Release ER Production RTAs to DR (#2270)

(cherry picked from commit 0358ec9d9a)
2022-09-08 12:50:39 -04:00
parent 6c9881027b
commit 1dfc8ca817
308 changed files with 9859 additions and 367 deletions
@@ -0,0 +1,34 @@
+# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+# or more contributor license agreements. Licensed under the Elastic License
+# 2.0; you may not use this file except in compliance with the Elastic License
+# 2.0.
+
+from . import common
+from . import RtaMetadata
+from time import sleep
+
+
+metadata = RtaMetadata(
+    uuid="9332cece-38b7-49e1-9f8d-e879913ffdfb",
+    platforms=["macos"],
+    endpoint=[
+        {"rule_name": "Download and Execution of JavaScript Payload", "rule_id": "871f0c30-a7c5-40a5-80e3-a50c6714632f"}
+    ],
+    siem=[],
+    techniques=["T1059"],
+)
+
+
+@common.requires_os(metadata.platforms)
+def main():
+    # Setup web server
+    common.serve_web()
+
+    common.log("Executing commands to download and execute JavaScript payload")
+    common.execute(["curl", "http://127.0.0.1:8000/payload.js"], shell=True)
+    sleep(1)
+    common.execute(["osascript", "-l", "JavaScript", "&"], shell=True)
+
+
+if __name__ == "__main__":
+    exit(main())