version: 20140930
id: HT-2012-002
name: Executable Document
category: :social
output: zip
format:
- pdf
- jpg
- rtf
platform: osx
exec: ruby fakedoc.rb "%AGENT%" "%OUTPUT%" "%FILENAME%" "%FILE%" %COMBO%
embed: true
params:
  file: Document
  combo:
  - .PDF|pdf
  - .RTF|rtf
  - .JPG|jpg
description: "<br><b>Output:</b> APP file<br><br><b>Note:</b> The resulting APP file pretends to be the selected document.<br>This attack is effective if the target system is configured to not show file-extensions.<br><br><b>Platform:</b> OSX<br><br><b>Tested with:</b><br>OSX 10.5.x/10.6.x/10.7.x"

.