security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generated docs from job=generate-docs branch=master [ci skip]

Browse Source
This commit is contained in:
Atomic Red Team doc generator
2026-02-13 02:35:27 +00:00
parent 7c79132a29
commit de509cf6b3
18 changed files with 29 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+1 -1
View File
@@ -2,7 +2,7 @@
# Atomic Red Team
![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1769-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1768-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
Atomic Red Team™ is a library of tests mapped to the
atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-linux.json
+1 -1
View File
File diff suppressed because one or more lines are too long
atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-macos.json
+1 -1
View File
File diff suppressed because one or more lines are too long
atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json
+1 -1
View File
File diff suppressed because one or more lines are too long
atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json
+1 -1
View File
File diff suppressed because one or more lines are too long
atomics/Indexes/Indexes-CSV/index.csv
+3 -4
View File
@@ -1170,10 +1170,9 @@ persistence,T1556.002,Modify Authentication Process: Password Filter DLL,2,Insta
persistence,T1505.005,Server Software Component: Terminal Services DLL,1,Simulate Patching termsrv.dll,0b2eadeb-4a64-4449-9d43-3d999f4a317b,powershell
persistence,T1505.005,Server Software Component: Terminal Services DLL,2,Modify Terminal Services DLL Path,18136e38-0530-49b2-b309-eed173787471,powershell
persistence,T1176,Browser Extensions,1,Chrome/Chromium (Developer Mode),3ecd790d-2617-4abf-9a8c-4e8d47da9ee1,manual
persistence,T1176,Browser Extensions,2,Chrome/Chromium (Chrome Web Store),4c83940d-8ca5-4bb2-8100-f46dc914bc3f,manual
persistence,T1176,Browser Extensions,3,Firefox,cb790029-17e6-4c43-b96f-002ce5f10938,manual
persistence,T1176,Browser Extensions,4,Edge Chromium Addon - VPN,3d456e2b-a7db-4af8-b5b3-720e7c4d9da5,manual
persistence,T1176,Browser Extensions,5,Google Chrome Load Unpacked Extension With Command Line,7a714703-9f6b-461c-b06d-e6aeac650f27,powershell
persistence,T1176,Browser Extensions,2,Firefox,cb790029-17e6-4c43-b96f-002ce5f10938,manual
persistence,T1176,Browser Extensions,3,Edge Chromium Addon - VPN,3d456e2b-a7db-4af8-b5b3-720e7c4d9da5,manual
persistence,T1176,Browser Extensions,4,Google Chrome Load Unpacked Extension With Command Line,7a714703-9f6b-461c-b06d-e6aeac650f27,powershell
persistence,T1546.011,Event Triggered Execution: Application Shimming,1,Application Shim Installation,9ab27e22-ee62-4211-962b-d36d9a0e6a18,command_prompt
persistence,T1546.011,Event Triggered Execution: Application Shimming,2,New shim database files created in the default shim database directory,aefd6866-d753-431f-a7a4-215ca7e3f13d,powershell
persistence,T1546.011,Event Triggered Execution: Application Shimming,3,Registry key creation and/or modification events for SDB,9b6a06f9-ab5e-4e8d-8289-1df4289db02f,powershell
1 Tactic Technique # Technique Name Test # Test Name Test GUID Executor Name
