diff --git a/CNAME b/CNAME
new file mode 100644
index 00000000..2018f504
--- /dev/null
+++ b/CNAME
@@ -0,0 +1 @@
+atomicredteam.io
\ No newline at end of file
diff --git a/atomics/T1070/T1070.md b/atomics/T1070/T1070.md
index 954d1e05..e9eb7cc0 100644
--- a/atomics/T1070/T1070.md
+++ b/atomics/T1070/T1070.md
@@ -12,7 +12,7 @@ Defense Bypassed: Anti-virus, Log analysis, Host intrusion prevention systems
-## Atomic Test #1 - Clear Logs
+## Atomic Test #1 - Clear Logs
Clear Windows Event Logs
**Supported Platforms:** Windows
@@ -34,7 +34,7 @@ Clear Windows Event Logs
#### Run it with `command_prompt`!
```
-evtutil cl #{log_name}
+wevtutil cl #{log_name}
```
diff --git a/atomics/T1070/T1070.yaml b/atomics/T1070/T1070.yaml
index c9319649..72404c8a 100644
--- a/atomics/T1070/T1070.yaml
+++ b/atomics/T1070/T1070.yaml
@@ -3,7 +3,7 @@ attack_technique: T1070
display_name: Indicator Removal on Host
atomic_tests:
-- name: Clear Logs
+- name: Clear Logs
description: |
Clear Windows Event Logs
supported_platforms:
@@ -16,7 +16,7 @@ atomic_tests:
executor:
name: command_prompt
command: |
- evtutil cl #{log_name}
+ wevtutil cl #{log_name}
- name: FSUtil
description: |
Manages the update sequence number (USN) change journal, which provides a persistent log of all changes made to files on the volume.
diff --git a/atomics/T1170/T1170.md b/atomics/T1170/T1170.md
index dc62bbf0..c2fb1283 100644
--- a/atomics/T1170/T1170.md
+++ b/atomics/T1170/T1170.md
@@ -42,7 +42,7 @@ Test execution of a remote script using mshta.exe
#### Inputs
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
-| file_url | location of the payload | Url | https://www.example.com/mshta.sct|
+| file_url | location of the payload | Url | https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1170/mshta.sct|
#### Run it with `command_prompt`!
```
diff --git a/atomics/T1170/T1170.yaml b/atomics/T1170/T1170.yaml
index 47916540..c2cc3b93 100644
--- a/atomics/T1170/T1170.yaml
+++ b/atomics/T1170/T1170.yaml
@@ -12,7 +12,7 @@ atomic_tests:
file_url:
description: location of the payload
type: Url
- default: https://www.example.com/mshta.sct
+ default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1170/mshta.sct
executor:
name: command_prompt
command: |
diff --git a/atomics/T1170/mshta.sct b/atomics/T1170/mshta.sct
new file mode 100644
index 00000000..a5bf6537
--- /dev/null
+++ b/atomics/T1170/mshta.sct
@@ -0,0 +1,29 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/atomics/index.md b/atomics/index.md
index 2461586f..be80c1b6 100644
--- a/atomics/index.md
+++ b/atomics/index.md
@@ -187,7 +187,7 @@
- [T1054 Indicator Blocking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md)
- [T1066 Indicator Removal from Tools](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md)
- [T1070 Indicator Removal on Host](./T1070/T1070.md)
- - Atomic Test #1: Clear Logs [windows]
+ - Atomic Test #1: Clear Logs [windows]
- Atomic Test #2: FSUtil [windows]
- Atomic Test #3: rm -rf [macos, linux]
- [T1202 Indirect Command Execution](./T1202/T1202.md)
diff --git a/atomics/windows-index.md b/atomics/windows-index.md
index 026a68f6..c4a2187c 100644
--- a/atomics/windows-index.md
+++ b/atomics/windows-index.md
@@ -41,7 +41,7 @@
- [T1054 Indicator Blocking](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md)
- [T1066 Indicator Removal from Tools](https://github.com/redcanaryco/atomic-red-team/blob/uppercase-everything/CONTRIBUTIONS.md)
- [T1070 Indicator Removal on Host](./T1070/T1070.md)
- - Atomic Test #1: Clear Logs [windows]
+ - Atomic Test #1: Clear Logs [windows]
- Atomic Test #2: FSUtil [windows]
- [T1202 Indirect Command Execution](./T1202/T1202.md)
- Atomic Test #1: Indirect Command Execution - pcalua.exe [windows]