← @kwm Twitter archive

Keith

@kwm

@MsftSecIntel @redcanary @MITREattack @LaurenLeigh522 Some Atomic Red Team tests to aid in detection of Raspberry Robin following introduction of an infected USB device (h/t @burning_pm)

T1059.003 https://atomicredteam.io/execution/T1059.003/#atomic-test-5---command-prompt-read-contents-from-cmd-file-and-execute

T1218.007 https://atomicredteam.io/defense-evasion/T1218.007/#atomic-test-11---msiexecexe---execute-remote-msi-file

T1218.008 https://atomicredteam.io/defense-evasion/T1218.008/#atomic-test-1---odbcconfexe---execute-arbitrary-dll

T1218.011 https://atomicredteam.io/defense-evasion/T1218.011/#atomic-test-1---rundll32-execute-javascript-remote-payload-with-getobject

8/3/2022, 3:08:28 PM

Favs: 11

Retweets: 0