Skip to content

Commit 47c80ca

Browse files
author
Atomic Red Team doc generator
committed
Generated docs from job=generate-docs branch=master [ci skip]
1 parent bf100b8 commit 47c80ca

File tree

2 files changed

+6
-6
lines changed

2 files changed

+6
-6
lines changed

atomics/Indexes/index.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -61879,17 +61879,17 @@ persistence:
6187961879
\nit is possible to use Outlook Macro as a way to achieve persistance and
6188061880
execute arbitrary commands. This transform Outlook into a C2.\nToo achieve
6188161881
this two things must happened on the syste\n- The macro security registry
61882-
value must be set to '4'\n- A file called VbaProject.OTM must be created in
61882+
value must be set to '1'\n- A file called VbaProject.OTM must be created in
6188361883
the Outlook Folder.\n"
6188461884
supported_platforms:
6188561885
- windows
6188661886
executor:
6188761887
command: |
61888-
reg add "HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security\Level" /t REG_DWORD /d 1 /f
61888+
reg add "HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security" /v Level /t REG_DWORD /d 1 /f
6188961889
mkdir %APPDATA%\Microsoft\Outlook\ >nul 2>&1
6189061890
echo "Atomic Red Team TEST" > %APPDATA%\Microsoft\Outlook\VbaProject.OTM
6189161891
cleanup_command: |
61892-
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security\Level" /f >nul 2>&1
61892+
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security" /v Level /f >nul 2>&1
6189361893
del %APPDATA%\Microsoft\Outlook\VbaProject.OTM >nul 2>&1
6189461894
name: command_prompt
6189561895
T1098.003:

atomics/Indexes/windows-index.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -51110,17 +51110,17 @@ persistence:
5111051110
\nit is possible to use Outlook Macro as a way to achieve persistance and
5111151111
execute arbitrary commands. This transform Outlook into a C2.\nToo achieve
5111251112
this two things must happened on the syste\n- The macro security registry
51113-
value must be set to '4'\n- A file called VbaProject.OTM must be created in
51113+
value must be set to '1'\n- A file called VbaProject.OTM must be created in
5111451114
the Outlook Folder.\n"
5111551115
supported_platforms:
5111651116
- windows
5111751117
executor:
5111851118
command: |
51119-
reg add "HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security\Level" /t REG_DWORD /d 1 /f
51119+
reg add "HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security" /v Level /t REG_DWORD /d 1 /f
5112051120
mkdir %APPDATA%\Microsoft\Outlook\ >nul 2>&1
5112151121
echo "Atomic Red Team TEST" > %APPDATA%\Microsoft\Outlook\VbaProject.OTM
5112251122
cleanup_command: |
51123-
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security\Level" /f >nul 2>&1
51123+
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security" /v Level /f >nul 2>&1
5112451124
del %APPDATA%\Microsoft\Outlook\VbaProject.OTM >nul 2>&1
5112551125
name: command_prompt
5112651126
T1098.003:

0 commit comments

Comments
 (0)