security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
19243f40d9aa80ce6c6e4fff6ca5decef47e47f8
atomic-red-team/ARTifacts/Initial_Access/Zipped_Malware.md
T
Michael Haag b51284297d Initial Access - Atomic Friday July 2019 (#530) 
Adding the following:
- New DragonsTail Chain reaction that does not execute Mimikatz.
- Generic .HTA file with supporting markdown file highlighting details.
- Generic `Atomic.doc` with supporting markdown file highlighting embedded macro.
- Guide (markdown) explaining how to zip files to simulate email borne threats.
- Simple guide on how to setup a "Listener" for C2 communication in Python and Powershell.
- Generate-Macro.ps1 - Builder script that will generate 8 different macro embedded XLS files to simulate macro techniques actively being used.
2019-08-28 11:38:26 -07:00

404 B
Raw Blame History

Zipped Malware

A common method actors use to deliver is through zip attachments in email.

ZIP + VBS Example

Take the following qbot chain reaction and compress (zip) the vbs file to be used for delivery.

Simulate other file types by zipping and deliver to the receiving device.

Reference in New Issue View Git Blame Copy Permalink