1170 persistence T1505.005 Server Software Component: Terminal Services DLL 1 Simulate Patching termsrv.dll 0b2eadeb-4a64-4449-9d43-3d999f4a317b powershell
1171 persistence T1505.005 Server Software Component: Terminal Services DLL 2 Modify Terminal Services DLL Path 18136e38-0530-49b2-b309-eed173787471 powershell
1172 persistence T1176 Browser Extensions 1 Chrome/Chromium (Developer Mode) 3ecd790d-2617-4abf-9a8c-4e8d47da9ee1 manual
1173 persistence T1176 Browser Extensions 2 Chrome/Chromium (Chrome Web Store) Firefox 4c83940d-8ca5-4bb2-8100-f46dc914bc3f cb790029-17e6-4c43-b96f-002ce5f10938 manual
1174 persistence T1176 Browser Extensions 3 Firefox Edge Chromium Addon - VPN cb790029-17e6-4c43-b96f-002ce5f10938 3d456e2b-a7db-4af8-b5b3-720e7c4d9da5 manual
1175 persistence T1176 Browser Extensions 4 Edge Chromium Addon - VPN Google Chrome Load Unpacked Extension With Command Line 3d456e2b-a7db-4af8-b5b3-720e7c4d9da5 7a714703-9f6b-461c-b06d-e6aeac650f27 manual powershell
persistence T1176 Browser Extensions 5 Google Chrome Load Unpacked Extension With Command Line 7a714703-9f6b-461c-b06d-e6aeac650f27 powershell
1176 persistence T1546.011 Event Triggered Execution: Application Shimming 1 Application Shim Installation 9ab27e22-ee62-4211-962b-d36d9a0e6a18 command_prompt
1177 persistence T1546.011 Event Triggered Execution: Application Shimming 2 New shim database files created in the default shim database directory aefd6866-d753-431f-a7a4-215ca7e3f13d powershell
1178 persistence T1546.011 Event Triggered Execution: Application Shimming 3 Registry key creation and/or modification events for SDB 9b6a06f9-ab5e-4e8d-8289-1df4289db02f powershell
atomics/Indexes/Indexes-CSV/linux-index.csv
+1 -2
View File
@@ -155,8 +155,7 @@ persistence,T1053.003,Scheduled Task/Job: Cron,2,Cron - Add script to all cron s
persistence,T1053.003,Scheduled Task/Job: Cron,3,Cron - Add script to /etc/cron.d folder,078e69eb-d9fb-450e-b9d0-2e118217c846,sh
persistence,T1053.003,Scheduled Task/Job: Cron,4,Cron - Add script to /var/spool/cron/crontabs/ folder,2d943c18-e74a-44bf-936f-25ade6cccab4,bash
persistence,T1176,Browser Extensions,1,Chrome/Chromium (Developer Mode),3ecd790d-2617-4abf-9a8c-4e8d47da9ee1,manual
persistence,T1176,Browser Extensions,2,Chrome/Chromium (Chrome Web Store),4c83940d-8ca5-4bb2-8100-f46dc914bc3f,manual
persistence,T1176,Browser Extensions,3,Firefox,cb790029-17e6-4c43-b96f-002ce5f10938,manual
persistence,T1176,Browser Extensions,2,Firefox,cb790029-17e6-4c43-b96f-002ce5f10938,manual
persistence,T1546.005,Event Triggered Execution: Trap,1,Trap EXIT,a74b2e07-5952-4c03-8b56-56274b076b61,sh
persistence,T1546.005,Event Triggered Execution: Trap,2,Trap EXIT (freebsd),be1a5d70-6865-44aa-ab50-42244c9fd16f,sh
persistence,T1546.005,Event Triggered Execution: Trap,3,Trap SIGINT,a547d1ba-1d7a-4cc5-a9cb-8d65e8809636,sh
1 Tactic Technique # Technique Name Test # Test Name Test GUID Executor Name
155 persistence T1053.003 Scheduled Task/Job: Cron 3 Cron - Add script to /etc/cron.d folder 078e69eb-d9fb-450e-b9d0-2e118217c846 sh
156 persistence T1053.003 Scheduled Task/Job: Cron 4 Cron - Add script to /var/spool/cron/crontabs/ folder 2d943c18-e74a-44bf-936f-25ade6cccab4 bash
