Generate docs from job=validate_atomics_generate_docs branch=master

2020-05-11 15:16:44 +00:00
parent bbec07bcd6
commit e5166f0e66
8 changed files with 51 additions and 0 deletions
@@ -13,6 +13,7 @@ persistence,T1197,BITS Jobs,3,"Persist, Download, & Execute"
 persistence,T1176,Browser Extensions,1,Chrome (Developer Mode)
 persistence,T1176,Browser Extensions,2,Chrome (Chrome Web Store)
 persistence,T1176,Browser Extensions,3,Firefox
+persistence,T1176,Browser Extensions,4,Edge Chromium Addon - VPN
 persistence,T1042,Change Default File Association,1,Change Default File Association
 persistence,T1122,Component Object Model Hijacking,1,COM Hijack Leveraging user scope COR_PROFILER
 persistence,T1122,Component Object Model Hijacking,2,COM Hijack Leveraging System Scope COR_PROFILER
@@ -4,6 +4,7 @@ persistence,T1156,.bash_profile and .bashrc,2,Add command to .bashrc
 persistence,T1176,Browser Extensions,1,Chrome (Developer Mode)
 persistence,T1176,Browser Extensions,2,Chrome (Chrome Web Store)
 persistence,T1176,Browser Extensions,3,Firefox
+persistence,T1176,Browser Extensions,4,Edge Chromium Addon - VPN
 persistence,T1136,Create Account,2,Create a user account on a MacOS system
 persistence,T1519,Emond,1,Persistance with Event Monitor - emond
 persistence,T1158,Hidden Files and Directories,1,Create a hidden file in a hidden directory
@@ -170,6 +170,7 @@ persistence,T1197,BITS Jobs,3,"Persist, Download, & Execute"
 persistence,T1176,Browser Extensions,1,Chrome (Developer Mode)
 persistence,T1176,Browser Extensions,2,Chrome (Chrome Web Store)
 persistence,T1176,Browser Extensions,3,Firefox
+persistence,T1176,Browser Extensions,4,Edge Chromium Addon - VPN
 persistence,T1042,Change Default File Association,1,Change Default File Association
 persistence,T1122,Component Object Model Hijacking,1,COM Hijack Leveraging user scope COR_PROFILER
 persistence,T1122,Component Object Model Hijacking,2,COM Hijack Leveraging System Scope COR_PROFILER
@@ -24,6 +24,7 @@
  - Atomic Test #1: Chrome (Developer Mode) [linux, windows, macos]
  - Atomic Test #2: Chrome (Chrome Web Store) [linux, windows, macos]
  - Atomic Test #3: Firefox [linux, windows, macos]
+  - Atomic Test #4: Edge Chromium Addon - VPN [windows, macos]
 - [T1042 Change Default File Association](../../T1042/T1042.md)
  - Atomic Test #1: Change Default File Association [windows]
 - T1109 Component Firmware [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
@@ -7,6 +7,7 @@
  - Atomic Test #1: Chrome (Developer Mode) [linux, windows, macos]
  - Atomic Test #2: Chrome (Chrome Web Store) [linux, windows, macos]
  - Atomic Test #3: Firefox [linux, windows, macos]
+  - Atomic Test #4: Edge Chromium Addon - VPN [windows, macos]
 - [T1136 Create Account](../../T1136/T1136.md)
  - Atomic Test #2: Create a user account on a MacOS system [macos]
 - T1157 Dylib Hijacking [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
@@ -267,6 +267,7 @@
  - Atomic Test #1: Chrome (Developer Mode) [linux, windows, macos]
  - Atomic Test #2: Chrome (Chrome Web Store) [linux, windows, macos]
  - Atomic Test #3: Firefox [linux, windows, macos]
+  - Atomic Test #4: Edge Chromium Addon - VPN [windows, macos]
 - [T1042 Change Default File Association](../../T1042/T1042.md)
  - Atomic Test #1: Change Default File Association [windows]
 - T1109 Component Firmware [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
@@ -1005,6 +1005,26 @@ persistence:
          2. Navigate to [manifest.json](./src/manifest.json)

          3. Then click 'Open'
+    - name: Edge Chromium Addon - VPN
+      description: 'Adversaries may use VPN extensions in an attempt to hide traffic
+        sent from a compromised host. This will install one (of many) available VPNS
+        in the Edge add-on store.
+
+'
+      supported_platforms:
+      - windows
+      - macos
+      executor:
+        name: manual
+        steps: |
+          1. Navigate to https://microsoftedge.microsoft.com/addons/detail/fjnehcbecaggobjholekjijaaekbnlgj
+          in Edge Chromium
+
+          2. Click 'Get'
+        cleanup: |-
+          1. Navigate to "..." menu in top right of browser and select.
+          2. In drop down, click on "Extensions".
+          3. Remove the Extension.
  T1042:
    technique:
      x_mitre_data_sources:
@@ -12,6 +12,8 @@ Malicious extensions can be installed into a browser through malicious app store

 - [Atomic Test #3 - Firefox](#atomic-test-3---firefox)

+- [Atomic Test #4 - Edge Chromium Addon - VPN](#atomic-test-4---edge-chromium-addon---vpn)
+

 <br/>

@@ -84,4 +86,27 @@ click "Load Temporary Add-on"



+<br/>
+<br/>
+
+## Atomic Test #4 - Edge Chromium Addon - VPN
+Adversaries may use VPN extensions in an attempt to hide traffic sent from a compromised host. This will install one (of many) available VPNS in the Edge add-on store.
+
+**Supported Platforms:** Windows, macOS
+
+
+
+
+#### Run it with these steps! 
+1. Navigate to https://microsoftedge.microsoft.com/addons/detail/fjnehcbecaggobjholekjijaaekbnlgj
+in Edge Chromium
+
+2. Click 'Get'
+
+
+
+
+
+
+
 <br/>