├── eicar.com
├── calc.exe
├── calc.lnk
├── calc_applescript.scpt
├── calc_applescript.zip
├── SimpleJavaCalculator.jar
├── asciiart.command
├── calc_enc.vbe
├── calc_enc.jse
├── calc_hta.hta
├── README.md
└── python_filemaker_clean.py
/eicar.com:
--------------------------------------------------------------------------------
1 | X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
--------------------------------------------------------------------------------
/calc.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/carnal0wnage/malicious_file_maker/HEAD/calc.exe
--------------------------------------------------------------------------------
/calc.lnk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/carnal0wnage/malicious_file_maker/HEAD/calc.lnk
--------------------------------------------------------------------------------
/calc_applescript.scpt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/carnal0wnage/malicious_file_maker/HEAD/calc_applescript.scpt
--------------------------------------------------------------------------------
/calc_applescript.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/carnal0wnage/malicious_file_maker/HEAD/calc_applescript.zip
--------------------------------------------------------------------------------
/SimpleJavaCalculator.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/carnal0wnage/malicious_file_maker/HEAD/SimpleJavaCalculator.jar
--------------------------------------------------------------------------------
/asciiart.command:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | cat << "EOF"
4 | _,.
5 | ,` -.)
6 | '( _/'-\\-.
7 | /,|`--._,-^| ,
8 | \_| |`-._/|| ,'|
9 | | `-, / | / /
10 | | || | / /
11 | `r-._||/ __ / /
12 | __,-<_ )`-/ `./ /
13 | ' \ `---' \ / /
14 | | |./ /
15 | / // /
16 | \_/' \ |/ /
17 | | | _,^-'/ /
18 | | , `` (\/ /_
19 | \,.->._ \X-=/^
20 | ( / `-._//^`
21 | `Y-.____(__}
22 | | {__)
23 | ()`
24 | EOF
--------------------------------------------------------------------------------
/calc_enc.vbe:
--------------------------------------------------------------------------------
1 | #@~^WAAAAA==dY~}AN?CAV^xkm.kaK /M+lDnr(L+1OcJq/1DrwO UtnV^E#=W8%Ut+sJcD;xvEumGs/a+muPJ^P1lsmc+anr#Fh4AAA==^#~@
2 |
3 |
4 | '
5 | '
6 | '*******************************************************
7 | '
8 | ' This script was produced automatically
9 | ' by an evaluation demo copy of:
10 | '
11 | ' Scripts Encryptor - Encoder v.3.0.3.6
12 | '
13 | ' User: user-525d7809
14 | '
15 | ' www.dennisbabkin.com/screnc
16 | '
17 | ' (Please register to make this message go away)
18 | ' Go to Help -> Register ...
19 | '
20 | '*******************************************************
21 | '
22 | '
23 | ' SEED:
24 | ' 250ADAF8DFEF299758DA56D23CB3F5850C8E18E07F1D8E24738873E7F992B622
25 | ' 2620BDD52CA503EC82D62C60C25B1B83F96B087ED3EA4641431F6EF30C0076A6
26 | ' 795930617ED7A004ED7A10E76F5EF7798F31FF6F7D776A9C17B649D690731107
27 | ' DEDB83FD4EEA3311E26171DE238998D0AF15E4EA78AF69066DD74D7947798A72
28 | ' 1C6874A3AC600C24AC480EEE320FE4B0471043587F94B255ED961A9B6FDC303E
29 |
30 |
31 |
--------------------------------------------------------------------------------
/calc_enc.jse:
--------------------------------------------------------------------------------
1 | #@~^WQAAAA==-mD~K4N?tV^xUm.kaY /M+lDnr(L+1OcJq/1DrwO UtnV^E#pW8%Ut+sscD;xvEumGs/a+muPJ^P1lsmc+anr#i7x4AAA==^#~@
2 |
3 |
4 | //
5 | //
6 | //*******************************************************
7 | //
8 | // This script was produced automatically
9 | // by an evaluation demo copy of:
10 | //
11 | // Scripts Encryptor - Encoder v.3.0.3.6
12 | //
13 | // User: user-525d7809
14 | //
15 | // www.dennisbabkin.com/screnc
16 | //
17 | // (Please register to make this message go away)
18 | // Go to Help -> Register ...
