Fix error in APT29-Day2.yaml where payload for step 14.B was not exec…

…uted; Rename 16.C to 16.C-16.D
center-for-threat-informed-defense · Mar 13, 2023 · 0827921 · 0827921
1 parent a003545
commit 0827921
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/apt29/Emulation_Plan/yaml/APT29-Day2.yaml b/apt29/Emulation_Plan/yaml/APT29-Day2.yaml
@@ -309,13 +309,15 @@
       psh,pwsh:
         command: |
           . .\stepFourteen_credDump.ps1;
+          wmidump;
         payloads:
         - stepFourteen_credDump.ps1
 
   executors:
   - name: powershell
     command: |
       . .\stepFourteen_credDump.ps1;
+      wmidump;
 
 # Step 15 - Establish Persistence
 
@@ -427,7 +429,7 @@
     name: "Ingress Tool Transfer"
   cti_source: "https://www.volexity.com/blog/2016/11/09/powerduke-post-election-spear-phishing-campaigns-targeting-think-tanks-and-ngos/"
   procedure_group: procedure_lat_movement
-  procedure_step: "16.C"
+  procedure_step: "16.C-16.D"
   platforms:
     windows:
       psh,pwsh: