security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

T1105_update (#2191)

Browse Source 
* T1105_update

* Update the syntax issue

* typo fix

Co-authored-by: Toua Lor <tlor@nti.local>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
This commit is contained in:
tlor89
2022-10-18 20:22:14 -05:00
committed by GitHub
parent 825c959f98
commit e3cb7dbc2b
1 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1105/T1105.yaml
+27
View File
@@ -542,6 +542,15 @@ atomic_tests:
description: Path to the Batch script
type: Path
default: PathToAtomicsFolder\T1105\src\T1105.bat
dependency_executor_name: powershell
dependencies:
- description: |
#{Path_to_file} must exist on system.
prereq_command: |
if (Test-Path #{Path_to_file}) {exit 0} else {exit 1}
get_prereq_command: |
New-Item -Type Directory (split-path #{Path_to_file}) -ErrorAction ignore | Out-Null
Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1105/src/T1105.bat" -OutFile "#{Path_to_file}"
executor:
command: |
#{Path_to_file} 1>NUL
@@ -646,6 +655,15 @@ atomic_tests:
description: Path to replace.exe
type: Path
default: C:\Windows\System32\replace.exe
dependency_executor_name: powershell
dependencies:
- description: |
#{replace_cab} must exist on system.
prereq_command: |
if (Test-Path #{replace_cab}) {exit 0} else {exit 1}
get_prereq_command: |
New-Item -Type Directory (split-path #{replace_cab}) -ErrorAction ignore | Out-Null
Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1105/src/redcanary.cab" -OutFile "#{replace_cab}"
executor:
command: |
del %TEMP%\redcanary.cab >nul 2>&1
@@ -707,6 +725,15 @@ atomic_tests:
description: Full path to the VisualBasic downloading the file
type: String
default: PathToAtomicsFolder\T1105\src\T1105-download-file.vbs
dependency_executor_name: powershell
dependencies:
- description: |
#{vbscript_file} must be exist on system.
prereq_command: |
if (Test-Path #{vbscript_file}) {exit 0} else {exit 1}
get_prereq_command: |
New-Item -Type Directory (split-path #{vbscript_file}) -ErrorAction ignore | Out-Null
Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1105/src/T1105-download-file.vbs" -OutFile "#{vbscript_file}"
executor:
command: 'wscript.exe #{vbscript_file}'
cleanup_command: del Atomic-License.txt >nul 2>&1