Create T1497.003.yaml (#2941)

* Create T1497.003.yaml * Update T1497.003.yaml indentation --------- Co-authored-by: Hare Sudhan <code@0x6c.dev>
2024-09-24 10:42:42 +01:00
parent ed8d37edbb
commit 7bd172f6b6
1 changed files with 23 additions and 0 deletions
@@ -0,0 +1,23 @@
+attack_technique: T1497.003
+display_name: 'Time Based Evasion'
+atomic_tests:
+- name: Delay execution with ping
+  description: |
+    Uses the ping command to introduce a delay before executing a malicious payload.
+  supported_platforms:
+  - linux
+  - macos
+  input_arguments:
+    evil_command:
+      description: Command to run after the delay
+      type: string
+      default: whoami
+    ping_count:
+      description: Number of ping requests to send (higher counts increase the delay)
+      type: integer
+      default: 250
+  executor:
+    command: |
+        ping -c #{ping_count} 8.8.8.8 > /dev/null
+        #{evil_command}
+    name: sh