diff --git a/atomics/T1071.001/T1071.001.yaml b/atomics/T1071.001/T1071.001.yaml index ce87306c22..3eef4c106c 100644 --- a/atomics/T1071.001/T1071.001.yaml +++ b/atomics/T1071.001/T1071.001.yaml @@ -22,6 +22,7 @@ atomic_tests: Invoke-WebRequest #{domain} -UserAgent "Opera/8.81 (Windows NT 6.0; U; en)" | out-null Invoke-WebRequest #{domain} -UserAgent "*<|>*" | out-null name: powershell + - name: Malicious User Agents - CMD auto_generated_guid: dc3488b0-08c7-4fea-b585-905c83b48180 description: | @@ -36,13 +37,30 @@ atomic_tests: description: Default domain to simulate against type: string default: www.google.com + curl_path: + description: path to curl.exe + type: path + default: C:\Windows\System32\Curl.exe + dependency_executor_name: powershell + dependencies: + - description: | + Curl must be installed on system + prereq_command: | + if (Test-Path #{curl_path}) {exit 0} else {exit 1} + get_prereq_command: | + Invoke-WebRequest "https://curl.haxx.se/windows/dl-7.71.1/curl-7.71.1-win32-mingw.zip" -Outfile $env:temp\curl.zip + Expand-Archive -Path $env:temp\curl.zip -DestinationPath $env:temp\curl + Copy-Item $env:temp\curl\curl-7.71.1-win32-mingw\bin\curl.exe #{curl_path} + Remove-Item $env:temp\curl + Remove-Item $env:temp\curl.zip executor: command: | - curl -s -A "HttpBrowser/1.0" -m3 #{domain} >nul 2>&1 - curl -s -A "Wget/1.9+cvs-stable (Red Hat modified)" -m3 #{domain} >nul 2>&1 - curl -s -A "Opera/8.81 (Windows NT 6.0; U; en)" -m3 #{domain} >nul 2>&1 - curl -s -A "*<|>*" -m3 #{domain} >nul 2>&1 + #{curl_path} -s -A "HttpBrowser/1.0" -m3 #{domain} >nul 2>&1 + #{curl_path} -s -A "Wget/1.9+cvs-stable (Red Hat modified)" -m3 #{domain} >nul 2>&1 + #{curl_path} -s -A "Opera/8.81 (Windows NT 6.0; U; en)" -m3 #{domain} >nul 2>&1 + #{curl_path} -s -A "*<|>*" -m3 #{domain} >nul 2>&1 name: command_prompt + - name: Malicious User Agents - Nix auto_generated_guid: 2d7c471a-e887-4b78-b0dc-b0df1f2e0658 description: |