From 19c71c2a40b7a9a3959ac0c2ea9848c38fcc783d Mon Sep 17 00:00:00 2001 From: Atomic Red Team GUID generator Date: Mon, 2 Oct 2023 20:45:17 +0000 Subject: [PATCH] Generate GUIDs from job=generate-docs branch=master [skip ci] --- atomics/T1059.003/T1059.003.yaml | 1 + atomics/T1548.002/T1548.002.yaml | 1 + atomics/used_guids.txt | 2 ++ 3 files changed, 4 insertions(+) diff --git a/atomics/T1059.003/T1059.003.yaml b/atomics/T1059.003/T1059.003.yaml index 13680981..c5cd975a 100644 --- a/atomics/T1059.003/T1059.003.yaml +++ b/atomics/T1059.003/T1059.003.yaml @@ -131,6 +131,7 @@ atomic_tests: elevation_required: false - name: Command prompt writing script to file then executes it + auto_generated_guid: 00682c9f-7df4-4df8-950b-6dcaaa3ad9af description: |2- Simulate DarkGate malware's second stage by writing a VBscript to disk directly from the command prompt then executing it. The script will execute 'whoami' then exit. diff --git a/atomics/T1548.002/T1548.002.yaml b/atomics/T1548.002/T1548.002.yaml index 6c77003b..ffb07020 100644 --- a/atomics/T1548.002/T1548.002.yaml +++ b/atomics/T1548.002/T1548.002.yaml @@ -653,6 +653,7 @@ atomic_tests: Remove-Item #{commandpath} -Recurse -Force name: powershell - name: Disable UAC - Switch to the secure desktop when prompting for elevation via registry key + auto_generated_guid: 85f3a526-4cfa-4fe7-98c1-dea99be025c7 description: | User Account Control (UAC) is a security mechanism for limiting the elevation of privileges, including administrative accounts, unless authorized. This setting ensures that the elevation prompt is only used in secure desktop mode. diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt index 8c3d1100..7da78678 100644 --- a/atomics/used_guids.txt +++ b/atomics/used_guids.txt @@ -1396,3 +1396,5 @@ ab76e34f-28bf-441f-a39c-8db4835b89cc 96e86706-6afd-45b6-95d6-108d23eaf2e9 96be6002-9200-47db-94cb-c3e27de1cb36 f2f91612-d904-49d7-87c2-6c165d23bead +00682c9f-7df4-4df8-950b-6dcaaa3ad9af +85f3a526-4cfa-4fe7-98c1-dea99be025c7