File Templates
Last updated
Last updated
This section focuses on how you can utilize our diverse range of customizable File-based templates to conduct simulated phishing campaigns. By incorporating these templates into your training modules, users are exposed to realistic scenarios involving phishing emails with malicious attachments or downloadable links.
The goal is to educate and test users on how to identify and react appropriately to potential security threats. Each template here is tailored to mimic various types of File-based attacks, providing a practical and effective approach to enhancing your organization’s security posture.
Navigate to Templates -> File Templates
This button allows you to remove the selected file from your server.
Select "New" to create a newly created File-based template.
When creating a new file-based attack template in LUCY, several fields and options need to be configured. Here’s a detailed explanation of each option, along with the dropdown selections provided:
When creating a file-based attack template in LUCY, such as the "Ransomware (Screen Locker)" template, you simulate a ransomware attack by locking the user's PC. You can define this template's variables in the settings as follows:
The above example prompts the user to enter a password, as defined in the first variable line. This line allows you to set the actual password needed to unlock the screen, which in this case is "123".
Additionally, in the second variable, you can define the message the user will see when they execute the file. In this case, the message is "YOUR PC IS LOCKED WITH RAN$OMWARE - CALL IT SUPPORT FOR HELP."
See our Ransomware File-based attack in action here.
LUCY allows for the customization of various malware simulations:
| Setting Name | Description | Success Action | Preferable Delivery Method |
|---|---|---|---|
Console Interactive | Establishes a reverse HTTP/HTTPS channel to LUCY upon file execution, visible under “Sessions”. This tool operates solely in memory and supports commands via the Windows shell. | File download | Landing page |
Console Outlook | Executes commands and sends results back via Outlook using MAPI, including retrieving the subject line from the last received email. | File download | Landing page |
Console post | Executes limited command set within the Windows shell and sends output to LUCY. Direct command line access is available for built-in commands. | File download | Landing page |
Console (POST-only) | Pings back to Lucy upon file opening without data collection. | File download/File open | Landing page |
Excel Macros (Various) | Various macros templates that ping back to Lucy without data transfer. Note: For campaign settings, select "Click" as the Success Action for accurate metrics. | Click/File download/File open | Email/Landing page |
Keylogger | Records keystrokes. | File download/Data submit | Email/Landing page |
Macros (Various) | Various macros templates either ping back to Lucy or run specific commands. Supports scenarios with or without data collection. | File download/File open | Email/Landing page |
Malware Testing Toolkit | Checks if the system is susceptible to various malware techniques. | File download/File open | Email/Portable device (USB) |
Microphone | Captures audio via the microphone. | File download/Data submit | Portable device (USB) |
Ransomware (Screen Locker) | Locks the PC screen, requiring a backend-set password for unlocking to simulate a real ransomware attack scenario. | File download/Data submit | Email/Portable device (USB) |
Recent Documents | Retrieves a set number of documents from the recent document cache. | File download/Data submit | Email/Portable device (USB) |
Screen Recorder | Captures screenshots and webcam footage as proof of concept. | File download/Data submit | Email/Portable device (USB) |
SVG (Redirect) | Redirects to a phishing website when the SVG file is opened, without data transfer. | File download/Click/Data submit | Email/Portable device (USB) |
There is a high likelihood of email-delivered files being blocked by mail server security policies. Admins should adjust filters to ensure delivery.
