security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ab85fe8efb6ff070a366249681ffb05b9e368c6a
atomic-red-team/ARTifacts/Initial_Access/Zipped_Malware.md
T
Michael Haag b51284297d Initial Access - Atomic Friday July 2019 (#530) 
Adding the following:
- New DragonsTail Chain reaction that does not execute Mimikatz.
- Generic .HTA file with supporting markdown file highlighting details.
- Generic `Atomic.doc` with supporting markdown file highlighting embedded macro.
- Guide (markdown) explaining how to zip files to simulate email borne threats.
- Simple guide on how to setup a "Listener" for C2 communication in Python and Powershell.
- Generate-Macro.ps1 - Builder script that will generate 8 different macro embedded XLS files to simulate macro techniques actively being used.
2019-08-28 11:38:26 -07:00

404 B
Raw Blame History

Zipped Malware

A common method actors use to deliver is through zip attachments in email.

ZIP + VBS Example

Take the following qbot chain reaction and compress (zip) the vbs file to be used for delivery.

Simulate other file types by zipping and deliver to the receiving device.

Reference in New Issue View Git Blame Copy Permalink