Popular Post dEEpEst Posted August 23, 2023 Popular Post Share Posted August 23, 2023 A PoC that packages payloads into output containersb to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, VHDX PackMyPayload - Emerging Threat of Containerized Malware This tool takes a file or directory on input and embeds them into an output file acting as an archive/container. It can serve purpose for a Proof-of-Concept presenting emerging risk of container file formats with embedded malware, as well as helper for professional Red Team Operators to sharpen their Initial Access maneuvers. Currently Threat Actors are smuggling their malicious payloads archived in various container file formats, such as: 7zip zip ISO IMG CAB They do that to get their payloads passed file content scanners, but more importantly to avoid having Mark-Of-The-Web flag on their files. Should they provide container file to their victims, a foundation for disabling VBA macros in Internet-originated Office documents might be bypassed. This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts