Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jmousqueton/badware
Ransomware for demonstration
https://github.com/jmousqueton/badware
csirt demo malware powershell ransomware redteam
Last synced: 4 days ago
JSON representation
Ransomware for demonstration
- Host: GitHub
- URL: https://github.com/jmousqueton/badware
- Owner: JMousqueton
- License: apache-2.0
- Created: 2021-07-07T17:46:25.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2023-02-28T15:04:07.000Z (over 1 year ago)
- Last Synced: 2024-08-05T17:43:36.413Z (3 months ago)
- Topics: csirt, demo, malware, powershell, ransomware, redteam
- Language: PowerShell
- Homepage:
- Size: 191 KB
- Stars: 13
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# Welcome to BADWARE 👋
![Version](https://img.shields.io/badge/version-3.0-blue.svg?cacheSeconds=2592000)
[![License: Apache 2.0](https://img.shields.io/badge/License-Apache%202.0-yellow.svg)](https://github.com/JMousqueton/Badware/blob/main/LICENSE)
[![Twitter: JMousqueton](https://img.shields.io/twitter/follow/JMousqueton.svg?style=social)](https://twitter.com/JMousqueton)> Ransomware Demonstration for Customer Experience Center
## Description
Quick & Dirty ransomware written in Powershell for the purpose of demonstrations at Customer Experience Center.
This Powershell ransomware encrypts files using an X.509 public key certificate generated on the host :)
By Default the ransomware will cenrypt files in the C:\Data folder and save the X.509 public key certificate which is auto-generated in C:\YYYY-MM-DD-HHMM folder
This "ransomware" was inspired by [Phirautee](https://github.com/Viralmaniar/Phirautee)
```
__________ _____ ________ __ __ _____ _____________________
\______ \ / _ \ \______ \ / \ / \/ _ \\______ \_ _____/
| | _/ / /_\ \ | | \ \ \/\/ / /_\ \| _/| __)_
| | \/ | \| \ \ / | \ | \| \
|______ /\____|__ /_______ / \__/\ /\____|__ /____|_ /______JM /
\/ \/ \/ \/ \/ \/ \/ 2.3
[+] Let the carnage begin !!!
[+] Prepating Directory
[+] Init Certificate ...
[+] Init Encryption ...
[!] C:\Data\1.txt is now encrypted
[!] C:\Data\2.txt is now encrypted
[!] C:\Data\3.txt is now encrypted
[!] C:\Data\4.txt is now encrypted
[+] Badware Deployed Successfully...
[+] Cleaning Encryption key ...
[+] Intiating UI...
[+] Creating Badware.txt on Desktop ...
[+] Clean up the mess ...
[+] Exiting and waiting for the money
```- [Changelog](https://github.com/JMousqueton/Badware/blob/main/CHANGELOG.md)
- [Todo](https://github.com/JMousqueton/Badware/blob/main/TODO.md)## Usage
- Simply modifiy variables at the begining of the script
```
# Directory Target to crypt
$TargetEncr = "C:\Data"# At the end load CPU to triggered some behavior alarm
$CPULoad = $false# Delete the script ransomware.ps1
$SelfDestroy = $false# Delete private key after
$DeleteKey = $true# UI
$delay = 60 # Delay to show the UI# Define the DN of the certificate
$CertName = "DEMO RANSOMWARE"
```- Execute the script badware.ps1
## Legal Disclaimer
This project must not be used for illegal purposes or for hacking into system where you do not have permission, it is strictly for educational purposes.
Performing any hack attempts or tests without written permission from the owner of the computer system is illegal.
Badware project must not be used for illegal purposes. It is strictly for educational purposes.## Author
👤 **Julien Mousqueton**
* Website:
* Twitter: [@JMousqueton](https://twitter.com/JMousqueton)
* Github: [@JMousqueton](https://github.com/JMousqueton)
* LinkedIn: [Julien Mousqueton](https://linkedin.com/in/julienmousqueton)## 🤝 Contributing
Contributions, issues and feature requests are welcome!
Feel free to check [issues page](https://github.com/JMousqueton/Badware/issues).
## Show your support
Give a ⭐️ if this project helped you!
## 📝 License
Copyright © 2021-2023 [Julien Mousqueton](https://github.com/JMousqueton).
This project is [Apache 2.0](https://github.com/JMousqueton/Badware/blob/main/LICENSE) licensed.