19 | //
20 | //*******************************************************
21 | //
22 | //
23 | // SEED:
24 | // 0D20B3C2B6EBC3CB674ABA3E96D418A4B8048CD39879AC63893D05747D13A856
25 | // 8141728008502E0F39BF74369DB1538470C242A2CAE8650E9D73FB38E48BBAF5
26 | // 642AE7CE392E83A5A6FA1FF032117897DB6A8CF7EE2974839D397307F1E42842
27 | // 571F50F0AA4ED807371A6DF05D170F379A4B8C4040B7BF7379B69257A7A748D8
28 | // C713146E64D53172B0C7EF1A34AFA9B45FF319C63A3EE88BE5835869C30E6316
29 |
30 |
31 |
--------------------------------------------------------------------------------
/calc_hta.hta:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
24 |
25 |
29 |
30 | Simple HTML Page
31 |
32 |
33 |
34 |
35 |
36 | Dummy Page
37 |
38 | This is a simple, common or garden variety, normal HTML page. Oh, but saved
39 | with a .HTA extension, and with an <HTA> application block included at the
40 | top of the HTML code.
41 | And to make it interesting, here is a link to the AODC
42 | Web site.
43 | And why not retrieve the version number out of the HTA:Application properties
44 | using JavaScript.
45 |
46 |
47 |
48 |
49 |
50 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # malicious_file_maker
2 | Malicious file maker/sender to create and send malicious attachments to test your email filter/alerting.
3 |
4 | * Created to work on OS X using Keka to do most of the archiving functions. Easy enough to change for your distro.
5 |
6 |
7 | # Creating the applescript app
8 | Open the calc_applescript.scpt file with script editor and export as application, zip file should also contain a working version.
9 |
10 | ref: http://apple.stackexchange.com/questions/8299/how-do-i-make-an-applescript-file-into-a-mac-app
11 |
12 | 
13 |
14 |
15 | # Example run:
16 | ```
17 | $ python python_filemaker.py
18 |
19 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
20 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
21 | Scanning
22 |
23 | Creating archive eicar_encrypt.zip
24 |
25 | Compressing eicar.com
26 |
27 | Everything is Ok
28 | ..........
29 | created: /Users/nyob/Documents//filemaker/2016-09-30T11:56:14.654053/eicardmg.dmg
30 |
31 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
32 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
33 | Scanning
34 |
35 | Creating archive eicar.7z
36 |
37 | Compressing eicar.com
38 |
39 | Everything is Ok
40 |
41 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
42 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
43 | Scanning
44 |
45 | Creating archive eicar.tar
46 |
47 | Compressing eicar.com
48 |
49 | Everything is Ok
50 | a eicar.com
51 | a eicar.com
52 |
53 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
54 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
55 | Scanning
56 |
57 | Creating archive eicar.gzip
58 |
59 | Compressing eicar.com
60 |
61 | Everything is Ok
62 |
63 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
64 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
65 | Scanning
66 |
67 | Creating archive eicar.bzip
68 |
69 | Compressing eicar.com
70 |
71 | Everything is Ok
72 |
73 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
74 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
75 | Scanning
76 |
77 | Creating archive eicar.xz
78 |
79 | Compressing eicar.com
80 |
81 | Everything is Ok
82 |
83 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
84 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
85 | Scanning
86 |
87 | Creating archive calcjs_encrypt.zip
88 |
89 | Compressing calc.js
90 |
91 | Everything is Ok
92 |
