Testing Endpoint Solutions With Atomic Red Team Chain Reactions
Tags
attack-pattern: Data Credentials - T1589.001 Powershell - T1059.001 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Automated Collection - T1119 Brute Force - T1110 Credential Dumping - T1003 Data Compressed - T1002 Powershell - T1086 Security Software Discovery - T1063 System Owner/User Discovery - T1033 Windows Admin Shares - T1077 Valid Accounts - T1078 Automated Collection Valid Accounts
Show in Graph
Common Information
Type Value
UUID 6207c7f2-06a9-46d4-ab32-f0818e03749b
Fingerprint 2cb6891c7fc3ae2d
Analysis status DONE
Considered CTI value -2
Text language
Published Aug. 16, 2021, midnight
Added to db Jan. 18, 2023, 10:12 p.m.
Last updated Nov. 18, 2024, 1:24 p.m.
Headline Testing Detection and Prevention Tools With Atomic Red Team “Chain Reactions”
Title Testing Endpoint Solutions With Atomic Red Team Chain Reactions
Detected Hints/Tags/Attributes 49/1/18
Source URLs
Redirection Url
Details Source https://redcanary.com/blog/testing-endpoint-solutions-atomic-red-team/
URL Provider
Details Provider Source level domain
Details redcanary.com redcanary.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
allthedataz.zip
Details Domain 58 
redcanary.com
Details Email 4 
research@redcanary.com
Details File 12 
qwinsta.exe
Details File 17 
quser.exe
Details File 19 
usernames.txt
Details File 2 
computers.txt
Details File 99 
passwords.txt
Details File 76 
netsh.exe
Details File 56 
tasklist.exe
Details File 1 
discovery.bat
Details File 1212 
powershell.exe
Details File 3 
passwords.docx
Details File 2130 
cmd.exe
Details File 1 
c:\temp\allthedataz.zip
Details File 1 
exfilthis.rar
Details Github username 17 
redcanaryco
Details Url 1 
https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/windows/payloads/discovery.bat