From 52d472a70cbf7a2fc67d2559750ff3dfe2b3a38c Mon Sep 17 00:00:00 2001 From: CircleCI Atomic Red Team doc generator Date: Tue, 12 Nov 2019 22:09:07 +0000 Subject: [PATCH] Generate docs from job=validate_atomics_generate_docs branch=master --- atomics/T1489/T1489.md | 10 +++++++++- atomics/index.yaml | 8 +++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/atomics/T1489/T1489.md b/atomics/T1489/T1489.md index 65edaacb..7bad1883 100644 --- a/atomics/T1489/T1489.md +++ b/atomics/T1489/T1489.md @@ -32,6 +32,10 @@ sc.exe stop #{service_name} ``` +#### Cleanup Commands: +``` +sc.exe start #{service_name} +```

@@ -53,6 +57,10 @@ net.exe stop #{service_name} ``` +#### Cleanup Commands: +``` +net.exe start #{service_name} +```

@@ -67,7 +75,7 @@ This technique was used by WannaCry. #### Inputs | Name | Description | Type | Default Value | |------|-------------|------|---------------| -| process_name | Name of a process to kill | String | sqlwriter.exe| +| process_name | Name of a process to kill | String | spoolsv.exe| #### Run it with `command_prompt`! ``` diff --git a/atomics/index.yaml b/atomics/index.yaml index 829c5021..a1c16a0f 100644 --- a/atomics/index.yaml +++ b/atomics/index.yaml @@ -14026,6 +14026,9 @@ impact: elevation_required: true command: 'sc.exe stop #{service_name} +' + cleanup_command: 'sc.exe start #{service_name} + ' - name: Windows - Stop service using net.exe description: 'Stops a specified service using the net.exe command. @@ -14043,6 +14046,9 @@ impact: elevation_required: true command: 'net.exe stop #{service_name} +' + cleanup_command: 'net.exe start #{service_name} + ' - name: Windows - Stop service by killing process description: "Stops a specified service killng the service's process. \nThis @@ -14053,7 +14059,7 @@ impact: process_name: description: Name of a process to kill type: String - default: sqlwriter.exe + default: spoolsv.exe executor: name: command_prompt elevation_required: false