93 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
94 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
95 | Scanning
96 |
97 | Creating archive calcjs.7z
98 |
99 | Compressing calc.js
100 |
101 | Everything is Ok
102 |
103 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
104 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
105 | Scanning
106 |
107 | Creating archive calcjs.tar
108 |
109 | Compressing calc.js
110 |
111 | Everything is Ok
112 | a calc.js
113 | a calc.js
114 |
115 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
116 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
117 | Scanning
118 |
119 | Creating archive calcjs.gzip
120 |
121 | Compressing calc.js
122 |
123 | Everything is Ok
124 |
125 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
126 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
127 | Scanning
128 |
129 | Creating archive calcjs.bzip
130 |
131 | Compressing calc.js
132 |
133 | Everything is Ok
134 |
135 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
136 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
137 | Scanning
138 |
139 | Creating archive calcjs.xz
140 |
141 | Compressing calc.js
142 |
143 | Everything is Ok
144 |
145 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
146 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
147 | Scanning
148 |
149 | Creating archive calc_hta.bzip
150 |
151 | Compressing calc_hta.hta
152 |
153 | Everything is Ok
154 |
155 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
156 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
157 | Scanning
158 |
159 | Creating archive calc_lnk.bzip
160 |
161 | Compressing calc.lnk
162 |
163 | Everything is Ok
164 |
165 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
166 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
167 | Scanning
168 |
169 | Creating archive calc_enc_jse.bzip
170 |
171 | Compressing calc_enc.jse
172 |
173 | Everything is Ok
174 |
175 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
176 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
177 | Scanning
178 |
179 | Creating archive calc_enc_vbe.bzip
180 |
181 | Compressing calc_enc.vbe
182 |
183 | Everything is Ok
184 |
185 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
186 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
187 | Scanning
188 |
189 | Creating archive calc_bat.bzip
190 |
191 | Compressing calc.bat
192 |
193 | Everything is Ok
194 |
195 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
196 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
197 | Scanning
198 |
199 | Creating archive calc_cmd.bzip
200 |
201 | Compressing calc.cmd
202 |
203 | Everything is Ok
204 |
205 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
206 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
207 | Scanning
208 |
209 | Creating archive calc_vbs.bzip
210 |
211 | Compressing calc.vbs
212 |
213 | Everything is Ok
214 |
215 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
216 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
217 | Scanning
218 |
219 | Creating archive calc_wsf.bzip
220 |
221 | Compressing calc.wsf
222 |
223 | Everything is Ok
224 |
225 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
226 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
227 | Scanning
228 |
229 | Creating archive calcvbs_encrypt.zip
230 |
231 | Compressing calc.vbs
232 |
233 | Everything is Ok
234 |
235 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
236 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
237 | Scanning
238 |
239 | Creating archive calcvbs.7z
240 |