157 persistence T1176 Browser Extensions 1 Chrome/Chromium (Developer Mode) 3ecd790d-2617-4abf-9a8c-4e8d47da9ee1 manual
158 persistence T1176 Browser Extensions 2 Chrome/Chromium (Chrome Web Store) Firefox 4c83940d-8ca5-4bb2-8100-f46dc914bc3f cb790029-17e6-4c43-b96f-002ce5f10938 manual
persistence T1176 Browser Extensions 3 Firefox cb790029-17e6-4c43-b96f-002ce5f10938 manual
159 persistence T1546.005 Event Triggered Execution: Trap 1 Trap EXIT a74b2e07-5952-4c03-8b56-56274b076b61 sh
160 persistence T1546.005 Event Triggered Execution: Trap 2 Trap EXIT (freebsd) be1a5d70-6865-44aa-ab50-42244c9fd16f sh
161 persistence T1546.005 Event Triggered Execution: Trap 3 Trap SIGINT a547d1ba-1d7a-4cc5-a9cb-8d65e8809636 sh
atomics/Indexes/Indexes-CSV/macos-index.csv
+2 -3
View File
@@ -94,9 +94,8 @@ defense-evasion,T1078.003,Valid Accounts: Local Accounts,5,Add a new/existing us
persistence,T1053.003,Scheduled Task/Job: Cron,1,Cron - Replace crontab with referenced file,435057fb-74b1-410e-9403-d81baf194f75,sh
persistence,T1053.003,Scheduled Task/Job: Cron,2,Cron - Add script to all cron subfolders,b7d42afa-9086-4c8a-b7b0-8ea3faa6ebb0,bash
persistence,T1176,Browser Extensions,1,Chrome/Chromium (Developer Mode),3ecd790d-2617-4abf-9a8c-4e8d47da9ee1,manual
persistence,T1176,Browser Extensions,2,Chrome/Chromium (Chrome Web Store),4c83940d-8ca5-4bb2-8100-f46dc914bc3f,manual
persistence,T1176,Browser Extensions,3,Firefox,cb790029-17e6-4c43-b96f-002ce5f10938,manual
persistence,T1176,Browser Extensions,4,Edge Chromium Addon - VPN,3d456e2b-a7db-4af8-b5b3-720e7c4d9da5,manual
persistence,T1176,Browser Extensions,2,Firefox,cb790029-17e6-4c43-b96f-002ce5f10938,manual
persistence,T1176,Browser Extensions,3,Edge Chromium Addon - VPN,3d456e2b-a7db-4af8-b5b3-720e7c4d9da5,manual
persistence,T1037.002,Boot or Logon Initialization Scripts: Logon Script (Mac),1,Logon Scripts - Mac,f047c7de-a2d9-406e-a62b-12a09d9516f4,manual
persistence,T1543.004,Create or Modify System Process: Launch Daemon,1,Launch Daemon,03ab8df5-3a6b-4417-b6bd-bb7a5cfd74cf,bash
persistence,T1078.001,Valid Accounts: Default Accounts,3,Enable Guest Account on macOS,0315bdff-4178-47e9-81e4-f31a6d23f7e4,sh
1 Tactic Technique # Technique Name Test # Test Name Test GUID Executor Name
94 persistence T1053.003 Scheduled Task/Job: Cron 1 Cron - Replace crontab with referenced file 435057fb-74b1-410e-9403-d81baf194f75 sh
95 persistence T1053.003 Scheduled Task/Job: Cron 2 Cron - Add script to all cron subfolders b7d42afa-9086-4c8a-b7b0-8ea3faa6ebb0 bash
96 persistence T1176 Browser Extensions 1 Chrome/Chromium (Developer Mode) 3ecd790d-2617-4abf-9a8c-4e8d47da9ee1 manual
97 persistence T1176 Browser Extensions 2 Chrome/Chromium (Chrome Web Store) Firefox 4c83940d-8ca5-4bb2-8100-f46dc914bc3f cb790029-17e6-4c43-b96f-002ce5f10938 manual
98 persistence T1176 Browser Extensions 3 Firefox Edge Chromium Addon - VPN cb790029-17e6-4c43-b96f-002ce5f10938 3d456e2b-a7db-4af8-b5b3-720e7c4d9da5 manual
persistence T1176 Browser Extensions 4 Edge Chromium Addon - VPN 3d456e2b-a7db-4af8-b5b3-720e7c4d9da5 manual
99 persistence T1037.002 Boot or Logon Initialization Scripts: Logon Script (Mac) 1 Logon Scripts - Mac f047c7de-a2d9-406e-a62b-12a09d9516f4 manual
