LUCY can create a phishing campaign that simulates an attack using a malicious Word document file with a macro. The custom Macro with the according campaign settings is compiled during the campaign. Therefore each Word file for each recipient will have different settings.
LUCY comes with multiple Macro simulations:
Please note, that those are only two samples. You can create your own template. Please check the tutorial at the bottom of this page.
Create a client or choose the built in client (a client can be your own organization or the company who asked you to perform a phishing test). This is important because you can also create view only accounts which are associated with those clients.
New clients can be created under “clients”. In LUCY v. 2.5 and higher this is created under settings/clients.
You may either continue with the Expert Setup, the Setup Wizard or a Start with predefined campaign Template (called sample campaign in LUCY < 3.0) configuration. We recommend using the Setup Wizard when used for the first time. Another optional is to set a Benchmark for a campaign.
Sometimes a remote Firewall, Spam filter or Virus Filter might automatically scan all the URL's within a link. As a result you end up with false positives and LUCY will show all link clicked (success). To avoid such automatic link requests by some 3rd party application you can enable the antivirus/firewall protection and LUCY will ignore all GET requests for the first 30 or 60 seconds:
Now you need to select one or multiple phishing scenarios that supports Macro's (make sure you have downloaded all the latest scenarios first). Please check out what different scenario types are available. A Macro attack is a file based attack simulation. Therefore, you can only use the following template types:
Most templates will enable you to place the Macro on a landing page from where it can be downloaded. If you only want to send the file as a mail attachment without involving a landing page you can choose the file based scenario “Financial Bonus (Word Macro in email Attachment)”:
This is an email only template that will send the users an email with a Word document file attachment that contains a macro. The macro has the ability to execute a list of harmless commands (e.g. “whoami”) and send the output back to LUCY using the built in browser (HTTP). The commands can be configured with the email settings. You may also leave a copy of the output on the Desktop of the user (a text file called lucy_results.txt). If you don't wish to leave any traces, you can select “Delete Temporary File” in the Macro options. Please note: at the bottom drop down menu you can still switch between the different file templates and have the ability to pick a different Macro simulation (e.g. “POST ONLY”, which most likely will generate less alerts on a possible AV solution).
For this tutorial, as an example, we select the Mixed Template “Confirmation Social Media Profile ”, where the user will be asked to download a CV that contains a Macro.
Note: If you attach a Office file to an email there is a much higher chance it will get filtered opposite to campaigns, where the Office File has to be downloaded from a web page. The “POST ONLY” Macro has the highest chance of not getting filtered as it is not accessing the local file system from the tested target.
Once you have selected the scenario, you need to configure the Base Settings of the campaign. First give your campaign a name and then choose how your recipients will be able to access LUCY by defining the Domain. Finding the appropriate domain name is a very important step for the success and it depends very much on your campaign scenario. If you plan to create a fake web mail login you might try to reserve a domain like “webmail-server365.com” and point it to LUCY.
There a few Optional Settings that you can apply within the Base Settings. Lucy comes with certain Default Settings. You can change these setting as you like. The settings are:
After saving the Base Settings, you can now Edit the Landing Page, Upload Your Own Webpage or simply copy any website on the internet. The Landing Page is the webpage that the users will see when they click on the link in the email they receive. First select the drop-down menu at the top the page where you want to edit. Please note that the same landing page may be available in different languages. So make sure you edit the correct language.
As we want to include a download to a Macro we need to make sure the Macro is selected at the bottom of the configuration page. This drop down menu will tell LUCY what malware simulation should be attached to the download bottom on this page:
If you save the landing page with the settings displayed in the screenshot above LUCY will create a Word file for each user which can be downloaded from the phishing simulation.
It’s time to setup email communication (if you want you can also use SMS as an alternative). Choose your sender's name, email address and subject. Please also choose the language for each group. If you configured an English landing page, then select English also within that recipient group. If you have different groups with different languages within your company you can simply create a group and select a language for each recipient. LUCY then will direct each user to an individual landing page that matches that language. Please read the Mail Settings Chapter for more configuration options.
Note: The most common reason for emails not arriving at your Recipient's Inbox are SPAM filters. When using a known email domain (e.g. firstname.lastname@example.org) or a non-existing email domain (e.g. email@example.com) your email might get deleted by SPAM filters. Some public email providers (like Gmail, Hotmail, etc.) are very restrictive concerning possible SPAM emails and might not even forward emails to your Recipient's SPAM folder (based on the emails SPAM reputation). To verify this you can use LUCY's built in SPAM Checker.
You need to create the Recipients List in the Menu item “Recipients”.
This is the list of users that will get the phishing emails. You can add them manually, import a file with all your recipients or even search them on the internet. Once you have created that group, you can select it in your campaign and map them to a specific scenario. You can also define if they should be used only for the Landing Page link, the Awareness site link (e-learning) or both.
Please read the Recipients Settings Chapter for more configuration options.
If you want, you can create a schedule to run the campaign using a delay or customized time delays between campaign phases. If you are new to the system, we'd recommend that you go with the Default Timing Settings and skip this step. Please read the Schedule Settings Chapter for more configuration options.
There is the option to have LUCY automatically send some e-learning content to all users or only users who have failed the phishing test. This configuration setting is part of an Separate Chapter (E-learning). If you want the users to get an e-mail with a link to the awareness content, you need make sure that in “STEP 7 - Configure Basic Settings” the checkbox “Send Link to Awareness Website Automatically” is selected and you configured an awareness template (mail and optional landing page). It is also important that you define what you consider as an successful attack because only those who have been successfully tested will receive the mail. If you don't want the e-learning content to be delivered via mail you can also redirect the user directly to a landing page with the awareness content.
Now you are ready to start. Although we recommend performing a test run with a single recipient before you start attacking all users, additionally it is a good idea to use the LUCY SPAM Checker. Just click “Real Attack” and LUCY will test your settings before starting the campaign. If you want to skip the checks, press “Skip Checks”. Your first recipients should receive the emails within seconds. Please read the Start Campaign Settings Page for more configuration options. If you experience any problems with starting/running your campaign, please Consult the Troubleshoot Section first.
The progress of the campaign can always be monitored in Real-Time. Click “Statistics” within your campaign. Please read the Statistics Chapter for more configuration options.
You will be able to track if the macro has been activated if you enabled the success action as “file data receive”. The actual output of the macro's can be found within the campaign under statistics/collected data.
Once you have finished the campaign, you may create different types of reports (PDF, HTML or raw export). Please read the Creating Reports Chapter for more configuration options.
You can create your own template in two ways:
Example: create a copy of an existing template Lets say you want to create a new macro template based on the existing template “info.doc” (POST only) called mydocument.doc, you need to go through the following steps:
Example: create a new template from scratch You can create your own file based macro templates using any MS office file (ppt, doc, xls…):
See attached the macro template you can use for new macro projects
Existing Macro Templates are more focused on Windows systems. If you want to attack Mac OS system, please use this file.