security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]

Browse Source
This commit is contained in:
CircleCI Atomic Red Team doc generator
2021-09-15 16:50:17 +00:00
parent ad77c4245c
commit a0edb02b80
2 changed files with 8 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/Indexes/index.yaml
+5 -7
View File
@@ -55098,13 +55098,11 @@ discovery:
name: command_prompt
- name: Griffon Recon
auto_generated_guid: 69bd4abe-8759-49a6-8d21-0f15822d6370
description: "Griffon is a sophisticated tool believed to be in use by one of
more \"APT\" groups. This atomic is for detecting, specifically, the reconnaissance
part of the tool.\nThis script used here was reduced by security researcher
Kirk Sayre (github.com/kirk-sayre-work/1a9476e7708ed650508f9fb5adfbad9d),
\nand it gives the exact same recon behavior as the original (minus the C2
interaction). \nFor more information see also e.g. https://malpedia.caad.fkie.fraunhofer.de/details/js.griffon
and https://attack.mitre.org/software/S0417/"
description: "This script emulates the reconnaissance script seen in used by
Griffon and was modified by security researcher Kirk Sayre \nin order simply
print the recon results to the screen as opposed to exfiltrating them. [Script](https://gist.github.com/kirk-sayre-work/7cb5bf4e2c7c77fa5684ddc17053f1e5).
\ \nFor more information see also [https://malpedia.caad.fkie.fraunhofer.de/details/js.griffon](https://malpedia.caad.fkie.fraunhofer.de/details/js.griffon)
and [https://attack.mitre.org/software/S0417/](https://attack.mitre.org/software/S0417/)"
supported_platforms:
- windows
input_arguments:
atomics/T1082/T1082.md
+3 -4
View File
@@ -285,10 +285,9 @@ REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
<br/>
## Atomic Test #9 - Griffon Recon
Griffon is a sophisticated tool believed to be in use by one of more "APT" groups. This atomic is for detecting, specifically, the reconnaissance part of the tool.
This script used here was reduced by security researcher Kirk Sayre (github.com/kirk-sayre-work/1a9476e7708ed650508f9fb5adfbad9d),
and it gives the exact same recon behavior as the original (minus the C2 interaction).
For more information see also e.g. https://malpedia.caad.fkie.fraunhofer.de/details/js.griffon and https://attack.mitre.org/software/S0417/
This script emulates the reconnaissance script seen in used by Griffon and was modified by security researcher Kirk Sayre
in order simply print the recon results to the screen as opposed to exfiltrating them. [Script](https://gist.github.com/kirk-sayre-work/7cb5bf4e2c7c77fa5684ddc17053f1e5).
For more information see also [https://malpedia.caad.fkie.fraunhofer.de/details/js.griffon](https://malpedia.caad.fkie.fraunhofer.de/details/js.griffon) and [https://attack.mitre.org/software/S0417/](https://attack.mitre.org/software/S0417/)
**Supported Platforms:** Windows