Payload Catalogue
Browse our library of 800+ payloads and templates for testing email security.
AiTM Payloads
Premium & Enterprise only. AitM phishing uses tooling to act as a proxy between the target and a legitimate login portal for an application. This campaign contains a variety of payloads that can be used to test your defenses against AitM phishing.
All Payloads
This campaign contains all the payloads available to you. Malicious and benign; everything from Office macros, to 'Mark of the Web' bypassing containerised payloads, to threat intel samples. This campaign has it all.
BiTM Payloads
Premium & Enterprise only. BitM phishing is a technique that uses a virtual browser to capture user credentials and session cookies. This campaign contains a variety of payloads that can be used to test your defenses against BitM phishing.
Body Payloads
Phishing isn't just about attachments and links! Threat actors are leveraging the email body to impersonate brands, provide convincing social engineering pretexts, exploit email client vulnerabilities and deliver other malicious content.
Brand Impersonation
This campaign contains examples of brand impersonation used by real-world threat actors. Be that HTML smuggled content with fake file-sharing site backgrounds, or links to backdoored installers for popular messaging applications.
Browser Testing
Premium & Enterprise only. Browser-based attack payloads including AiTM proxying, BiTM virtual browsers, ClickFix social engineering, pastejacking clipboard hijacking, and DragFix drag-and-drop abuse. Use this campaign to test your defenses against the full spectrum of browser-targeting techniques.
Callback Phishing
The telephone isn't dead! Test your defenses against callback phishing using a variety of file formats, including PDFs and images, that display fake invoices from several big-name brands.
Container File Testing
Containers are often used to deliver content that might otherwise be blocked, so use this collection of weaponised ISO, Zip, RAR and 7zip files to test your exposure.
delivr.to's Top 10 Payloads
This campaign contains delivr.to's current top 10 payloads. Highlighting recent trends in threat actor activity and emerging threats, including ICS invites, auth coercion techniques, DragFix and emerging vulnerabilities.
EICAR Testing
This campaign puts mail filter Anti-Virus to the test! An EICAR string - a standardised way to test AV - embedded in a variety of formats, including ‘container’ formats such as ISOs, 7zip files, and password-protected zips.
File Type Testing
A broad range of file types, all benign, designed to give you insight into what file types can reach your mailbox. This includes executable, document, and container file types, and combinations of all 3 (think LNK in a Zip in an ISO 👀)
Health Check
Your one stop shop for testing mail control effectiveness. Includes all the payloads that you wouldn't want to reach your inbox, ranging from EICAR-embedded text documents right through to the latest NOBELIUM sample.
HTML Smuggling
This campaign explores variations of payload delivery via HTML smuggling. Payload formats that would otherwise likely be blocked by mail filtering, e.g. .exe and .ps1, are embedded within HTML files and sent as attachments.
Metasploit Payloads
This campaign includes the default payloads generated by the popular hacking tool, Metasploit. This also includes variations using the built-in 'Shikata Ga Nai' encoder.
OffensiveVBA Office Files
Contains VBA macros from @S3cur3Th1sSh1t's OffensiveVBA collection. 20+ VBA samples including ETW and AMSI Bypasses, PPID Spoofing and sandbox evasion have been adapted and embedded within popular Microsoft Office formats.
Office File Testing
Microsoft Office documents are a common vehicle for malware delivery. This campaign delivers a variety of benign Office formats across Word, PowerPoint, Excel and Access. Know your .xlsbs from your .xlams? Or your .wlls from your .docs?
Office Macro Evasion
Not all Microsoft Office VBA macros are created equal! Test your mail filter capabilities against samples that implement evasion techniques such as VBA Stomping, analysis resistance measures and alternative execution methods that steer clear of the classic AutoOpen.
PDF Links
Several malware families, including QakBot, Bumblebee and IcedId have been delivered via PDF attachments containing links to hosted content. These hosted files range from zipped ISO, LNK, DLL combinations, to script formats such as HTAs.
QR Code Phishing
Emulate the threat actors deploying QR codes to bypass email filters. Contains various file formats with QR-coded links to hosted content such as login portals and executables.
Threat Intel Samples
This campaign emulates the tradecraft seen in real-world, email-based attacks. This includes the threat actor, NOBELIUM's, use of DLL-launching LNKs packed into ISOs, and the commonly-abused use of right-to-left-override (RTLO) Unicode characters to obscure an attachment name.
Unwanted File Types
Contains all the file types that delivr.to recommends most organisations block at the perimeter. It includes the common file types such as .exe, .js and .vbs, along with the weird & wonderful such as .pif and .msc.