241 | Compressing calc.vbs
242 |
243 | Everything is Ok
244 |
245 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
246 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
247 | Scanning
248 |
249 | Creating archive calcvbs.tar
250 |
251 | Compressing calc.vbs
252 |
253 | Everything is Ok
254 | a calc.vbs
255 | a calc.vbs
256 |
257 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
258 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
259 | Scanning
260 |
261 | Creating archive calcvbs.gzip
262 |
263 | Compressing calc.vbs
264 |
265 | Everything is Ok
266 |
267 | 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
268 | p7zip Version 9.20 (locale=utf8,Utf16=on,HugeFiles=on,8 CPUs)
269 | Scanning
270 |
271 | Creating archive calcvbs.xz
272 |
273 | Compressing calc.vbs
274 |
275 | Everything is Ok
276 | sending:asciiart.command
277 | sending:calc.bat
278 | sending:calc.cmd
279 | sending:calc.exe
280 | sending:calc.js
281 | sending:calc.lnk
282 | sending:calc.ps1
283 | sending:calc.vbs
284 | sending:calc.wsf
285 | sending:calc_applescript.zip
286 | sending:calc_bat.bzip
287 | sending:calc_bat.zip
288 | sending:calc_cmd.bzip
289 | sending:calc_cmd.zip
290 | sending:calc_enc.jse
291 | sending:calc_enc.vbe
292 | sending:calc_enc_jse.bzip
293 | sending:calc_enc_jse.zip
294 | sending:calc_enc_vbe.bzip
295 | sending:calc_enc_vbe.zip
296 | sending:calc_hta.bzip
297 | sending:calc_hta.hta
298 | sending:calc_hta.zip
299 | sending:calc_lnk.bzip
300 | sending:calc_lnk.zip
301 | sending:calc_vbs.bzip
302 | sending:calc_vbs.zip
303 | sending:calc_wsf.bzip
304 | sending:calc_wsf.zip
305 | sending:calcjs.7z
306 | sending:calcjs.bzip
307 | sending:calcjs.gzip
308 | sending:calcjs.tar
309 | sending:calcjs.tar.bz2
310 | sending:calcjs.tar.gz
311 | sending:calcjs.xz
312 | sending:calcjs.zip
313 | sending:calcjs_encrypt.zip
314 | sending:calcvbs.7z
315 | sending:calcvbs.gzip
316 | sending:calcvbs.tar
317 | sending:calcvbs.tar.bz2
318 | sending:calcvbs.tar.gz
319 | sending:calcvbs.xz
320 | sending:calcvbs_encrypt.zip
321 | sending:eicar.7z
322 | sending:eicar.bzip
323 | sending:eicar.com
324 | sending:eicar.gzip
325 | sending:eicar.tar
326 | sending:eicar.tar.bz2
327 | sending:eicar.tar.gz
328 | sending:eicar.xz
329 | sending:eicar.zip
330 | sending:eicar_encrypt.zip
331 | sending:eicardmg.dmg
332 | sending:SimpleJavaCalculator.jar
333 | ```
334 |
335 | Inbox:
336 | 
337 |
338 |
--------------------------------------------------------------------------------
/python_filemaker_clean.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | #runs on OSX, needs tar, keka
4 |
5 | import zipfile, os, datetime, shutil
6 | import subprocess
7 | import smtplib
8 | from email.MIMEMultipart import MIMEMultipart
9 | from email.MIMEBase import MIMEBase
10 | from email.MIMEText import MIMEText
11 | from email import Encoders
12 |
13 |
14 |
15 | gmail_user = "XXXXX"
16 | gmail_pwd = "XXXXX"
17 |
18 | sendgrid_user = "XXXXX"
19 | sendgrid_pwd = "XXXXX"
20 |
21 | yandex_user = "XXXXX"
22 | yandex_pwd = "XXXXX"
23 |
24 | cwd = os.getcwd()
25 | now = datetime.datetime.now()
26 | date = now.isoformat()
27 |
28 | def make_zip(filename, file):
29 | newZip = zipfile.ZipFile(filename, 'w')
30 | newZip.write(file, compress_type=zipfile.ZIP_DEFLATED)
31 | newZip.close()
32 |
33 | def make_encrypted_zip(filename, file):
34 | subprocess.call(['/Applications/Keka.app/Contents/Resources/keka7z', "-tzip", "-pPassword1", "a", filename, file])
35 |
36 | def make_bat(filename):
37 | target = open(filename, 'w')
38 | line = "echo calc a coming... \n"
