Merge branch 'master' into fix_python_test

2021-11-15 09:55:08 -07:00
parent 6fd073f2b0 c75738380e
commit 74bc0631de
7 changed files with 47 additions and 1 deletions
@@ -839,6 +839,7 @@ discovery,T1007,System Service Discovery,1,System Service Discovery,89676ba1-b1f
 discovery,T1007,System Service Discovery,2,System Service Discovery - net.exe,5f864a3f-8ce9-45c0-812c-bdf7d8aeacc3,command_prompt
 discovery,T1124,System Time Discovery,1,System Time Discovery,20aba24b-e61f-4b26-b4ce-4784f763ca20,command_prompt
 discovery,T1124,System Time Discovery,2,System Time Discovery - PowerShell,1d5711d6-655c-4a47-ae9c-6503c74fa877,powershell
+discovery,T1124,System Time Discovery,3,System Time Discovery in macOS,f449c933-0891-407f-821e-7916a21a1a6f,sh
 execution,T1059.002,AppleScript,1,AppleScript,3600d97d-81b9-4171-ab96-e4386506e2c2,sh
 execution,T1053.001,At (Linux),1,At - Schedule a job,7266d898-ac82-4ec0-97c7-436075d0d08e,sh
 execution,T1053.002,At (Windows),1,At.exe Scheduled task,4a6c0dc4-0f2a-4203-9298-a5a9bdc21ed8,command_prompt
@@ -1366,6 +1366,7 @@
 - [T1124 System Time Discovery](../../T1124/T1124.md)
  - Atomic Test #1: System Time Discovery [windows]
  - Atomic Test #2: System Time Discovery - PowerShell [windows]
+  - Atomic Test #3: System Time Discovery in macOS [macos]
 - T1497.003 Time Based Evasion [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1497.002 User Activity Based Checks [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1497 Virtualization/Sandbox Evasion [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
@@ -56810,6 +56810,18 @@ discovery:

 '
        name: powershell
+    - name: System Time Discovery in macOS
+      auto_generated_guid: f449c933-0891-407f-821e-7916a21a1a6f
+      auto_generate_guid: 
+      description: "Identify system time. Upon execution, the local computer system
+        time and timezone will be displayed. \n"
+      supported_platforms:
+      - macos
+      executor:
+        command: 'date
+
+'
+        name: sh
  T1497.003:
    technique:
      id: attack-pattern--4bed873f-0b7d-41d4-b93a-b6905d1f90b0
@@ -12,6 +12,8 @@ This information could be useful for performing other techniques, such as execut

 - [Atomic Test #2 - System Time Discovery - PowerShell](#atomic-test-2---system-time-discovery---powershell)

+- [Atomic Test #3 - System Time Discovery in macOS](#atomic-test-3---system-time-discovery-in-macos)
+

 <br/>

@@ -74,4 +76,32 @@ Get-Date



+<br/>
+<br/>
+
+## Atomic Test #3 - System Time Discovery in macOS
+Identify system time. Upon execution, the local computer system time and timezone will be displayed.
+
+**Supported Platforms:** macOS
+
+
+**auto_generated_guid:** f449c933-0891-407f-821e-7916a21a1a6f
+
+
+
+
+
+
+#### Attack Commands: Run with `sh`! 
+
+
+```sh
+date
+```
+
+
+
+
+
+
 <br/>
@@ -28,6 +28,7 @@ atomic_tests:
      Get-Date
    name: powershell
 - name: System Time Discovery in macOS
+  auto_generated_guid: f449c933-0891-407f-821e-7916a21a1a6f
  auto_generate_guid:
  description: |
    Identify system time. Upon execution, the local computer system time and timezone will be displayed. 
@@ -816,3 +816,4 @@ e6f4affd-d826-4871-9a62-6c9004b8fe06
 5568a8f4-a8b1-4c40-9399-4969b642f122
 8906c5d0-3ee5-4f63-897a-f6cafd3fdbb7
 635c9a38-6cbf-47dc-8615-3810bc1167cf
+f449c933-0891-407f-821e-7916a21a1a6f