#
Category: managed-services
See all categories.
License
This ATT&CK Evaluations Control Server is used to execute behaviors under test during ATT&CK Evaluations.
The ATT&CK Evaluations Emotet Handler is used to handle communications between the Emotet Client and control server via a REST API.
The ATT&CK Evaluations Exaramel for Linux handler is used to handle communications between the ATT&CK Evaluations Exaramel for Linux client and the...
The ATT&CK Evaluations TrickBot Handler is used to handle communications between the Trickbot Client and control server via a REST API.
The SideTwist C2 handler is the server-side counterpart for the SideTwist implant and is specifically designed to interact with it by sending...
Linux Attack Platform: Kali Linux 2019.2
The provided script will automatically build SideTwist, VALUEVAULT and RDAT from a Kali Linux host.
Included document "GGMS Overview.doc" is SAFE.
These tests expect compilation of a TestProgram.exe. The sample code is provided and can be compiled using gcc:
Mimikatz was used to list all available provider credentials using sekurlsa::logonPasswords
and perform Pass-The-Hash via
Clean up scripts provided will check and delete all artifacts. The script will also force reboot the host at the end of the script's execution.
RDAT is a backdoor used by the suspected Iranian threat group OilRig.
The SideTwist implant consists of a single executable. In emulated execution, it only executes a single command at a time, waiting to again be called...
This file does not need to be compiled - it is a self contained (i.e., no code-behind file) C# application in
VALUEVAULT is a Golang compiled version of the “Windows Vault Password Dumper” browser credential theft tool from Massimiliano Montoro, the developer...
Legend of symbols:
Linux/Mac OS, 64-bit
We hope to capture the general structure of what is reported to have been seen being used by OilRig.
Based on open-source intelligence, the ATT&CK ® Evaluations team created the below scenario leveraging techniques seen from Oilrig in the wild.
Objectives: OilRig is a cyber threat actor whose collection objectives align with the strategic interests of Iran.