diff --git a/atomics/T1531/T1531.md b/atomics/T1531/T1531.md
new file mode 100644
index 000000000..24f63f192
--- /dev/null
+++ b/atomics/T1531/T1531.md
@@ -0,0 +1,65 @@
+# T1531 - Account Access Removal
+## [Description from ATT&CK](https://attack.mitre.org/wiki/Technique/T1531)
+<blockquote>Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users. Accounts may be deleted, locked, or manipulated (ex: changed credentials) to remove access to accounts.
+
+Adversaries may also subsequently log off and/or reboot boxes to set malicious changes into place.(Citation: CarbonBlack LockerGoga 2019)(Citation: Unit42 LockerGoga 2019)</blockquote>
+
+## Atomic Tests
+
+- [Atomic Test #1 - Change User Password - Windows](#atomic-test-1---change-user-password---windows)
+
+- [Atomic Test #2 - Delete User - Windows](#atomic-test-2---delete-user---windows)
+
+
+<br/>
+
+## Atomic Test #1 - Change User Password - Windows
+Changes the user password to hinder access attempts. Seen in use by LockerGoga.
+
+**Supported Platforms:** Windows
+
+
+#### Inputs
+| Name | Description | Type | Default Value | 
+|------|-------------|------|---------------|
+| user_account | User account whose password will be changed. | string | Administrator|
+| new_password | New password for the specified account. | string | HuHuHUHoHo283283@dJD|
+
+#### Run it with `command_prompt`!  Elevation Required (e.g. root or admin) 
+```
+net.exe user #{user_account} #{new_password}
+```
+
+#### Commands to Check Prerequisites:
+```
+net.exe user #{user_account}
+```
+
+
+<br/>
+<br/>
+
+## Atomic Test #2 - Delete User - Windows
+Deletes a user account to prevent access.
+
+**Supported Platforms:** Windows
+
+
+#### Inputs
+| Name | Description | Type | Default Value | 
+|------|-------------|------|---------------|
+| user_account | User account to be deleted. | string | AtomicUser|
+
+#### Run it with `command_prompt`!  Elevation Required (e.g. root or admin) 
+```
+net.exe user #{user_account} /delete
+```
+
+#### Commands to Check Prerequisites:
+```
+net.exe user #{user_account} /add
+net.exe user #{user_account} P@$$w0rd
+```
+
+
+<br/>
diff --git a/atomics/art_navigator_layer.json b/atomics/art_navigator_layer.json
index 004fdb7c9..3b7d207b5 100644
--- a/atomics/art_navigator_layer.json
+++ b/atomics/art_navigator_layer.json
@@ -1 +1 @@
-{"version":"2.1","name":"Atomic Red Team","description":"Atomic Red Team MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"techniques":[{"techniqueID":"T1002","score":100,"enabled":true},{"techniqueID":"T1003","score":100,"enabled":true},{"techniqueID":"T1004","score":100,"enabled":true},{"techniqueID":"T1005","score":100,"enabled":true},{"techniqueID":"T1007","score":100,"enabled":true},{"techniqueID":"T1009","score":100,"enabled":true},{"techniqueID":"T1010","score":100,"enabled":true},{"techniqueID":"T1012","score":100,"enabled":true},{"techniqueID":"T1014","score":100,"enabled":true},{"techniqueID":"T1015","score":100,"enabled":true},{"techniqueID":"T1016","score":100,"enabled":true},{"techniqueID":"T1018","score":100,"enabled":true},{"techniqueID":"T1022","score":100,"enabled":true},{"techniqueID":"T1027","score":100,"enabled":true},{"techniqueID":"T1028","score":100,"enabled":true},{"techniqueID":"T1030","score":100,"enabled":true},{"techniqueID":"T1031","score":100,"enabled":true},{"techniqueID":"T1033","score":100,"enabled":true},{"techniqueID":"T1035","score":100,"enabled":true},{"techniqueID":"T1036","score":100,"enabled":true},{"techniqueID":"T1037","score":100,"enabled":true},{"techniqueID":"T1038","score":100,"enabled":true},{"techniqueID":"T1040","score":100,"enabled":true},{"techniqueID":"T1042","score":100,"enabled":true},{"techniqueID":"T1046","score":100,"enabled":true},{"techniqueID":"T1047","score":100,"enabled":true},{"techniqueID":"T1048","score":100,"enabled":true},{"techniqueID":"T1049","score":100,"enabled":true},{"techniqueID":"T1050","score":100,"enabled":true},{"techniqueID":"T1053","score":100,"enabled":true},{"techniqueID":"T1055","score":100,"enabled":true},{"techniqueID":"T1056","score":100,"enabled":true},{"techniqueID":"T1057","score":100,"enabled":true},{"techniqueID":"T1059","score":100,"enabled":true},{"techniqueID":"T1060","score":100,"enabled":true},{"techniqueID":"T1062","score":100,"enabled":true},{"techniqueID":"T1063","score":100,"enabled":true},{"techniqueID":"T1064","score":100,"enabled":true},{"techniqueID":"T1065","score":100,"enabled":true},{"techniqueID":"T1069","score":100,"enabled":true},{"techniqueID":"T1070","score":100,"enabled":true},{"techniqueID":"T1071","score":100,"enabled":true},{"techniqueID":"T1074","score":100,"enabled":true},{"techniqueID":"T1075","score":100,"enabled":true},{"techniqueID":"T1076","score":100,"enabled":true},{"techniqueID":"T1077","score":100,"enabled":true},{"techniqueID":"T1081","score":100,"enabled":true},{"techniqueID":"T1082","score":100,"enabled":true},{"techniqueID":"T1083","score":100,"enabled":true},{"techniqueID":"T1084","score":100,"enabled":true},{"techniqueID":"T1085","score":100,"enabled":true},{"techniqueID":"T1086","score":100,"enabled":true},{"techniqueID":"T1087","score":100,"enabled":true},{"techniqueID":"T1088","score":100,"enabled":true},{"techniqueID":"T1089","score":100,"enabled":true},{"techniqueID":"T1090","score":100,"enabled":true},{"techniqueID":"T1096","score":100,"enabled":true},{"techniqueID":"T1097","score":100,"enabled":true},{"techniqueID":"T1098","score":100,"enabled":true},{"techniqueID":"T1099","score":100,"enabled":true},{"techniqueID":"T1100","score":100,"enabled":true},{"techniqueID":"T1101","score":100,"enabled":true},{"techniqueID":"T1103","score":100,"enabled":true},{"techniqueID":"T1105","score":100,"enabled":true},{"techniqueID":"T1107","score":100,"enabled":true},{"techniqueID":"T1110","score":100,"enabled":true},{"techniqueID":"T1112","score":100,"enabled":true},{"techniqueID":"T1113","score":100,"enabled":true},{"techniqueID":"T1114","score":100,"enabled":true},{"techniqueID":"T1115","score":100,"enabled":true},{"techniqueID":"T1117","score":100,"enabled":true},{"techniqueID":"T1118","score":100,"enabled":true},{"techniqueID":"T1119","score":100,"enabled":true},{"techniqueID":"T1121","score":100,"enabled":true},{"techniqueID":"T1122","score":100,"enabled":true},{"techniqueID":"T1123","score":100,"enabled":true},{"techniqueID":"T1124","score":100,"enabled":true},{"techniqueID":"T1126","score":100,"enabled":true},{"techniqueID":"T1127","score":100,"enabled":true},{"techniqueID":"T1128","score":100,"enabled":true},{"techniqueID":"T1130","score":100,"enabled":true},{"techniqueID":"T1132","score":100,"enabled":true},{"techniqueID":"T1134","score":100,"enabled":true},{"techniqueID":"T1135","score":100,"enabled":true},{"techniqueID":"T1136","score":100,"enabled":true},{"techniqueID":"T1137","score":100,"enabled":true},{"techniqueID":"T1138","score":100,"enabled":true},{"techniqueID":"T1139","score":100,"enabled":true},{"techniqueID":"T1140","score":100,"enabled":true},{"techniqueID":"T1141","score":100,"enabled":true},{"techniqueID":"T1142","score":100,"enabled":true},{"techniqueID":"T1144","score":100,"enabled":true},{"techniqueID":"T1145","score":100,"enabled":true},{"techniqueID":"T1146","score":100,"enabled":true},{"techniqueID":"T1147","score":100,"enabled":true},{"techniqueID":"T1148","score":100,"enabled":true},{"techniqueID":"T1150","score":100,"enabled":true},{"techniqueID":"T1151","score":100,"enabled":true},{"techniqueID":"T1152","score":100,"enabled":true},{"techniqueID":"T1153","score":100,"enabled":true},{"techniqueID":"T1154","score":100,"enabled":true},{"techniqueID":"T1155","score":100,"enabled":true},{"techniqueID":"T1156","score":100,"enabled":true},{"techniqueID":"T1158","score":100,"enabled":true},{"techniqueID":"T1159","score":100,"enabled":true},{"techniqueID":"T1160","score":100,"enabled":true},{"techniqueID":"T1163","score":100,"enabled":true},{"techniqueID":"T1164","score":100,"enabled":true},{"techniqueID":"T1165","score":100,"enabled":true},{"techniqueID":"T1166","score":100,"enabled":true},{"techniqueID":"T1168","score":100,"enabled":true},{"techniqueID":"T1169","score":100,"enabled":true},{"techniqueID":"T1170","score":100,"enabled":true},{"techniqueID":"T1173","score":100,"enabled":true},{"techniqueID":"T1174","score":100,"enabled":true},{"techniqueID":"T1176","score":100,"enabled":true},{"techniqueID":"T1179","score":100,"enabled":true},{"techniqueID":"T1180","score":100,"enabled":true},{"techniqueID":"T1183","score":100,"enabled":true},{"techniqueID":"T1191","score":100,"enabled":true},{"techniqueID":"T1193","score":100,"enabled":true},{"techniqueID":"T1196","score":100,"enabled":true},{"techniqueID":"T1197","score":100,"enabled":true},{"techniqueID":"T1201","score":100,"enabled":true},{"techniqueID":"T1202","score":100,"enabled":true},{"techniqueID":"T1206","score":100,"enabled":true},{"techniqueID":"T1207","score":100,"enabled":true},{"techniqueID":"T1214","score":100,"enabled":true},{"techniqueID":"T1215","score":100,"enabled":true},{"techniqueID":"T1216","score":100,"enabled":true},{"techniqueID":"T1217","score":100,"enabled":true},{"techniqueID":"T1218","score":100,"enabled":true},{"techniqueID":"T1220","score":100,"enabled":true},{"techniqueID":"T1222","score":100,"enabled":true},{"techniqueID":"T1223","score":100,"enabled":true},{"techniqueID":"T1482","score":100,"enabled":true},{"techniqueID":"T1485","score":100,"enabled":true},{"techniqueID":"T1489","score":100,"enabled":true},{"techniqueID":"T1490","score":100,"enabled":true},{"techniqueID":"T1496","score":100,"enabled":true},{"techniqueID":"T1501","score":100,"enabled":true},{"techniqueID":"T1529","score":100,"enabled":true}]}
\ No newline at end of file
+{"version":"2.1","name":"Atomic Red Team","description":"Atomic Red Team MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"techniques":[{"techniqueID":"T1002","score":100,"enabled":true},{"techniqueID":"T1003","score":100,"enabled":true},{"techniqueID":"T1004","score":100,"enabled":true},{"techniqueID":"T1005","score":100,"enabled":true},{"techniqueID":"T1007","score":100,"enabled":true},{"techniqueID":"T1009","score":100,"enabled":true},{"techniqueID":"T1010","score":100,"enabled":true},{"techniqueID":"T1012","score":100,"enabled":true},{"techniqueID":"T1014","score":100,"enabled":true},{"techniqueID":"T1015","score":100,"enabled":true},{"techniqueID":"T1016","score":100,"enabled":true},{"techniqueID":"T1018","score":100,"enabled":true},{"techniqueID":"T1022","score":100,"enabled":true},{"techniqueID":"T1027","score":100,"enabled":true},{"techniqueID":"T1028","score":100,"enabled":true},{"techniqueID":"T1030","score":100,"enabled":true},{"techniqueID":"T1031","score":100,"enabled":true},{"techniqueID":"T1033","score":100,"enabled":true},{"techniqueID":"T1035","score":100,"enabled":true},{"techniqueID":"T1036","score":100,"enabled":true},{"techniqueID":"T1037","score":100,"enabled":true},{"techniqueID":"T1038","score":100,"enabled":true},{"techniqueID":"T1040","score":100,"enabled":true},{"techniqueID":"T1042","score":100,"enabled":true},{"techniqueID":"T1046","score":100,"enabled":true},{"techniqueID":"T1047","score":100,"enabled":true},{"techniqueID":"T1048","score":100,"enabled":true},{"techniqueID":"T1049","score":100,"enabled":true},{"techniqueID":"T1050","score":100,"enabled":true},{"techniqueID":"T1053","score":100,"enabled":true},{"techniqueID":"T1055","score":100,"enabled":true},{"techniqueID":"T1056","score":100,"enabled":true},{"techniqueID":"T1057","score":100,"enabled":true},{"techniqueID":"T1059","score":100,"enabled":true},{"techniqueID":"T1060","score":100,"enabled":true},{"techniqueID":"T1062","score":100,"enabled":true},{"techniqueID":"T1063","score":100,"enabled":true},{"techniqueID":"T1064","score":100,"enabled":true},{"techniqueID":"T1065","score":100,"enabled":true},{"techniqueID":"T1069","score":100,"enabled":true},{"techniqueID":"T1070","score":100,"enabled":true},{"techniqueID":"T1071","score":100,"enabled":true},{"techniqueID":"T1074","score":100,"enabled":true},{"techniqueID":"T1075","score":100,"enabled":true},{"techniqueID":"T1076","score":100,"enabled":true},{"techniqueID":"T1077","score":100,"enabled":true},{"techniqueID":"T1081","score":100,"enabled":true},{"techniqueID":"T1082","score":100,"enabled":true},{"techniqueID":"T1083","score":100,"enabled":true},{"techniqueID":"T1084","score":100,"enabled":true},{"techniqueID":"T1085","score":100,"enabled":true},{"techniqueID":"T1086","score":100,"enabled":true},{"techniqueID":"T1087","score":100,"enabled":true},{"techniqueID":"T1088","score":100,"enabled":true},{"techniqueID":"T1089","score":100,"enabled":true},{"techniqueID":"T1090","score":100,"enabled":true},{"techniqueID":"T1096","score":100,"enabled":true},{"techniqueID":"T1097","score":100,"enabled":true},{"techniqueID":"T1098","score":100,"enabled":true},{"techniqueID":"T1099","score":100,"enabled":true},{"techniqueID":"T1100","score":100,"enabled":true},{"techniqueID":"T1101","score":100,"enabled":true},{"techniqueID":"T1103","score":100,"enabled":true},{"techniqueID":"T1105","score":100,"enabled":true},{"techniqueID":"T1107","score":100,"enabled":true},{"techniqueID":"T1110","score":100,"enabled":true},{"techniqueID":"T1112","score":100,"enabled":true},{"techniqueID":"T1113","score":100,"enabled":true},{"techniqueID":"T1114","score":100,"enabled":true},{"techniqueID":"T1115","score":100,"enabled":true},{"techniqueID":"T1117","score":100,"enabled":true},{"techniqueID":"T1118","score":100,"enabled":true},{"techniqueID":"T1119","score":100,"enabled":true},{"techniqueID":"T1121","score":100,"enabled":true},{"techniqueID":"T1122","score":100,"enabled":true},{"techniqueID":"T1123","score":100,"enabled":true},{"techniqueID":"T1124","score":100,"enabled":true},{"techniqueID":"T1126","score":100,"enabled":true},{"techniqueID":"T1127","score":100,"enabled":true},{"techniqueID":"T1128","score":100,"enabled":true},{"techniqueID":"T1130","score":100,"enabled":true},{"techniqueID":"T1132","score":100,"enabled":true},{"techniqueID":"T1134","score":100,"enabled":true},{"techniqueID":"T1135","score":100,"enabled":true},{"techniqueID":"T1136","score":100,"enabled":true},{"techniqueID":"T1137","score":100,"enabled":true},{"techniqueID":"T1138","score":100,"enabled":true},{"techniqueID":"T1139","score":100,"enabled":true},{"techniqueID":"T1140","score":100,"enabled":true},{"techniqueID":"T1141","score":100,"enabled":true},{"techniqueID":"T1142","score":100,"enabled":true},{"techniqueID":"T1144","score":100,"enabled":true},{"techniqueID":"T1145","score":100,"enabled":true},{"techniqueID":"T1146","score":100,"enabled":true},{"techniqueID":"T1147","score":100,"enabled":true},{"techniqueID":"T1148","score":100,"enabled":true},{"techniqueID":"T1150","score":100,"enabled":true},{