Cobalt-Strike/Attacks/Packages/HTML-application

From aldeid
Jump to navigation Jump to search
You are here
HTML application

Attack

This package generates an HTML application that runs a Cobalt Strike payload using an executable, a Powershell command or a VBA script.

Method
  • You may choose the Executable option to get an HTML Application that drops an executable to disk and runs it.
  • Choose the PowerShell option to get an HTML Application that uses PowerShell to run a payload.
  • Use the VBA option to silently spawn a Microsoft Excel instance and run a malicious macro that injects a payload into memory.

Obfuscation and tuning

Consider using the Resource Kit or morph-hta for obfuscation and tuning purposes.