Michael Haag
b51284297d
Adding the following: - New DragonsTail Chain reaction that does not execute Mimikatz. - Generic .HTA file with supporting markdown file highlighting details. - Generic `Atomic.doc` with supporting markdown file highlighting embedded macro. - Guide (markdown) explaining how to zip files to simulate email borne threats. - Simple guide on how to setup a "Listener" for C2 communication in Python and Powershell. - Generate-Macro.ps1 - Builder script that will generate 8 different macro embedded XLS files to simulate macro techniques actively being used.
10 lines
404 B
Markdown
10 lines
404 B
Markdown
# Zipped Malware
|
|
|
|
A common method actors use to deliver is through zip attachments in email.
|
|
|
|
## ZIP + VBS Example
|
|
|
|
Take the following [qbot chain reaction](https://github.com/redcanaryco/atomic-red-team/blob/master/ARTifacts/Chain_Reactions/qbot_infection_reaction.vbs) and compress (zip) the vbs file to be used for delivery.
|
|
|
|
Simulate other file types by zipping and deliver to the receiving device.
|