From 1d37472ced57bfc2e372baabe47293a67b0c50ea Mon Sep 17 00:00:00 2001
From: dwhite9 <daniel.shane.white@gmail.com>
Date: Mon, 30 Dec 2019 09:20:25 -0600
Subject: [PATCH] Replaced the ${atomics_path} input variable with the (#761)

$PathToAtomicsFolder global variable. Removed the input variable block
for simplicity.

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
---
 atomics/T1170/T1170.yaml | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/atomics/T1170/T1170.yaml b/atomics/T1170/T1170.yaml
index 5c77f4cd..5553b760 100644
--- a/atomics/T1170/T1170.yaml
+++ b/atomics/T1170/T1170.yaml
@@ -43,15 +43,10 @@ atomic_tests:
     This attempts to emulate what FIN7 does with this technique which is using mshta.exe to execute VBScript to execute malicious code on victim systems.
   supported_platforms:
     - windows
-  input_arguments:
-    atomics_path:
-      description: path to atomics folder
-      type: path
-      default: ..\..\atomics
   executor:
     name: command_prompt
     command: |
-      mshta vbscript:Execute("CreateObject(""Wscript.Shell"").Run ""powershell -noexit -file #{atomics_path}\T1170\src\powershell.ps1"":close")
+      mshta vbscript:Execute("CreateObject(""Wscript.Shell"").Run ""powershell -noexit -file $PathToAtomicsFolder\T1170\src\powershell.ps1"":close")
 
 - name: Mshta Executes Remote HTML Application (HTA)
   description: |