Generate docs from job=validate_atomics_generate_docs branch=master

atomics/Indexes/Indexes-CSV/index.csv

@@ -418,6 +418,7 @@ defense-evasion,T1070.006,Timestomp,8,Windows - Timestomp a File,d7512c33-3a75-4
 defense-evasion,T1222.001,Windows File and Directory Permissions Modification,1,Take ownership using takeown utility,98d34bb4-6e75-42ad-9c41-1dae7dc6a001,command_prompt
 defense-evasion,T1222.001,Windows File and Directory Permissions Modification,2,cacls - Grant permission to specified user or group recursively,a8206bcc-f282-40a9-a389-05d9c0263485,command_prompt
 defense-evasion,T1222.001,Windows File and Directory Permissions Modification,3,attrib - Remove read-only attribute,bec1e95c-83aa-492e-ab77-60c71bbd21b0,command_prompt
+defense-evasion,T1222.001,Windows File and Directory Permissions Modification,4,Grant Full Access to Entire C:\ Drive for Everyone - Ryuk Ransomware Style,ac7e6118-473d-41ec-9ac0-ef4f1d1ed2f6,powershell
 defense-evasion,T1220,XSL Script Processing,1,MSXSL Bypass using local files,ca23bfb2-023f-49c5-8802-e66997de462d,command_prompt
 defense-evasion,T1220,XSL Script Processing,2,MSXSL Bypass using remote files,a7c3ab07-52fb-49c8-ab6d-e9c6d4a0a985,command_prompt
 defense-evasion,T1220,XSL Script Processing,3,WMIC bypass using local XSL file,1b237334-3e21-4a0c-8178-b8c996124988,command_prompt

atomics/Indexes/Indexes-CSV/windows-index.csv

@@ -192,6 +192,7 @@ defense-evasion,T1070.006,Timestomp,8,Windows - Timestomp a File,d7512c33-3a75-4
 defense-evasion,T1222.001,Windows File and Directory Permissions Modification,1,Take ownership using takeown utility,98d34bb4-6e75-42ad-9c41-1dae7dc6a001,command_prompt
 defense-evasion,T1222.001,Windows File and Directory Permissions Modification,2,cacls - Grant permission to specified user or group recursively,a8206bcc-f282-40a9-a389-05d9c0263485,command_prompt
 defense-evasion,T1222.001,Windows File and Directory Permissions Modification,3,attrib - Remove read-only attribute,bec1e95c-83aa-492e-ab77-60c71bbd21b0,command_prompt
+defense-evasion,T1222.001,Windows File and Directory Permissions Modification,4,Grant Full Access to Entire C:\ Drive for Everyone - Ryuk Ransomware Style,ac7e6118-473d-41ec-9ac0-ef4f1d1ed2f6,powershell
 defense-evasion,T1220,XSL Script Processing,1,MSXSL Bypass using local files,ca23bfb2-023f-49c5-8802-e66997de462d,command_prompt
 defense-evasion,T1220,XSL Script Processing,2,MSXSL Bypass using remote files,a7c3ab07-52fb-49c8-ab6d-e9c6d4a0a985,command_prompt
 defense-evasion,T1220,XSL Script Processing,3,WMIC bypass using local XSL file,1b237334-3e21-4a0c-8178-b8c996124988,command_prompt

atomics/Indexes/Indexes-Markdown/index.md

@@ -792,6 +792,7 @@
   - Atomic Test #1: Take ownership using takeown utility [windows]
   - Atomic Test #2: cacls - Grant permission to specified user or group recursively [windows]
   - Atomic Test #3: attrib - Remove read-only attribute [windows]
+  - Atomic Test #4: Grant Full Access to Entire C:\ Drive for Everyone - Ryuk Ransomware Style [windows]
 - [T1220 XSL Script Processing](../../T1220/T1220.md)
   - Atomic Test #1: MSXSL Bypass using local files [windows]
   - Atomic Test #2: MSXSL Bypass using remote files [windows]

atomics/Indexes/Indexes-Markdown/windows-index.md

@@ -368,6 +368,7 @@
   - Atomic Test #1: Take ownership using takeown utility [windows]
   - Atomic Test #2: cacls - Grant permission to specified user or group recursively [windows]
   - Atomic Test #3: attrib - Remove read-only attribute [windows]
+  - Atomic Test #4: Grant Full Access to Entire C:\ Drive for Everyone - Ryuk Ransomware Style [windows]
 - [T1220 XSL Script Processing](../../T1220/T1220.md)
   - Atomic Test #1: MSXSL Bypass using local files [windows]
   - Atomic Test #2: MSXSL Bypass using remote files [windows]

atomics/Indexes/index.yaml

@@ -35098,7 +35098,7 @@ defense-evasion:
           default: Everyone
       dependency_executor_name: command_prompt
       dependencies:
-      - description: 'Test requrires a file to modifyto be located at (#{file_or_folder})
+      - description: 'Test requrires a file to modify to be located at (#{file_or_folder})
 
 '
         prereq_command: 'IF EXIST #{file_or_folder} ( EXIT 0 ) ELSE ( EXIT 1 )
@@ -35109,7 +35109,7 @@ defense-evasion:
           echo T1222.001_cacls1 >> #{file_or_folder}\T1222.001_cacls1.txt
           echo T1222.001_cacls2 >> #{file_or_folder}\T1222.001_cacls2.txt
       executor:
-        command: 'Icacls.exe #{file_or_folder} /grant #{user_or_group}:F
+        command: 'icacls.exe #{file_or_folder} /grant #{user_or_group}:F
 
 '
         name: command_prompt
@@ -35144,6 +35144,15 @@ defense-evasion:
 
 '
         name: command_prompt
+    - name: Grant Full Access to Entire C:\ Drive for Everyone - Ryuk Ransomware Style
+      auto_generated_guid: ac7e6118-473d-41ec-9ac0-ef4f1d1ed2f6
+      description: Invokes the command line used by Ryuk Ransomware to grant full
+        access to the entire C:\ drive for Everyone.
+      supported_platforms:
+      - windows
+      executor:
+        command: icacls "C:\*" /grant Everyone:F /T /C /Q
+        name: powershell
   T1220:
     technique:
       id: attack-pattern--ebbe170d-aa74-4946-8511-9921243415a3

atomics/T1222.001/T1222.001.md

@@ -14,6 +14,8 @@ Adversaries can interact with the DACLs using built-in Windows commands, such as
 
 - [Atomic Test #3 - attrib - Remove read-only attribute](#atomic-test-3---attrib---remove-read-only-attribute)
 
+- [Atomic Test #4 - Grant Full Access to Entire C:\ Drive for Everyone - Ryuk Ransomware Style](#atomic-test-4---grant-full-access-to-entire-c-drive-for-everyone---ryuk-ransomware-style)
+
 
 <br/>
 
@@ -82,14 +84,14 @@ will be displayed.
 
 
 ```cmd
-Icacls.exe #{file_or_folder} /grant #{user_or_group}:F
+icacls.exe #{file_or_folder} /grant #{user_or_group}:F
 ```
 
 
 
 
 #### Dependencies:  Run with `command_prompt`!
-##### Description: Test requrires a file to modifyto be located at (#{file_or_folder})
+##### Description: Test requrires a file to modify to be located at (#{file_or_folder})
 ##### Check Prereq Commands:
 ```cmd
 IF EXIST #{file_or_folder} ( EXIT 0 ) ELSE ( EXIT 1 ) 
@@ -150,4 +152,28 @@ attrib.exe +r #{file_or_folder}\T1222.001_attrib2.txt
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #4 - Grant Full Access to Entire C:\ Drive for Everyone - Ryuk Ransomware Style
+Invokes the command line used by Ryuk Ransomware to grant full access to the entire C:\ drive for Everyone.
+
+**Supported Platforms:** Windows
+
+
+
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+icacls "C:\*" /grant Everyone:F /T /C /Q
+```
+
+
+
+
+
+
 <br/>

atomics/T1222.001/T1222.001.yaml

@@ -87,6 +87,7 @@ atomic_tests:
       attrib.exe -r #{file_or_folder}\*.* /s
     name: command_prompt
 - name: 'Grant Full Access to Entire C:\ Drive for Everyone - Ryuk Ransomware Style'
+  auto_generated_guid: ac7e6118-473d-41ec-9ac0-ef4f1d1ed2f6
   description: Invokes the command line used by Ryuk Ransomware to grant full access to the entire C:\ drive for Everyone.
   supported_platforms:
   - windows

atomics/used_guids.txt

@@ -577,3 +577,4 @@ afb5e09e-e385-4dee-9a94-6ee60979d114
 da75ae8d-26d6-4483-b0fe-700e4df4f037
 342cc723-127c-4d3a-8292-9c0c6b4ecadc
 1ac2247f-65f8-4051-b51f-b0ccdfaaa5ff
+ac7e6118-473d-41ec-9ac0-ef4f1d1ed2f6