100 persistence T1543.004 Create or Modify System Process: Launch Daemon 1 Launch Daemon 03ab8df5-3a6b-4417-b6bd-bb7a5cfd74cf bash
101 persistence T1078.001 Valid Accounts: Default Accounts 3 Enable Guest Account on macOS 0315bdff-4178-47e9-81e4-f31a6d23f7e4 sh
atomics/Indexes/Indexes-CSV/windows-index.csv
+3 -4
View File
@@ -810,10 +810,9 @@ persistence,T1556.002,Modify Authentication Process: Password Filter DLL,2,Insta
persistence,T1505.005,Server Software Component: Terminal Services DLL,1,Simulate Patching termsrv.dll,0b2eadeb-4a64-4449-9d43-3d999f4a317b,powershell
persistence,T1505.005,Server Software Component: Terminal Services DLL,2,Modify Terminal Services DLL Path,18136e38-0530-49b2-b309-eed173787471,powershell
persistence,T1176,Browser Extensions,1,Chrome/Chromium (Developer Mode),3ecd790d-2617-4abf-9a8c-4e8d47da9ee1,manual
persistence,T1176,Browser Extensions,2,Chrome/Chromium (Chrome Web Store),4c83940d-8ca5-4bb2-8100-f46dc914bc3f,manual
persistence,T1176,Browser Extensions,3,Firefox,cb790029-17e6-4c43-b96f-002ce5f10938,manual
persistence,T1176,Browser Extensions,4,Edge Chromium Addon - VPN,3d456e2b-a7db-4af8-b5b3-720e7c4d9da5,manual
persistence,T1176,Browser Extensions,5,Google Chrome Load Unpacked Extension With Command Line,7a714703-9f6b-461c-b06d-e6aeac650f27,powershell
persistence,T1176,Browser Extensions,2,Firefox,cb790029-17e6-4c43-b96f-002ce5f10938,manual
persistence,T1176,Browser Extensions,3,Edge Chromium Addon - VPN,3d456e2b-a7db-4af8-b5b3-720e7c4d9da5,manual
persistence,T1176,Browser Extensions,4,Google Chrome Load Unpacked Extension With Command Line,7a714703-9f6b-461c-b06d-e6aeac650f27,powershell
persistence,T1546.011,Event Triggered Execution: Application Shimming,1,Application Shim Installation,9ab27e22-ee62-4211-962b-d36d9a0e6a18,command_prompt
persistence,T1546.011,Event Triggered Execution: Application Shimming,2,New shim database files created in the default shim database directory,aefd6866-d753-431f-a7a4-215ca7e3f13d,powershell
persistence,T1546.011,Event Triggered Execution: Application Shimming,3,Registry key creation and/or modification events for SDB,9b6a06f9-ab5e-4e8d-8289-1df4289db02f,powershell
1 Tactic Technique # Technique Name Test # Test Name Test GUID Executor Name
810 persistence T1505.005 Server Software Component: Terminal Services DLL 1 Simulate Patching termsrv.dll 0b2eadeb-4a64-4449-9d43-3d999f4a317b powershell
811 persistence T1505.005 Server Software Component: Terminal Services DLL 2 Modify Terminal Services DLL Path 18136e38-0530-49b2-b309-eed173787471 powershell
812 persistence T1176 Browser Extensions 1 Chrome/Chromium (Developer Mode) 3ecd790d-2617-4abf-9a8c-4e8d47da9ee1 manual
813 persistence T1176 Browser Extensions 2 Chrome/Chromium (Chrome Web Store) Firefox 4c83940d-8ca5-4bb2-8100-f46dc914bc3f cb790029-17e6-4c43-b96f-002ce5f10938 manual
814 persistence T1176 Browser Extensions 3 Firefox Edge Chromium Addon - VPN cb790029-17e6-4c43-b96f-002ce5f10938 3d456e2b-a7db-4af8-b5b3-720e7c4d9da5 manual
815 persistence T1176 Browser Extensions 4 Edge Chromium Addon - VPN Google Chrome Load Unpacked Extension With Command Line 3d456e2b-a7db-4af8-b5b3-720e7c4d9da5 7a714703-9f6b-461c-b06d-e6aeac650f27 manual powershell