"techniqueID":"T1151","score":100,"enabled":true},{"techniqueID":"T1152","score":100,"enabled":true},{"techniqueID":"T1153","score":100,"enabled":true},{"techniqueID":"T1154","score":100,"enabled":true},{"techniqueID":"T1155","score":100,"enabled":true},{"techniqueID":"T1156","score":100,"enabled":true},{"techniqueID":"T1158","score":100,"enabled":true},{"techniqueID":"T1159","score":100,"enabled":true},{"techniqueID":"T1160","score":100,"enabled":true},{"techniqueID":"T1163","score":100,"enabled":true},{"techniqueID":"T1164","score":100,"enabled":true},{"techniqueID":"T1165","score":100,"enabled":true},{"techniqueID":"T1166","score":100,"enabled":true},{"techniqueID":"T1168","score":100,"enabled":true},{"techniqueID":"T1169","score":100,"enabled":true},{"techniqueID":"T1170","score":100,"enabled":true},{"techniqueID":"T1173","score":100,"enabled":true},{"techniqueID":"T1174","score":100,"enabled":true},{"techniqueID":"T1176","score":100,"enabled":true},{"techniqueID":"T1179","score":100,"enabled":true},{"techniqueID":"T1180","score":100,"enabled":true},{"techniqueID":"T1183","score":100,"enabled":true},{"techniqueID":"T1191","score":100,"enabled":true},{"techniqueID":"T1193","score":100,"enabled":true},{"techniqueID":"T1196","score":100,"enabled":true},{"techniqueID":"T1197","score":100,"enabled":true},{"techniqueID":"T1201","score":100,"enabled":true},{"techniqueID":"T1202","score":100,"enabled":true},{"techniqueID":"T1206","score":100,"enabled":true},{"techniqueID":"T1207","score":100,"enabled":true},{"techniqueID":"T1214","score":100,"enabled":true},{"techniqueID":"T1215","score":100,"enabled":true},{"techniqueID":"T1216","score":100,"enabled":true},{"techniqueID":"T1217","score":100,"enabled":true},{"techniqueID":"T1218","score":100,"enabled":true},{"techniqueID":"T1220","score":100,"enabled":true},{"techniqueID":"T1222","score":100,"enabled":true},{"techniqueID":"T1223","score":100,"enabled":true},{"techniqueID":"T1482","score":100,"enabled":true},{"techniqueID":"T1485","score":100,"enabled":true},{"techniqueID":"T1489","score":100,"enabled":true},{"techniqueID":"T1490","score":100,"enabled":true},{"techniqueID":"T1496","score":100,"enabled":true},{"techniqueID":"T1501","score":100,"enabled":true},{"techniqueID":"T1529","score":100,"enabled":true},{"techniqueID":"T1531","score":100,"enabled":true}]}
\ No newline at end of file
diff --git a/atomics/index.md b/atomics/index.md
index fee86a168..43068d611 100644
--- a/atomics/index.md
+++ b/atomics/index.md
@@ -436,7 +436,9 @@
   - Atomic Test #1: Web Shell Written to Disk [windows]
 
 # impact
-- T1531 Account Access Removal [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
+- [T1531 Account Access Removal](./T1531/T1531.md)
+  - Atomic Test #1: Change User Password - Windows [windows]
+  - Atomic Test #2: Delete User - Windows [windows]
 - [T1485 Data Destruction](./T1485/T1485.md)
   - Atomic Test #1: Windows - Delete Volume Shadow Copies [windows]
   - Atomic Test #2: Windows - Delete Windows Backup Catalog [windows]
diff --git a/atomics/index.yaml b/atomics/index.yaml
index ad9b9a4db..739454665 100644
--- a/atomics/index.yaml
+++ b/atomics/index.yaml
@@ -13019,30 +13019,23 @@ privilege-escalation:
 
 '
 impact:
-  '':
+  T1531:
     technique:
       x_mitre_data_sources:
-      - Packet capture
-      - Network protocol analysis
+      - Windows event logs
+      - Process command-line parameters
+      - Process monitoring
       x_mitre_permissions_required:
       - User
       - Administrator
       - root
       - SYSTEM
-      name: Transmitted Data Manipulation
-      description: "Adversaries may alter data en route to storage or other systems
-        in order to manipulate external outcomes or hide activity.(Citation: FireEye
-        APT38 Oct 2018)(Citation: DOJ Lazarus Sony 2018) By manipulating transmitted
-        data, adversaries may attempt to affect a business process, organizational
-        understanding, and decision making. \n\nManipulation may be possible over
-        a network connection or between system processes where there is an opportunity
-        deploy a tool that will intercept and change information. The type of modification
-        and the impact it will have depends on the target transmission mechanism as
-        well as the goals and objectives of the adversary. For complex systems, an
-        adversary would likely need special expertise and possibly access to specialized
-        software related to the system that would typically be gained through a prolonged
-        information gathering campaign in order to have the desired impact."
-      id: attack-pattern--cc1e737c-236c-4e3b-83ba-32039a626ef8
+      name: Account Access Removal
+      description: |-
+        Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users. Accounts may be deleted, locked, or manipulated (ex: changed credentials) to remove access to accounts.
+
+        Adversaries may also subsequently log off and/or reboot boxes to set malicious changes into place.(Citation: CarbonBlack LockerGoga 2019)(Citation: Unit42 LockerGoga 2019)
+      id: attack-pattern--b24e2a20-3b3d-4bf0-823b-1ed765398fb0
       x_mitre_platforms:
       - Linux
       - macOS
@@ -13051,33 +13044,80 @@ impact:
       - marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168
       x_mitre_version: '1.0'
       x_mitre_impact_type:
-      - Integrity
+      - Availability
       type: attack-pattern
-      x_mitre_detection: Detecting the manipulation of data as at passes over a network
-        can be difficult without the appropriate tools. In some cases integrity verification
-        checks, such as file hashing, may be used on critical files as they transit
-        a network. With some critical processes involving transmission of data, manual
-        or out-of-band integrity checking may be useful for identifying manipulated
-        data.
+      x_mitre_detection: |-
+        Use process monitoring to monitor the execution and command line parameters of binaries involved in deleting accounts or changing passwords, such as use of [Net](https://attack.mitre.org/software/S0039). Windows event logs may also designate activity associated with an adversary's attempt to remove access to an account:
+
+        * Event ID 4723 - An attempt was made to change an account's password
+        * Event ID 4724 - An attempt was made to reset an account's password
+        * Event ID 4726 - A user account was deleted
+        * Event ID 4740 - A user account was locked out
+
+        Alerting on [Net](https://attack.mitre.org/software/S0039) and these Event IDs may generate a high degree of false positives, so compare against baseline knowledge for how systems are typically used and correlate modification events with other indications of malicious activity where possible.
       created_by_ref: identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5
-      created: '2019-04-09T16:08:20.824Z'
+      created: '2019-10-09T18:48:31.906Z'
       kill_chain_phases:
       - kill_chain_name: mitre-attack
         phase_name: impact
       external_references:
-      - source_name: mitre-attack
-        external_id: T1493
-        url: https://attack.mitre.org/techniques/T1493
-      - source_name: FireEye APT38 Oct 2018
-        description: 'FireEye. (2018, October 03). APT38: Un-usual Suspects. Retrieved
-          November 6, 2018.'
