From ea4a77b933afe0bffe418cdb4ad4cc0e680de6ca Mon Sep 17 00:00:00 2001 From: Mr-Un1k0d3r Date: Fri, 11 Nov 2016 13:58:35 -0500 Subject: [PATCH 1/5] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e198c23..adef144 100644 --- a/README.md +++ b/README.md @@ -11,12 +11,12 @@ Python 3.4 (Not supported yet) #Usage ``` -Usage: GenMacro.py [config] [output] +Usage: MMG.py [config] [output] config Config file that contain generator information output Output filename for the macro -python GenMacro.py configs/generic-cmd-domain-evasion.json malicious.vba +python MMG.py configs/genric-cmd.json malicious.vba ``` #Config file From 740fd3162d5dfc42a77b78a6f011f2788c50e08a Mon Sep 17 00:00:00 2001 From: Mr-Un1k0d3r Date: Fri, 11 Nov 2016 13:59:16 -0500 Subject: [PATCH 2/5] Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index adef144..fae9662 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,9 @@ Python 3.4 (Not supported yet) #Usage ``` +MMG.Malicious Macro Generator v2.0 - RingZer0 Team +Author: Mr.Un1k0d3r mr.un1k0d3r@gmail.com + Usage: MMG.py [config] [output] config Config file that contain generator information From a33e873ddcf7996f95d7238e61490ecadf35836a Mon Sep 17 00:00:00 2001 From: Mr-Un1k0d3r Date: Fri, 11 Nov 2016 13:59:57 -0500 Subject: [PATCH 3/5] Update README.md --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index fae9662..0c60e64 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ -## MaliciousMacroGenerator #Malicious Macro Generator Utility -Simple utility design to generate obfuscated macro that also include a AV / Sandbox escape trick +Simple utility design to generate obfuscated macro that also include a AV / Sandboxes escape mechanism. #Requirement ``` From 1573b6fd1551d8c05191660194381e8ba05eb1e6 Mon Sep 17 00:00:00 2001 From: Mr-Un1k0d3r Date: Fri, 11 Nov 2016 14:01:35 -0500 Subject: [PATCH 4/5] Update generic-cmd.json --- configs/generic-cmd.json | 21 +++++---------------- 1 file changed, 5 insertions(+), 16 deletions(-) diff --git a/configs/generic-cmd.json b/configs/generic-cmd.json index 8cd6d39..74bb3d1 100644 --- a/configs/generic-cmd.json +++ b/configs/generic-cmd.json @@ -5,20 +5,9 @@ "encodingoffset": 4, "chunksize": 200, "encodedvars": { - "DOMAIN": "AD" - }, - "vars": [ - "func_evasion_encoder", - "func_evasion_none", - "func_evasion_diskcheck", - "func_evasion_uptime" - ], - "evasion": [ - "encoder", - "none", - "uptime", - "diskcheck", - "domain" - ], - "payload": "cmd.exe /c random garbage" + "DOMAIN": "RINGZER0" + }, + "vars": [], + "evasion": ["none"], + "payload": "cmd.exe /c your payload" } From 6886ab716b9aab1be6a5410e2f30bdedb845a5c9 Mon Sep 17 00:00:00 2001 From: Mr-Un1k0d3r Date: Fri, 11 Nov 2016 14:16:59 -0500 Subject: [PATCH 5/5] Update generic-cmd.json --- configs/generic-cmd.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configs/generic-cmd.json b/configs/generic-cmd.json index 74bb3d1..9ea5ac0 100644 --- a/configs/generic-cmd.json +++ b/configs/generic-cmd.json @@ -8,6 +8,6 @@ "DOMAIN": "RINGZER0" }, "vars": [], - "evasion": ["none"], + "evasion": ["encoder"], "payload": "cmd.exe /c your payload" }