persistence T1176 Browser Extensions 5 Google Chrome Load Unpacked Extension With Command Line 7a714703-9f6b-461c-b06d-e6aeac650f27 powershell
816 persistence T1546.011 Event Triggered Execution: Application Shimming 1 Application Shim Installation 9ab27e22-ee62-4211-962b-d36d9a0e6a18 command_prompt
817 persistence T1546.011 Event Triggered Execution: Application Shimming 2 New shim database files created in the default shim database directory aefd6866-d753-431f-a7a4-215ca7e3f13d powershell
818 persistence T1546.011 Event Triggered Execution: Application Shimming 3 Registry key creation and/or modification events for SDB 9b6a06f9-ab5e-4e8d-8289-1df4289db02f powershell
atomics/Indexes/Indexes-Markdown/index.md
+3 -4
View File
@@ -1578,10 +1578,9 @@
- Atomic Test #2: Modify Terminal Services DLL Path [windows]
- [T1176 Browser Extensions](../../T1176/T1176.md)
- Atomic Test #1: Chrome/Chromium (Developer Mode) [linux, windows, macos]
- Atomic Test #2: Chrome/Chromium (Chrome Web Store) [linux, windows, macos]
- Atomic Test #3: Firefox [linux, windows, macos]
- Atomic Test #4: Edge Chromium Addon - VPN [windows, macos]
- Atomic Test #5: Google Chrome Load Unpacked Extension With Command Line [windows]
- Atomic Test #2: Firefox [linux, windows, macos]
- Atomic Test #3: Edge Chromium Addon - VPN [windows, macos]
- Atomic Test #4: Google Chrome Load Unpacked Extension With Command Line [windows]
- T1137.005 Outlook Rules [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1098.007 Additional Local or Domain Groups [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1546.011 Event Triggered Execution: Application Shimming](../../T1546.011/T1546.011.md)
atomics/Indexes/Indexes-Markdown/linux-index.md
+1 -2
View File
@@ -413,8 +413,7 @@
- T1505.005 Server Software Component: Terminal Services DLL [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1176 Browser Extensions](../../T1176/T1176.md)
- Atomic Test #1: Chrome/Chromium (Developer Mode) [linux, windows, macos]
- Atomic Test #2: Chrome/Chromium (Chrome Web Store) [linux, windows, macos]
- Atomic Test #3: Firefox [linux, windows, macos]
- Atomic Test #2: Firefox [linux, windows, macos]
- T1137.005 Outlook Rules [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1098.007 Additional Local or Domain Groups [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1546.011 Event Triggered Execution: Application Shimming [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
atomics/Indexes/Indexes-Markdown/macos-index.md
+2 -3
View File
@@ -363,9 +363,8 @@
- T1505.005 Server Software Component: Terminal Services DLL [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1176 Browser Extensions](../../T1176/T1176.md)
- Atomic Test #1: Chrome/Chromium (Developer Mode) [linux, windows, macos]
- Atomic Test #2: Chrome/Chromium (Chrome Web Store) [linux, windows, macos]
- Atomic Test #3: Firefox [linux, windows, macos]
- Atomic Test #4: Edge Chromium Addon - VPN [windows, macos]
- Atomic Test #2: Firefox [linux, windows, macos]
- Atomic Test #3: Edge Chromium Addon - VPN [windows, macos]
