Artifacts
Agent reports new artifacts created on the system or network
Example (user tasking):
Any command is able to reply with its own artifacts that are created along the way. The following response can be returned as a separate C2 message or as part of the command's normal output.
Example (agent response):
Walkthrough:
Agents can report back their own artifacts they create at any time. They just include an artifacts
keyword with an array of the artifacts. There are two components to this:
base_artifact
is the type of base artifact being reported. If this base_artifact type isn't already captured in the "Global Configurations" -> "Artifact Types" page, then thisbase_artifact
value will be created.artifact
is the actual artifact being created. This is a free-form field.
Artifacts created this way will be tracked in Artifacts page (click the fingerprint icon at the top)
Last updated
Was this helpful?