文件列表:

LICENSE.md (33191, 2019-04-17)
MMG.py (1365, 2019-04-17)
TEMPLATE.md (2228, 2019-04-17)
configs/ (0, 2019-04-17)
configs/dotnettojs-domain-evasion.json (781, 2019-04-17)
configs/generic-cmd-evasion.json (350, 2019-04-17)
configs/generic-cmd.json (296, 2019-04-17)
configs/recon-rename-wmi-cmd-evasion.json (639, 2019-04-17)
configs/recon.json (281, 2019-04-17)
configs/wmi-cmd-evasion-domain.json (385, 2019-04-17)
configs/wmi-cmd-evasion-process.json (390, 2019-04-17)
configs/wmi-cmd.json (361, 2019-04-17)
configs/wmi-evasion-uptime.json (368, 2019-04-17)
configs/wmi-msbuild-evasion-domain.json (422, 2019-04-17)
examples/ (0, 2019-04-17)
examples/generic-cmd-evasion.vba (3426, 2019-04-17)
lib/ (0, 2019-04-17)
lib/__init__.py (0, 2019-04-17)
lib/encoder.py (5829, 2019-04-17)
lib/helper.py (3432, 2019-04-17)
templates/ (0, 2019-04-17)
templates/evasions/ (0, 2019-04-17)
templates/evasions/diskcheck.vba (880, 2019-04-17)
templates/evasions/domain.vba (1918, 2019-04-17)
templates/evasions/encoder.vba (302, 2019-04-17)
templates/evasions/hex-decode.vba (226, 2019-04-17)
templates/evasions/none.vba (123, 2019-04-17)
templates/evasions/password.vba (313, 2019-04-17)
templates/evasions/process.vba (1548, 2019-04-17)
templates/evasions/uptime.vba (1149, 2019-04-17)
templates/payloads/ (0, 2019-04-17)
templates/payloads/dotnettojs-evasion-template.vba (21119, 2019-04-17)
templates/payloads/generic-cmd-evasion-template.vba (941, 2019-04-17)
templates/payloads/generic-cmd-template.vba (849, 2019-04-17)
templates/payloads/recon-rename-wmi-cmd-evasion.vba (3717, 2019-04-17)
templates/payloads/recon-template.vba (2292, 2019-04-17)
templates/payloads/wmi-evasion-domain-template.vba (1763, 2019-04-17)
templates/payloads/wmi-evasion-process-template.vba (1548, 2019-04-17)
templates/payloads/wmi-evasion-uptime-template.vba (1758, 2019-04-17)
... ...

# Malicious Macro Generator Utility Simple utility design to generate obfuscated macro that also include a AV / Sandboxes escape mechanism. # Requirement ``` Python 2.7 ``` # Usage ``` MMG.Malicious Macro Generator v2.0 - RingZer0 Team Author: Mr.Un1k0d3r mr.un1k0d3r@gmail.com Usage: MMG.py [config] [output] (optional parameters) [config] Config file that contain generator information [output] Output filename for the macro -l --list List of all available payloads and evasion techniques -s --split_strings Randomly split strings at parts -x --strings_to_hex Encode strings to hex python MMG.py configs/generic-cmd.json malicious.vba ``` # Config file Example of a project config file. ``` { "description": "Generic command exec payload\nEvasion technique set to domain check", "template": "templates/payloads/generic-cmd-evasion-template.vba", "varcount": 150, "encodingoffset": 4, "chunksize": 200, "encodedvars": { "DOMAIN":"RINGZER0" }, "vars": [], "evasion": ["encoder", "domain"], "payload": "cmd.exe /c whoami" } ``` # Evasion techniques ###### Domain check The macro is fetching the USERDOMAIN environment variable and compare the value with a predefined one. If they match the final payload is executed. ###### Disk check The macro is looking for the total disk space. VMs and test machines use small disk most of the time. ###### Memory check The macro is looking for the total memory size. Vms and test machines use less resources. ###### Uptime check The macro is looking for the system uptime. Sandboxes will return a short uptime. ###### Process check The macro is checking if a specific process is running (example outlook.exe) ###### Obfuscation The python script will also generate obfuscated code to avoid heuristic detection ###### More to come # Credit Mr.Un1k0d3r RingZer0 Team https://ringzer0team.com

近期下载者：

相关文件：

评论：[我要评论] [举报此文件]

收藏者：