- T1137.005 Outlook Rules [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1098.007 Additional Local or Domain Groups [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1546.011 Event Triggered Execution: Application Shimming [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
atomics/Indexes/Indexes-Markdown/windows-index.md
+3 -4
View File
@@ -1108,10 +1108,9 @@
- Atomic Test #2: Modify Terminal Services DLL Path [windows]
- [T1176 Browser Extensions](../../T1176/T1176.md)
- Atomic Test #1: Chrome/Chromium (Developer Mode) [linux, windows, macos]
- Atomic Test #2: Chrome/Chromium (Chrome Web Store) [linux, windows, macos]
- Atomic Test #3: Firefox [linux, windows, macos]
- Atomic Test #4: Edge Chromium Addon - VPN [windows, macos]
- Atomic Test #5: Google Chrome Load Unpacked Extension With Command Line [windows]
- Atomic Test #2: Firefox [linux, windows, macos]
- Atomic Test #3: Edge Chromium Addon - VPN [windows, macos]
- Atomic Test #4: Google Chrome Load Unpacked Extension With Command Line [windows]
- T1137.005 Outlook Rules [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- T1098.007 Additional Local or Domain Groups [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1546.011 Event Triggered Execution: Application Shimming](../../T1546.011/T1546.011.md)
atomics/Indexes/index.yaml
-14
View File
@@ -61042,20 +61042,6 @@ persistence:
3. Click 'Select'
name: manual
- name: Chrome/Chromium (Chrome Web Store)
auto_generated_guid: 4c83940d-8ca5-4bb2-8100-f46dc914bc3f
description: Install the "Minimum Viable Malicious Extension" Chrome extension
supported_platforms:
- linux
- windows
- macos
executor:
steps: |
1. Navigate to https://chrome.google.com/webstore/detail/minimum-viable-malicious/odlpfdolehmhciiebahbpnaopneicend
in Chrome
2. Click 'Add to Chrome'
name: manual
- name: Firefox
auto_generated_guid: cb790029-17e6-4c43-b96f-002ce5f10938
description: 'Create a file called test.wma, with the duration of 30 seconds
atomics/Indexes/linux-index.yaml
-14
View File
@@ -33566,20 +33566,6 @@ persistence:
3. Click 'Select'
name: manual
- name: Chrome/Chromium (Chrome Web Store)
auto_generated_guid: 4c83940d-8ca5-4bb2-8100-f46dc914bc3f
description: Install the "Minimum Viable Malicious Extension" Chrome extension
supported_platforms:
- linux
- windows
- macos
executor:
steps: |
1. Navigate to https://chrome.google.com/webstore/detail/minimum-viable-malicious/odlpfdolehmhciiebahbpnaopneicend
in Chrome
2. Click 'Add to Chrome'
name: manual
- name: Firefox
auto_generated_guid: cb790029-17e6-4c43-b96f-002ce5f10938
description: 'Create a file called test.wma, with the duration of 30 seconds
atomics/Indexes/macos-index.yaml
-14
View File
@@ -30778,20 +30778,6 @@ persistence:
3. Click 'Select'
name: manual
- name: Chrome/Chromium (Chrome Web Store)
auto_generated_guid: 4c83940d-8ca5-4bb2-8100-f46dc914bc3f
description: Install the "Minimum Viable Malicious Extension" Chrome extension
supported_platforms:
- linux
- windows
- macos
executor:
steps: |
1. Navigate to https://chrome.google.com/webstore/detail/minimum-viable-malicious/odlpfdolehmhciiebahbpnaopneicend
in Chrome
2. Click 'Add to Chrome'
name: manual
- name: Firefox
auto_generated_guid: cb790029-17e6-4c43-b96f-002ce5f10938
description: 'Create a file called test.wma, with the duration of 30 seconds
