From 5ea7cb30107d6df8b08217f1a51b48ea8e14efd3 Mon Sep 17 00:00:00 2001 From: Atomic Red Team doc generator Date: Thu, 22 Sep 2022 22:37:42 +0000 Subject: [PATCH] Generated docs from job=generate-docs branch=master [ci skip] --- atomics/Indexes/index.yaml | 11 +++++++++++ atomics/T1016/T1016.md | 13 +++++++++++++ 2 files changed, 24 insertions(+) diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index 73e998eb..a5b323a7 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -84247,6 +84247,17 @@ discovery: description: File that houses list of commands to be executed type: Path default: PathToAtomicsFolder\T1016\src\qakbot.bat + dependency_executor_name: powershell + dependencies: + - description: 'File to copy must exist on disk at specified location (#{recon_commands}) + + ' + prereq_command: 'if (Test-Path #{recon_commands}) {exit 0} else {exit 1} + + ' + get_prereq_command: | + New-Item -Type Directory (split-path #{recon_commands}) -ErrorAction ignore | Out-Null + Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1016/src/qakbot.bat" -OutFile "#{recon_commands}" executor: command: "#{recon_commands}\n" name: command_prompt diff --git a/atomics/T1016/T1016.md b/atomics/T1016/T1016.md index c1b067aa..17a570bf 100644 --- a/atomics/T1016/T1016.md +++ b/atomics/T1016/T1016.md @@ -323,6 +323,19 @@ A list of commands known to be performed by Qakbot for recon purposes +#### Dependencies: Run with `powershell`! +##### Description: File to copy must exist on disk at specified location (#{recon_commands}) +##### Check Prereq Commands: +```powershell +if (Test-Path #{recon_commands}) {exit 0} else {exit 1} +``` +##### Get Prereq Commands: +```powershell +New-Item -Type Directory (split-path #{recon_commands}) -ErrorAction ignore | Out-Null +Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1016/src/qakbot.bat" -OutFile "#{recon_commands}" +``` + +