From 94d103a3d0996cba0cff6d8e5abcca71d50f27c4 Mon Sep 17 00:00:00 2001 From: J/ <55988027+jkerai1@users.noreply.github.com> Date: Sun, 17 Nov 2024 10:05:51 +0000 Subject: [PATCH] Create AutoHotkey.yml --- yml/Desktop_App/AutoHotkey.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 yml/Desktop_App/AutoHotkey.yml diff --git a/yml/Desktop_App/AutoHotkey.yml b/yml/Desktop_App/AutoHotkey.yml new file mode 100644 index 0000000..bcdde8d --- /dev/null +++ b/yml/Desktop_App/AutoHotkey.yml @@ -0,0 +1,27 @@ +--- +Name: AutoHotKey +Description: AutoHotkey is a free, open-source scripting language for Windows that allows users to easily create small to complex scripts for all kinds of tasks such as: form fillers, auto-clicking, macros, etc. +Author: 'Chris Mallett' +Created: 2003-10-11 +Usage: + - Steps: Create/Modify an Autohotkey script to write keyboard input to a file or push to website. Autohotkey hooks into keyboard (WH_KEYBOARD_LL) to monitor user Key strokes. + Description: An adversary can use FileAppend to write keyboard input to a file or web.Send() to push keyboard input data via HTTP + Usecase: Collecting User Input which could include passwords + Category: Collection + Privileges: User + Limitations: None + MitreID: T1056.001 + - Steps: Create an autohotkeyscript to invoke a persistence command + Description: Persistence can be achieved upon specific keypress/combination from the user by invoking run command for example Run "cmd", "C:\" + Usecase: Establishing persistence on a Windows host + Category: Persistence + Privileges: User + Limitations: None + MitreID: TA0003 +Resources: + - Link: https://github.com/mario-moreau/autohotkey-keylogger + - Link: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/the-darkgate-menace-leveraging-autohotkey-attempt-to-evade-smartscreen/ + - Link: https://www.trellix.com/blogs/research/darkgate-again-but-improved/ + - Link: https://www.autohotkey.com/board/topic/73858-looking-for-efficient-key-logger-script/ +Acknowledgement: + - Person: 'Jay Kerai'