From 4ab80721acb45fdfb98b30bc6b2e623595cabcdc Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team doc generator <email>
Date: Mon, 19 Jul 2021 21:21:58 +0000
Subject: [PATCH] Generate docs from job=generate_and_commit_guids_and_docs
 branch=master [skip ci]

---
 atomics/Indexes/index.yaml     | 4 ++--
 atomics/T1543.004/T1543.004.md | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 3adf9eda..4f451fdb 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -13588,7 +13588,7 @@ privilege-escalation:
         command: |
           sudo cp #{path_malicious_plist} /Library/LaunchDaemons/#{plist_filename}
           sudo launchctl load -w /Library/LaunchDaemons/#{plist_filename}
-        cleanup: |
+        cleanup_command: |
           sudo launchctl unload /Library/LaunchDaemons/#{plist_filename}
           sudo rm /Library/LaunchDaemons/#{plist_filename}
   T1053.004:
@@ -41610,7 +41610,7 @@ persistence:
         command: |
           sudo cp #{path_malicious_plist} /Library/LaunchDaemons/#{plist_filename}
           sudo launchctl load -w /Library/LaunchDaemons/#{plist_filename}
-        cleanup: |
+        cleanup_command: |
           sudo launchctl unload /Library/LaunchDaemons/#{plist_filename}
           sudo rm /Library/LaunchDaemons/#{plist_filename}
   T1053.004:
diff --git a/atomics/T1543.004/T1543.004.md b/atomics/T1543.004/T1543.004.md
index d3aaeda3..b9992d60 100644
--- a/atomics/T1543.004/T1543.004.md
+++ b/atomics/T1543.004/T1543.004.md
@@ -40,6 +40,11 @@ sudo cp #{path_malicious_plist} /Library/LaunchDaemons/#{plist_filename}
 sudo launchctl load -w /Library/LaunchDaemons/#{plist_filename}
 ```
 
+#### Cleanup Commands:
+```bash
+sudo launchctl unload /Library/LaunchDaemons/#{plist_filename}
+sudo rm /Library/LaunchDaemons/#{plist_filename}
+```