atomic-red-team/atomics/T1022/T1022.yaml

---
attack_technique: T1022
display_name: Data Encrypted

atomic_tests:
- name: Data Encrypted with zip and gpg
  description: |
    Encrypt data for exiltration
  supported_platforms:
    - macos
    - centos
    - ubuntu
    - linux

  executor:
    name: sh
    elevation_required: false
    command: |
      echo "This file will be encrypted" > /tmp/victim-gpg.txt
      mkdir /tmp/victim-files
      cd /tmp/victim-files
      touch a b c d e f g
      zip --password "insert password here" /tmp/victim-files.zip /tmp/victim-files/*
      gpg -c /tmp/victim-gpg.txt
      <enter passphrase and confirm>
      ls -l

- name: Compress Data and lock with password for Exfiltration with winrar
  description: |
    Note: Requires winrar installation
    rar a -p"blue" hello.rar (VARIANT)
  supported_platforms:
    - windows
  executor:
    name: command_prompt
    elevation_required: false
    command: |
      mkdir ./tmp/victim-files
      cd ./tmp/victim-files
      echo "This file will be encrypted" > ./encrypted_file.txt
      rar a -hp"blue" hello.rar
      dir

- name: Compress Data and lock with password for Exfiltration with winzip
  description: |
    Note: Requires winzip installation
    wzzip sample.zip -s"blueblue" *.txt (VARIANT)
  supported_platforms:
    - windows
  executor:
    name: command_prompt
    elevation_required: false
    command: |
      path=%path%;"C:\Program Files (x86)\winzip"
      mkdir ./tmp/victim-files
      cd ./tmp/victim-files
      echo "This file will be encrypted" > ./encrypted_file.txt
      winzip32 -min -a -s"hello" archive.zip *
      dir

- name: Compress Data and lock with password for Exfiltration with 7zip
  description: |
    Note: Requires 7zip installation
  supported_platforms:
    - windows
  executor:
    name: command_prompt
    elevation_required: false
    command: |
      mkdir ./tmp/victim-files
      cd ./tmp/victim-files
      echo "This file will be encrypted" > ./encrypted_file.txt
      7z a archive.7z -pblue
      dir