File-Based Attack Options

Compliantly allows so-called file based attacks which allow the administrator to combine a phishing simulation with a malware simulation. The malware simulation can be attached to the mail or inserted into a phishing webpage where it may be downloaded by the recipient.

To help protect the computer, mail and web filters in most cases do not allow you to receive files of certain types (such as .exe files) as attachments or within a download, because of their potential for introducing a virus into the computer. Certain mail clients (like Outlook) also block these files by default. So-called Level 1 files (like exe, bat, vbs etc.) cannot be sent in plain form. Otherwise, they will get filtered. Compliantly allows the administrator to archive those files (like *.zip or *.rar files). But also just placing them in an archive is not sufficient in most cases. Therefore, we also offer the administrator the ability to set a password for the archive. This makes it impossible for any filter to analyze the content. If encrypted files are not rejected on a gateway level, this offers the Compliantly admin to ensure that the file-based simulations can be downloaded or attached in the simulation.

Configuration

In order to rename, archive and set a password for a file-based attachment or download you can go to the scenario settings of your specific scenario and then at the bottom you can:

  • Enable archiving of the file
  • Give the archive a custom name
  • Set a password for the archive

Please note that the compression only applies for Level 1 file types (like .exe) and not Level 2 file types (like .docx, .mp3 etc).

Change the file name of the executable or word file

You can change the file name of the executable or word file by:

1) Downloading the original file within the generic file-based template section and locally rename it to the desired file name
2) Deleting the original file name on Compliantly by clicking on “X” (e.g. delete “file.exe”)
3) Uploading the file with the modified file name

Change the layout of the word file

You can change the layout of the word file by:

1) Downloading the original word file within the generic file-based template section and locally change the design to the desired layout
2) Deleting the original file name on Compliantly by clicking on “X” (e.g. delete “info.doc”)
3) Uploading the file with the modified file name
4) Use the word modified word file in your campaign

Change the file type (e.g. use excel instead of word)

You can change the file type by simply copying the macro from the word file to the desired file format (e.g. Excel) and upload it back to Compliantly as a generic file template.

Change the file icon

If you want to change the icon of the executable, you need to manually do that using a free tool (e.g. http://www.angusj.com/resourcehacker/, https://github.com/electron/rcedit/releases, http://winrun4j.sourceforge.net/ etc.). Those tools allow you to download the *.exe, set a custom icon and then download it back to Compliantly.

Issues with files that get filtered by AV or any other security software

Our malware simulations are non-malicious and are intended only for educational use. We can ensure that they are non-persistent (run only in memory) and free of any malicious code. Still, we have noticed in the past that AV vendors or content filter added virus signatures for certain file based simulations from Compliantly. We are working together with those vendors to remove them from their signature lists, but we cannot guarantee that all products are covered.