Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Carrie Roberts
|
47babe02e4 |
@@ -871,4 +871,16 @@ atomic_tests:
|
|||||||
cleanup_command: |
|
cleanup_command: |
|
||||||
$typicalPath = "HKLM:\SOFTWARE\Classes\.wav\OpenWithProgIds"; Remove-ItemProperty -Path $typicalPath -Name "AtomicSnake" -ErrorAction SilentlyContinue | Out-Null
|
$typicalPath = "HKLM:\SOFTWARE\Classes\.wav\OpenWithProgIds"; Remove-ItemProperty -Path $typicalPath -Name "AtomicSnake" -ErrorAction SilentlyContinue | Out-Null
|
||||||
name: powershell
|
name: powershell
|
||||||
elevation_required: true
|
elevation_required: true
|
||||||
|
- name: Malware we read about about on a blog
|
||||||
|
description: |
|
||||||
|
a desc of the attack commands
|
||||||
|
supported_platforms:
|
||||||
|
- windows
|
||||||
|
executor:
|
||||||
|
command: |
|
||||||
|
$typicalPath = "HKLM:\SOFTWARE\Classes\.wav\OpenWithProgIds"; $randomBytes = New-Object Byte[] 0x1000; (New-Object Random).NextBytes($randomBytes); New-ItemProperty -Path $typicalPath -Name "AtomicSnake" -Value $randomBytes -PropertyType Binary -Force | Out-Null
|
||||||
|
cleanup_command: |
|
||||||
|
$typicalPath = "HKLM:\SOFTWARE\Classes\.wav\OpenWithProgIds"; Remove-ItemProperty -Path $typicalPath -Name "AtomicSnake" -ErrorAction SilentlyContinue | Out-Null
|
||||||
|
name: powershell
|
||||||
|
elevation_required: true
|
||||||
|
|||||||
Reference in New Issue
Block a user