This payload is meant to exfiltrate screenshots of all monitors and sends to a dropbox every 15 seconds. (This setting can be changed in the c.ps1 file) This payload uses iwr to download 2 files I.bat c.ps1 I.bat is downloaded to the startup folder to maintain persistence and execute c.ps1 on reboot/startup c.ps1 will sit in AppData\Roaming folder, taking a screenshot of all monitors every 15 seconds Then the contents will then be sent to the DropBox for viewing pleasure
Exfiltration is an involuntary backup. It's a technique for obtaining data from a network. Once obtained, the data may be removed using a number of methods. These may include traversing the network to a command and control server, such as Cloud C². The content is typically encrypted or obfuscated. In the case of physical access, a bring-your-own-network element may be included to evade detection. See all exfiltration payloads.
This payload is for OMG — a platform built for covert field-use with features that enhance remote execution, stealth and forensics evasion, all while being able to quickly change your tooling on the fly.