39 | line += "START calc.exe"
40 | target.write(line)
41 | target.write("\n")
42 | target.close()
43 |
44 | def make_cmd(filename):
45 | target = open(filename, 'w')
46 | line = "echo calc a coming... \n"
47 | line += "START calc.exe"
48 | target.write(line)
49 | target.write("\n")
50 | target.close()
51 |
52 | def make_ps1(filename):
53 | target = open(filename, 'w')
54 | line = "# prep your commands first and then invoke them via powershell \n"
55 | line += "$command = 'cmd.exe /c calc.exe' \n"
56 | line += "$bytes = [System.Text.Encoding]::Unicode.GetBytes($command) \n"
57 | line += "$encodedCommand = [Convert]::ToBase64String($bytes) \n"
58 | line += "# once you have b64 string payload, execute it \n"
59 | line += "powershell.exe -encodedCommand $encodedCommand \n"
60 | target.write(line)
61 | target.close()
62 |
63 | def make_js(filename):
64 | target = open(filename, 'w')
65 | line = "var objShell = WScript.CreateObject(\"Wscript.Shell\");\n"
66 | line += "objShell.run(\"%comspec% /c calc.exe\");"
67 | target.write(line)
68 | target.write("\n")
69 | target.close()
70 |
71 | #used screnc to make this fiel from the js above
72 | def make_jse (filename):
73 | return
74 |
75 | def make_scr (filename):
76 | return
77 |
78 | def make_com (filename):
79 | return
80 |
81 | def make_ocx (filename):
82 | return
83 |
84 | def make_jar (filename):
85 | return
86 |
87 | def make_vbs(filename):
88 | target = open(filename, 'w')
89 | line = "Set objShell = Wscript.CreateObject(\"Wscript.Shell\") \n"
90 | line += "objShell.run(\"%comspec% /c calc.exe\")"
91 | target.write(line)
92 | target.write("\n")
93 | target.close()
94 |
95 | #used screnc to create this file from the above
96 | def make_vbe (filename):
97 | return
98 |
99 | def make_wsf(filename):
100 | target = open(filename, 'w')
101 | line = " \n"
102 | line += ""
106 | line += ""
107 | target.write(line)
108 | target.write("\n")
109 | target.close()
110 |
111 | def make_shs (filename):
112 | return
113 |
114 | def make_pif (filename):
115 | return
116 |
117 | def make_hta(command):
118 | #from unicorn.py
119 | # HTA code here
120 | main1 = """""" % command
121 | main2 = """"""
122 |
123 | # make a directory if its not there
124 | if not os.path.isdir("hta_attack"):
125 | os.makedirs("hta_attack")
126 |
127 | # write out index file
128 | print("[*] Writing out index file to hta_attack/index.html")
129 | write_file("hta_attack/index.html", main2)
130 |
131 | # write out Launcher.hta
132 | print("[*] Writing malicious hta launcher hta_attack/Launcher.hta")
133 | write_file("hta_attack/Launcher.hta", main1)
134 |
135 | # see python_lnk_maker -- needs to be run from windows. currently we copy
136 | # a calc.lnk from the main folder to the working folder
137 | def make_lnk (filename):
138 | return
139 |
140 | def make_dmg(file, filename):
141 | subprocess.call(['hdiutil', "create", "-format", "UDZO", "-srcfolder", file, filename])
142 |
143 |
144 | def make_7zip(filename, file):
145 | subprocess.call(['/Applications/Keka.app/Contents/Resources/keka7z', "-t7z", "a", filename, file])
146 |
147 | def make_tar(filename, file):
148 | subprocess.call(['/Applications/Keka.app/Contents/Resources/keka7z', "-ttar", "a", filename, file])
149 |
150 | def make_targz(filename, file):
151 | subprocess.call(['tar', "-zcvf", filename, file])
152 |
153 | def make_tarbz2(filename, file):
154 | subprocess.call(['tar', "-jcvf", filename, file])
155 |
156 | def make_gzip(filename, file):
157 | subprocess.call(['/Applications/Keka.app/Contents/Resources/keka7z', "-tgzip", "a", filename, file])
