{PDQ_Deploy_exe}" (exit /b 1)
```powershell
if (Test-Path "${env:ProgramFiles(x86)}/#{PDQ_Deploy_exe}") {exit 0} else {exit 1}
```
##### Get Prereq Commands:
```cmd
echo Downloading PDQ Deploy installer
bitsadmin /transfer myDownloadJob /download /priority normal "https://download.pdq.com/release/19/Deploy_19.3.350.0.exe" #{PDQ_Deploy_installer}
msiexec /i "#{PDQ_Deploy_installer}" /qn
```powershell
Write-Host Downloading PDQ Deploy installer
(New-Object Net.WebClient).DownloadFile("https://download.pdq.com/release/19/Deploy_19.3.350.0.exe","$ENV:Temp\#{PDQ_Deploy_installer}")
Write-Host Install PDQ Deploy
Start-Process $ENV:Temp\#{PDQ_Deploy_installer} -Wait -ArgumentList "/s"
```