security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
511bb87af29fb302dbd9e85bd93c2c00a47953ba
atomic-red-team/ARTifacts/Initial_Access/Zipped_Malware.md
T
Michael Haag b51284297d Initial Access - Atomic Friday July 2019 (#530) 
Adding the following:
- New DragonsTail Chain reaction that does not execute Mimikatz.
- Generic .HTA file with supporting markdown file highlighting details.
- Generic `Atomic.doc` with supporting markdown file highlighting embedded macro.
- Guide (markdown) explaining how to zip files to simulate email borne threats.
- Simple guide on how to setup a "Listener" for C2 communication in Python and Powershell.
- Generate-Macro.ps1 - Builder script that will generate 8 different macro embedded XLS files to simulate macro techniques actively being used.
2019-08-28 11:38:26 -07:00

10 lines
404 B
Markdown
Raw Blame History

# Zipped Malware
A common method actors use to deliver is through zip attachments in email.
## ZIP + VBS Example
Take the following [qbot chain reaction](https://github.com/redcanaryco/atomic-red-team/blob/master/ARTifacts/Chain_Reactions/qbot_infection_reaction.vbs) and compress (zip) the vbs file to be used for delivery.
Simulate other file types by zipping and deliver to the receiving device.
Reference in New Issue View Git Blame Copy Permalink