158 |
159 | def make_bzip2(filename, file):
160 | subprocess.call(['/Applications/Keka.app/Contents/Resources/keka7z', "-tbzip2", "a", filename, file])
161 |
162 | def make_xz(filename, file):
163 | subprocess.call(['/Applications/Keka.app/Contents/Resources/keka7z', "-ttar", "a", filename, file])
164 |
165 |
166 | #/Applications/Keka.app/Contents/Resources/keka7z -ttar a eicar.tar.gz eicar.com
167 | #/Applications/Keka.app/Contents/Resources/keka7z -ttar a eicar.tgz eicar.com
168 | #/Applications/Keka.app/Contents/Resources/keka7z -ttar a eicar.tar.bz eicar.com
169 | #/Applications/Keka.app/Contents/Resources/keka7z -ttar a eicar.tbz eicar.com
170 | #/Applications/Keka.app/Contents/Resources/keka7z -ttar a eicar.tar.bz2 eicar.com
171 | #/Applications/Keka.app/Contents/Resources/keka7z -ttar a eicar.xz eicar.com
172 |
173 |
174 |
175 |
176 | def write_file(path, text):
177 | file_write = file(path, "w")
178 | file_write.write(text)
179 | file_write.close()
180 |
181 | #make sure you have enabled imap :-)
182 | def send_gmail(to, subject, text, attach):
183 | try:
184 | msg = MIMEMultipart()
185 | msg['From'] = gmail_user
186 | msg['To'] = to
187 | msg['Subject'] = subject
188 |
189 | msg.attach(MIMEText(text))
190 |
191 | part = MIMEBase('application', 'octet-stream')
192 | part.set_payload(open(attach, 'rb').read())
193 | Encoders.encode_base64(part)
194 | part.add_header('Content-Disposition',
195 | 'attachment; filename="%s"' % os.path.basename(attach))
196 | msg.attach(part)
197 |
198 | mailServer = smtplib.SMTP("smtp.gmail.com", 587)
199 | mailServer.ehlo()
200 | mailServer.starttls()
201 | mailServer.ehlo()
202 | mailServer.login(gmail_user, gmail_pwd)
203 | mailServer.sendmail(gmail_user, to, msg.as_string())
204 | # Should be mailServer.quit(), but that crashes...
205 | mailServer.close()
206 | except smtplib.SMTPDataError as e:
207 | print e
208 |
209 | def send_sendgrid(to, subject, text, attach):
210 | try:
211 | msg = MIMEMultipart()
212 | msg['From'] = sendgrid_user
213 | msg['To'] = to
214 | msg['Subject'] = subject
215 |
216 | msg.attach(MIMEText(text))
217 |
218 | part = MIMEBase('application', 'octet-stream')
219 | part.set_payload(open(attach, 'rb').read())
220 | Encoders.encode_base64(part)
221 | part.add_header('Content-Disposition',
222 | 'attachment; filename="%s"' % os.path.basename(attach))
223 | msg.attach(part)
224 |
225 | mailServer = smtplib.SMTP("smtp.sendgrid.net", 587)
226 | mailServer.ehlo()
227 | mailServer.starttls()
228 | mailServer.ehlo()
229 | mailServer.login(sendgrid_user, sendgrid_pwd)
230 | mailServer.sendmail(sendgrid_user, to, msg.as_string())
231 | # Should be mailServer.quit(), but that crashes...
232 | mailServer.close()
233 | except smtplib.SMTPDataError as e:
234 | print e
235 |
236 | def send_yandex(to, subject, text, attach):
237 | try:
238 | msg = MIMEMultipart()
239 | msg['From'] = yandex_user
240 | msg['To'] = to
241 | msg['Subject'] = subject
242 |
243 | msg.attach(MIMEText(text))
244 |
245 | part = MIMEBase('application', 'octet-stream')
246 | part.set_payload(open(attach, 'rb').read())
247 | Encoders.encode_base64(part)
248 | part.add_header('Content-Disposition',
249 | 'attachment; filename="%s"' % os.path.basename(attach))
250 | msg.attach(part)
251 |
252 | mailServer = smtplib.SMTP('smtp.yandex.com', 587)
253 | mailServer.ehlo()
254 | mailServer.starttls()
255 | mailServer.ehlo()
256 | mailServer.login(yandex_user, yandex_pwd)
257 | mailServer.sendmail(yandex_user, to, msg.as_string())
258 | # Should be mailServer.quit(), but that crashes...
259 | mailServer.close()
260 | except smtplib.SMTPDataError as e:
261 | print e
262 |
263 |
264 |
265 | def list_files(path):
266 | # returns a list of names (with extension, without full path) of all files
267 | # in folder path
268 | files = []
269 | for name in os.listdir(path):
270 | if os.path.isfile(os.path.join(path, name)):
271 | files.append(name)
272 | #print files
273 | return files
274 |
275 | directory = cwd+"/"+date
276 |
277 | #make a directory with time now and change directory to it so our other functions
278 | #make our output files there
279 |
280 | if not os.path.exists(directory):
281 | os.makedirs(directory)
282 |
283 | os.chdir(directory)
284 |
285 | srcfile1 = cwd+"/"+"eicar.com"
286 | srcfile2 = cwd+"/"+"calc_hta.hta"
287 | srcfile3 = cwd+"/"+"calc_enc.jse"
288 | srcfile4 = cwd+"/"+"calc_enc.vbe"
289 | srcfile5 = cwd+"/"+"calc.lnk"
290 | srcfile6 = cwd+"/"+"asciiart.command"
291 | srcfile7 = cwd+"/"+"SimpleJavaCalculator.jar"
292 | srcfile8 = cwd+"/"+"calc.exe"
293 | srcfile9 = cwd+"/"+"calc_applescript.zip"
294 | dstroot = directory
295 |
296 | #copy eicar.com to working dir so we can zip it, dmg it, tar it, etc
297 | shutil.copy(srcfile1, dstroot)
298 | #copy calc_hta.hta to working dir
299 | shutil.copy(srcfile2, dstroot)
300 | #copy calc_enc.jse to working dir
301 | shutil.copy(srcfile3, dstroot)
302 | #copy calc_enc.vbe to working dir
303 | shutil.copy(srcfile4, dstroot)
304 | #copy calc.lnk to working dir
305 | shutil.copy(srcfile5, dstroot)
306 | #copy asciiart.command to working dir double click run command on OSX
307 | shutil.copy(srcfile6, dstroot)
308 | #copy simple javacalc.jar to working dir
309 | shutil.copy(srcfile7, dstroot)
310 | #copy simple calc.exe to working dir
311 | shutil.copy(srcfile8, dstroot)
312 | #copy simple calc_applescript.app to working dir
313 | shutil.copy(srcfile9, dstroot)
314 |
315 |
316 | #make our files in the new directory with current date time
317 | #make archives with eicar string
318 | make_zip('eicar.zip','eicar.com')
319 | make_encrypted_zip('eicar_encrypt.zip', 'eicar.com')
320 | make_dmg('eicar.com', 'eicardmg.dmg')
321 | make_7zip('eicar.7z', 'eicar.com')
322 | make_tar('eicar.tar', 'eicar.com')
323 | make_targz('eicar.tar.gz', 'eicar.com')
324 | make_tarbz2('eicar.tar.bz2', 'eicar.com')
325 | make_gzip('eicar.gzip', 'eicar.com')
326 | make_bzip2('eicar.bzip', 'eicar.com')
327 | make_xz('eicar.xz', 'eicar.com')
328 |
329 | make_js('calc.js')
330 | make_bat('calc.bat')
331 | make_cmd('calc.cmd')
332 | make_ps1('calc.ps1')
333 | make_js('calc.js')
334 | make_vbs('calc.vbs')
335 | make_wsf('calc.wsf')
336 |
337 | #make archives with the js file which gmail allows
338 | make_zip('calcjs.zip','calc.js')
339 | make_encrypted_zip('calcjs_encrypt.zip', 'calc.js')
340 | make_7zip('calcjs.7z', 'calc.js')
341 | make_tar('calcjs.tar', 'calc.js')
342 | make_targz('calcjs.tar.gz', 'calc.js')
343 | make_tarbz2('calcjs.tar.bz2', 'calc.js')
344 | make_gzip('calcjs.gzip', 'calc.js')
345 | make_bzip2('calcjs.bzip', 'calc.js')
346 | make_xz('calcjs.xz', 'calc.js')
347 |
348 | #try zipping all the blocked stuff
349 | make_zip('calc_hta.zip','calc_hta.hta')
350 | make_zip('calc_lnk.zip','calc.lnk')
351 | make_zip('calc_enc_jse.zip','calc_enc.jse')
352 | make_zip('calc_enc_vbe.zip','calc_enc.vbe')
353 | make_zip('calc_bat.zip','calc.bat')
354 | make_zip('calc_cmd.zip','calc.cmd')
355 | make_zip('calc_vbs.zip','calc.vbs')
356 | make_zip('calc_wsf.zip','calc.wsf')
357 |
358 | #try bzipping the blocked stuff (seems to make it 20 june 2016)
359 | make_bzip2('calc_hta.bzip', 'calc_hta.hta')
360 | make_bzip2('calc_lnk.bzip','calc.lnk')
361 | make_bzip2('calc_enc_jse.bzip','calc_enc.jse')
362 | make_bzip2('calc_enc_vbe.bzip','calc_enc.vbe')
363 | make_bzip2('calc_bat.bzip','calc.bat')
364 | make_bzip2('calc_cmd.bzip','calc.cmd')
365 | make_bzip2('calc_vbs.bzip','calc.vbs')
366 | make_bzip2('calc_wsf.bzip','calc.wsf')
367 |
368 | #Try formats that get delivered with something that should be blocked by gmail on the remote end
369 | make_encrypted_zip('calcvbs_encrypt.zip', 'calc.vbs')
370 | make_7zip('calcvbs.7z', 'calc.vbs')
371 | make_tar('calcvbs.tar', 'calc.vbs')
372 | make_targz('calcvbs.tar.gz', 'calc.vbs')
373 | make_tarbz2('calcvbs.tar.bz2', 'calc.vbs')
374 | make_gzip('calcvbs.gzip', 'calc.vbs')
375 | make_xz('calcvbs.xz', 'calc.vbs')
376 |
377 | #mail the shit
378 | attachments = list_files(directory)
379 | for file in attachments:
380 | print "sending:" + file
381 | #send_sendgrid("unlucky@company.xyz", file, file, file)
382 | send_gmail("unlucky@company.xyz", file, file, file)
383 |
384 |
385 |
386 | #subprocess.call(['7z', 'a', filename+'.7z', filename])
387 | #/Applications/Keka.app/Contents/Resources/keka7z
388 | #/Applications/Keka.app/Contents/Resources/keka7z -t7z a eicar2.7z eicar.com
389 | #/Applications/Keka.app/Contents/Resources/keka7z -ttar a eicar.tar eicar.com
390 | #/Applications/Keka.app/Contents/Resources/keka7z -ttar a eicar.tar.gz eicar.com
391 | #/Applications/Keka.app/Contents/Resources/keka7z -ttar a eicar.tgz eicar.com
392 | #/Applications/Keka.app/Contents/Resources/keka7z -ttar a eicar.tar.bz eicar.com
393 | #/Applications/Keka.app/Contents/Resources/keka7z -ttar a eicar.tbz eicar.com
394 | #/Applications/Keka.app/Contents/Resources/keka7z -ttar a eicar.tar.bz2 eicar.com
395 | #/Applications/Keka.app/Contents/Resources/keka7z -ttar a eicar.xz eicar.com
396 | #/Applications/Keka.app/Contents/Resources/keka7z -tgzip a eicar.gzip eicar.com
397 | #/Applications/Keka.app/Contents/Resources/keka7z -tbzip2 a eicar.bzip eicar.com
398 | #tar -zcvf eicar.tar.gz eicar.com
399 | #tar -jcvf archive_name.tar.bz2 eicar.com
400 | #hdiutil create -format UDZO -srcfolder eicar.com archive_name.dmg
401 |
402 |
403 |
--------------------------------------------------------------------------------