-        url: https://content.fireeye.com/apt/rpt-apt38
-      - description: Department of Justice. (2018, September 6). Criminal Complaint
-          - United States of America v. PARK JIN HYOK. Retrieved March 29, 2019.
-        source_name: DOJ Lazarus Sony 2018
-        url: https://www.justice.gov/opa/press-release/file/1092091/download
-      modified: '2019-06-20T16:56:29.277Z'
-    atomic_tests: []
+      - external_id: T1531
+        source_name: mitre-attack
+        url: https://attack.mitre.org/techniques/T1531
+      - source_name: CarbonBlack LockerGoga 2019
+        description: CarbonBlack Threat Analysis Unit. (2019, March 22). TAU Threat
+          Intelligence Notification – LockerGoga Ransomware. Retrieved April 16, 2019.
+        url: https://www.carbonblack.com/2019/03/22/tau-threat-intelligence-notification-lockergoga-ransomware/
+      - description: Harbison, M.. (2019, March 26). Born This Way? Origins of LockerGoga.
+          Retrieved April 16, 2019.
+        source_name: Unit42 LockerGoga 2019
+        url: https://unit42.paloaltonetworks.com/born-this-way-origins-of-lockergoga/
+      modified: '2019-10-14T23:29:24.908Z'
+      identifier: T1531
+    atomic_tests:
+    - name: Change User Password - Windows
+      description: 'Changes the user password to hinder access attempts. Seen in use
+        by LockerGoga.
+
+'
+      supported_platforms:
+      - windows
+      input_arguments:
+        user_account:
+          description: User account whose password will be changed.
+          type: string
+          default: Administrator
+        new_password:
+          description: New password for the specified account.
+          type: string
+          default: HuHuHUHoHo283283@dJD
+      executor:
+        name: command_prompt
+        elevation_required: true
+        prereq_command: 'net.exe user #{user_account}
+
+'
+        command: 'net.exe user #{user_account} #{new_password}
+
+'
+    - name: Delete User - Windows
+      description: 'Deletes a user account to prevent access.
+
+'
+      supported_platforms:
+      - windows
+      input_arguments:
+        user_account:
+          description: User account to be deleted.
+          type: string
+          default: AtomicUser
+      executor:
+        name: command_prompt
+        elevation_required: true
+        prereq_command: |
+          net.exe user #{user_account} /add
+          net.exe user #{user_account} P@$$w0rd
+        command: 'net.exe user #{user_account} /delete'
   T1485:
     technique:
       x_mitre_data_sources:
@@ -13225,6 +13265,65 @@ impact:
       executor:
         name: bash
         command: dd of=#{file_to_overwrite} if=#{overwrite_source}
+  '':
+    technique:
+      x_mitre_data_sources:
+      - Packet capture
+      - Network protocol analysis
+      x_mitre_permissions_required:
+      - User
+      - Administrator
+      - root
+      - SYSTEM
+      name: Transmitted Data Manipulation
+      description: "Adversaries may alter data en route to storage or other systems
+        in order to manipulate external outcomes or hide activity.(Citation: FireEye
+        APT38 Oct 2018)(Citation: DOJ Lazarus Sony 2018) By manipulating transmitted
+        data, adversaries may attempt to affect a business process, organizational
+        understanding, and decision making. \n\nManipulation may be possible over
+        a network connection or between system processes where there is an opportunity
+        deploy a tool that will intercept and change information. The type of modification
+        and the impact it will have depends on the target transmission mechanism as
+        well as the goals and objectives of the adversary. For complex systems, an
+        adversary would likely need special expertise and possibly access to specialized
+        software related to the system that would typically be gained through a prolonged
+        information gathering campaign in order to have the desired impact."
+      id: attack-pattern--cc1e737c-236c-4e3b-83ba-32039a626ef8
+      x_mitre_platforms:
+      - Linux
+      - macOS
+      - Windows
+      object_marking_refs:
+      - marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168
+      x_mitre_version: '1.0'
+      x_mitre_impact_type:
+      - Integrity
+      type: attack-pattern
+      x_mitre_detection: Detecting the manipulation of data as at passes over a network
+        can be difficult without the appropriate tools. In some cases integrity verification
+        checks, such as file hashing, may be used on critical files as they transit
+        a network. With some critical processes involving transmission of data, manual
+        or out-of-band integrity checking may be useful for identifying manipulated
+        data.
+      created_by_ref: identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5
+      created: '2019-04-09T16:08:20.824Z'
+      kill_chain_phases:
+      - kill_chain_name: mitre-attack
+        phase_name: impact
+      external_references:
+      - source_name: mitre-attack
+        external_id: T1493
+        url: https://attack.mitre.org/techniques/T1493
+      - source_name: FireEye APT38 Oct 2018
+        description: 'FireEye. (2018, October 03). APT38: Un-usual Suspects. Retrieved
+          November 6, 2018.'
+        url: https://content.fireeye.com/apt/rpt-apt38
+      - description: Department of Justice. (2018, September 6). Criminal Complaint
+          - United States of America v. PARK JIN HYOK. Retrieved March 29, 2019.
+        source_name: DOJ Lazarus Sony 2018
+        url: https://www.justice.gov/opa/press-release/file/1092091/download
+      modified: '2019-06-20T16:56:29.277Z'
+    atomic_tests: []
   T1490:
     technique:
       x_mitre_data_sources:
diff --git a/atomics/linux-index.md b/atomics/linux-index.md
index 077bc0c5c..e4dfa1998 100644
--- a/atomics/linux-index.md
+++ b/atomics/linux-index.md
@@ -40,7 +40,7 @@
 - [T1100 Web Shell](./T1100/T1100.md)
 
 # impact
-- T1531 Account Access Removal [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
+- [T1531 Account Access Removal](./T1531/T1531.md)
 - [T1485 Data Destruction](./T1485/T1485.md)
   - Atomic Test #5: macOS/Linux - Overwrite file with DD [centos, linux, macos, ubuntu]
 - T1486 Data Encrypted for Impact [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
diff --git a/atomics/macos-index.md b/atomics/macos-index.md
index 012c5384d..8ac03ba01 100644
--- a/atomics/macos-index.md
+++ b/atomics/macos-index.md
@@ -57,7 +57,7 @@
 - [T1100 Web Shell](./T1100/T1100.md)
 
 # impact
-- T1531 Account Access Removal [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
+- [T1531 Account Access Removal](./T1531/T1531.md)
 - [T1485 Data Destruction](./T1485/T1485.md)
   - Atomic Test #5: macOS/Linux - Overwrite file with DD [centos, linux, macos, ubuntu]
 - T1486 Data Encrypted for Impact [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
diff --git a/atomics/windows-index.md b/atomics/windows-index.md
index 45cc0d8ad..806462c8c 100644
--- a/atomics/windows-index.md
+++ b/atomics/windows-index.md
@@ -295,7 +295,9 @@
   - Atomic Test #3: Winlogon Notify Key Logon Persistence - PowerShell [windows]
 
 # impact
-- T1531 Account Access Removal [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
+- [T1531 Account Access Removal](./T1531/T1531.md)
+  - Atomic Test #1: Change User Password - Windows [windows]
+  - Atomic Test #2: Delete User - Windows [windows]
 - [T1485 Data Destruction](./T1485/T1485.md)
   - Atomic Test #1: Windows - Delete Volume Shadow Copies [windows]
   - Atomic Test #2: Windows - Delete Windows Backup Catalog [windows]