Try it using Invoke-Atomic

Clipboard Data

Description from ATT&CK

Adversaries may collect data stored in the clipboard from users copying information within or between applications.

In Windows, Applications can access clipboard data by using the Windows API.(Citation: MSDN Clipboard) OSX provides a native command, <code>pbpaste</code>, to grab clipboard contents.(Citation: Operating with EmPyre) https://www.aleksandrhovhannisyan.com/blog/how-to-add-a-copy-to-clipboard-button-to-your-jekyll-blog/

Atomic Tests

Atomic Test #1 - Utilize Clipboard to store or execute commands from

Add data to clipboard to copy off or execute commands from.

Supported Platforms: windows

auto_generated_guid: 0cd14633-58d4-4422-9ede-daa2c9474ae7

Inputs:

None

Attack Commands: Run with command_prompt!

1
2
3
4
dir | clip
echo "T1115" > %temp%\T1115.txt
clip < %temp%\T1115.txt

Cleanup Commands:

1
2
del %temp%\T1115.txt >nul 2>&1

Atomic Test #2 - Execute Commands from Clipboard using PowerShell

Utilize PowerShell to echo a command to clipboard and execute it

Supported Platforms: windows

auto_generated_guid: d6dc21af-bec9-4152-be86-326b6babd416

Inputs:

None

Attack Commands: Run with powershell!

1
2
3
echo Get-Process | clip
Get-Clipboard | iex

Atomic Test #3 - Execute commands from clipboard

Echo a command to clipboard and execute it

Supported Platforms: macos

auto_generated_guid: 1ac2247f-65f8-4051-b51f-b0ccdfaaa5ff

Inputs:

None

Attack Commands: Run with bash!

1
2
echo ifconfig | pbcopy
$(pbpaste)

source