atomics/Indexes/windows-index.yaml
-14
View File
@@ -50010,20 +50010,6 @@ persistence:
3. Click 'Select'
name: manual
- name: Chrome/Chromium (Chrome Web Store)
auto_generated_guid: 4c83940d-8ca5-4bb2-8100-f46dc914bc3f
description: Install the "Minimum Viable Malicious Extension" Chrome extension
supported_platforms:
- linux
- windows
- macos
executor:
steps: |
1. Navigate to https://chrome.google.com/webstore/detail/minimum-viable-malicious/odlpfdolehmhciiebahbpnaopneicend
in Chrome
2. Click 'Add to Chrome'
name: manual
- name: Firefox
auto_generated_guid: cb790029-17e6-4c43-b96f-002ce5f10938
description: 'Create a file called test.wma, with the duration of 30 seconds
atomics/T1176/T1176.md
+6 -35
View File
@@ -15,13 +15,11 @@ The modular nature of extensions and their integration with host applications ma
- [Atomic Test #1 - Chrome/Chromium (Developer Mode)](#atomic-test-1---chromechromium-developer-mode)
- [Atomic Test #2 - Chrome/Chromium (Chrome Web Store)](#atomic-test-2---chromechromium-chrome-web-store)
- [Atomic Test #2 - Firefox](#atomic-test-2---firefox)
- [Atomic Test #3 - Firefox](#atomic-test-3---firefox)
- [Atomic Test #3 - Edge Chromium Addon - VPN](#atomic-test-3---edge-chromium-addon---vpn)
- [Atomic Test #4 - Edge Chromium Addon - VPN](#atomic-test-4---edge-chromium-addon---vpn)
- [Atomic Test #5 - Google Chrome Load Unpacked Extension With Command Line](#atomic-test-5---google-chrome-load-unpacked-extension-with-command-line)
- [Atomic Test #4 - Google Chrome Load Unpacked Extension With Command Line](#atomic-test-4---google-chrome-load-unpacked-extension-with-command-line)
<br/>
@@ -56,34 +54,7 @@ tick 'Developer Mode'.
<br/>
<br/>
## Atomic Test #2 - Chrome/Chromium (Chrome Web Store)
Install the "Minimum Viable Malicious Extension" Chrome extension
**Supported Platforms:** Linux, Windows, macOS
**auto_generated_guid:** 4c83940d-8ca5-4bb2-8100-f46dc914bc3f
#### Run it with these steps!
1. Navigate to https://chrome.google.com/webstore/detail/minimum-viable-malicious/odlpfdolehmhciiebahbpnaopneicend
in Chrome
2. Click 'Add to Chrome'
<br/>
<br/>
## Atomic Test #3 - Firefox
## Atomic Test #2 - Firefox
Create a file called test.wma, with the duration of 30 seconds
**Supported Platforms:** Linux, Windows, macOS
@@ -112,7 +83,7 @@ click "Load Temporary Add-on"
<br/>
<br/>
## Atomic Test #4 - Edge Chromium Addon - VPN
## Atomic Test #3 - Edge Chromium Addon - VPN
Adversaries may use VPN extensions in an attempt to hide traffic sent from a compromised host. This will install one (of many) available VPNS in the Edge add-on store.
**Supported Platforms:** Windows, macOS
@@ -139,7 +110,7 @@ in Edge Chromium
<br/>
<br/>
## Atomic Test #5 - Google Chrome Load Unpacked Extension With Command Line
## Atomic Test #4 - Google Chrome Load Unpacked Extension With Command Line
This test loads an unpacked extension in Google Chrome with the `--load-extension` parameter. This technique was previously used by the Grandoreiro malware to load a malicious extension that would capture the browsing history, steal cookies and other user information. Other malwares also leverage this technique to hijack searches, steal passwords, inject ads, and more.
References: