Generated docs from job=generate-docs branch=master [ci skip]

2025-10-04 18:08:25 +00:00
parent b41248c790
commit 149e41f748
13 changed files with 70 additions and 4 deletions
@@ -2,7 +2,7 @@

 # Atomic Red Team

-![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1743-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
+![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1744-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)


 Atomic Red Team™ is a library of tests mapped to the
@@ -2156,6 +2156,7 @@ impact,T1489,Service Stop,4,Linux - Stop service using systemctl,42e3a5bd-1e45-4
 impact,T1489,Service Stop,5,Linux - Stop service by killing process using killall,e5d95be6-02ee-4ff1-aebe-cf86013b6189,sh
 impact,T1489,Service Stop,6,Linux - Stop service by killing process using kill,332f4c76-7e96-41a6-8cc2-7361c49db8be,sh
 impact,T1489,Service Stop,7,Linux - Stop service by killing process using pkill,08b4718f-a8bf-4bb5-a552-294fc5178fea,sh
+impact,T1489,Service Stop,8,Abuse of linux magic system request key for Send a SIGTERM to all processes,6e76f56f-2373-4a6c-a63f-98b7b72761f1,bash
 impact,T1491.001,Defacement: Internal Defacement,1,Replace Desktop Wallpaper,30558d53-9d76-41c4-9267-a7bd5184bed3,powershell
 impact,T1491.001,Defacement: Internal Defacement,2,Configure LegalNoticeCaption and LegalNoticeText registry keys to display ransom message,ffcbfaab-c9ff-470b-928c-f086b326089b,powershell
 impact,T1491.001,Defacement: Internal Defacement,3,ESXi - Change Welcome Message on Direct Console User Interface (DCUI),30905f21-34f3-4504-8b4c-f7a5e314b810,command_prompt
@@ -427,6 +427,7 @@ impact,T1489,Service Stop,4,Linux - Stop service using systemctl,42e3a5bd-1e45-4
 impact,T1489,Service Stop,5,Linux - Stop service by killing process using killall,e5d95be6-02ee-4ff1-aebe-cf86013b6189,sh
 impact,T1489,Service Stop,6,Linux - Stop service by killing process using kill,332f4c76-7e96-41a6-8cc2-7361c49db8be,sh
 impact,T1489,Service Stop,7,Linux - Stop service by killing process using pkill,08b4718f-a8bf-4bb5-a552-294fc5178fea,sh
+impact,T1489,Service Stop,8,Abuse of linux magic system request key for Send a SIGTERM to all processes,6e76f56f-2373-4a6c-a63f-98b7b72761f1,bash
 impact,T1531,Account Access Removal,4,Change User Password via passwd,3c717bf3-2ecc-4d79-8ac8-0bfbf08fbce6,sh
 impact,T1486,Data Encrypted for Impact,1,Encrypt files using gpg (FreeBSD/Linux),7b8ce084-3922-4618-8d22-95f996173765,sh
 impact,T1486,Data Encrypted for Impact,2,Encrypt files using 7z (FreeBSD/Linux),53e6735a-4727-44cc-b35b-237682a151ad,sh
@@ -2989,6 +2989,7 @@
  - Atomic Test #5: Linux - Stop service by killing process using killall [linux]
  - Atomic Test #6: Linux - Stop service by killing process using kill [linux]
  - Atomic Test #7: Linux - Stop service by killing process using pkill [linux]
+  - Atomic Test #8: Abuse of linux magic system request key for Send a SIGTERM to all processes [linux]
 - T1499.004 Application or System Exploitation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1565.003 Runtime Data Manipulation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1498.002 Reflection Amplification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -834,6 +834,7 @@
  - Atomic Test #5: Linux - Stop service by killing process using killall [linux]
  - Atomic Test #6: Linux - Stop service by killing process using kill [linux]
  - Atomic Test #7: Linux - Stop service by killing process using pkill [linux]
+  - Atomic Test #8: Abuse of linux magic system request key for Send a SIGTERM to all processes [linux]
 - T1499.004 Application or System Exploitation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1565.003 Runtime Data Manipulation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1498.002 Reflection Amplification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -120098,6 +120098,21 @@ impact:
          '
        name: sh
        elevation_required: true
+    - name: Abuse of linux magic system request key for Send a SIGTERM to all processes
+      auto_generated_guid: 6e76f56f-2373-4a6c-a63f-98b7b72761f1
+      description: 'Adversaries with root or sufficient privileges Send a SIGTERM
+        to all processes, except for init. By writing ''e'' to /proc/sysrq-trigger,
+        they can forced kill all processes, except for init.
+
+        '
+      supported_platforms:
+      - linux
+      executor:
+        command: 'echo "e" > /proc/sysrq-trigger
+
+          '
+        name: bash
+        elevation_required: true
  T1499.004:
    technique:
      type: attack-pattern
@@ -71080,6 +71080,21 @@ impact:
          '
        name: sh
        elevation_required: true
+    - name: Abuse of linux magic system request key for Send a SIGTERM to all processes
+      auto_generated_guid: 6e76f56f-2373-4a6c-a63f-98b7b72761f1
+      description: 'Adversaries with root or sufficient privileges Send a SIGTERM
+        to all processes, except for init. By writing ''e'' to /proc/sysrq-trigger,
+        they can forced kill all processes, except for init.
+
+        '
+      supported_platforms:
+      - linux
+      executor:
+        command: 'echo "e" > /proc/sysrq-trigger
+
+          '
+        name: bash
+        elevation_required: true
  T1499.004:
    technique:
      type: attack-pattern
@@ -24,6 +24,8 @@ Adversaries may accomplish this by disabling individual services of high importa

 - [Atomic Test #7 - Linux - Stop service by killing process using pkill](#atomic-test-7---linux---stop-service-by-killing-process-using-pkill)

+- [Atomic Test #8 - Abuse of linux magic system request key for Send a SIGTERM to all processes](#atomic-test-8---abuse-of-linux-magic-system-request-key-for-send-a-sigterm-to-all-processes)
+

 <br/>

@@ -299,4 +301,32 @@ sudo systemctl start #{service_name} 2> /dev/null



+<br/>
+<br/>
+
+## Atomic Test #8 - Abuse of linux magic system request key for Send a SIGTERM to all processes
+Adversaries with root or sufficient privileges Send a SIGTERM to all processes, except for init. By writing 'e' to /proc/sysrq-trigger, they can forced kill all processes, except for init.
+
+**Supported Platforms:** Linux
+
+
+**auto_generated_guid:** 6e76f56f-2373-4a6c-a63f-98b7b72761f1
+
+
+
+
+
+
+#### Attack Commands: Run with `bash`!  Elevation Required (e.g. root or admin) 
+
+
+```bash
+echo "e" > /proc/sysrq-trigger
+```
+
+
+
+
+
+
 <br/>
@@ -154,7 +154,7 @@ atomic_tests:
    name: sh
    elevation_required: true
 - name: Abuse of linux magic system request key for Send a SIGTERM to all processes
-  auto_generated_guid:
+  auto_generated_guid: 6e76f56f-2373-4a6c-a63f-98b7b72761f1
  description: |
    Adversaries with root or sufficient privileges Send a SIGTERM to all processes, except for init. By writing 'e' to /proc/sysrq-trigger, they can forced kill all processes, except for init.
  supported_platforms:
@@ -579,4 +579,5 @@ echo "b" > /proc/sysrq-trigger



+
 <br/>
@@ -1766,3 +1766,4 @@ d2a1f4bc-a064-4223-8281-a086dce5423c
 210be7ea-d841-40ec-b3e1-ff610bb62744
 cbb2573a-a6ad-4c87-aef8-6e175598559b
 ac333fe1-ce2b-400b-a117-538634427439
+6e76f56f-2373-4a6c-a63f-98b7b72761f1