From cee7f2ab5eb9d2a63d01a800523e0d759bd8b6bb Mon Sep 17 00:00:00 2001 From: traceflow Date: Tue, 6 Jun 2023 18:51:22 +0000 Subject: [PATCH] adding new test in T1176 - Load unpacked extension with command line --- atomics/T1176/T1176.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/atomics/T1176/T1176.yaml b/atomics/T1176/T1176.yaml index b70a0883..2feac9ba 100644 --- a/atomics/T1176/T1176.yaml +++ b/atomics/T1176/T1176.yaml @@ -65,7 +65,6 @@ atomic_tests: name: manual - name: Google Chrome Load Unpacked Extension With Command Line - auto_generated_guid: description: |- This test loads an unpacked extension in Google Chrome with the `--load-extension` parameter. This technique was previously used by the Grandoreiro malware to load a malicious extension that would capture the browsing history, steal cookies and other user information. Other malwares also leverage this technique to hijack searches, steal passwords, inject ads, and more.