Merge pull request #2012 from RoundBunny/T1027

Updated T1027 i0 with cleanup and non-builtin command

atomics/T1027/T1027.yaml

@@ -6,16 +6,32 @@ atomic_tests:
   description: |
     Creates a base64-encoded data file and decodes it into an executable shell script
 
-    Upon successful execution, sh will execute art.sh, which is a base64 encoded command, that stdouts `echo Hello from the Atomic Red Team`.
+    Upon successful execution, sh will execute art.sh, which is a base64 encoded command, that echoes `Hello from the Atomic Red Team` 
+    and uname -v
   supported_platforms:
   - macos
   - linux
+  input_arguments:
+    shell_command:
+      description: command to encode
+      type: String
+      default: "echo Hello from the Atomic Red Team && uname -v"
+  dependency_executor_name: sh
+  dependencies:
+  - description: |
+      encode the command into base64 file
+    prereq_command: |
+      exit 1
+    get_prereq_command: |
+      echo "#{shell_command}" | base64 > /tmp/encoded.dat
   executor:
     command: |
-      sh -c "echo ZWNobyBIZWxsbyBmcm9tIHRoZSBBdG9taWMgUmVkIFRlYW0= > /tmp/encoded.dat"
       cat /tmp/encoded.dat | base64 -d > /tmp/art.sh
       chmod +x /tmp/art.sh
       /tmp/art.sh
+    cleanup_command: |
+      rm /tmp/encoded.dat 
+      rm /tmp/art.sh
     name: sh
 - name: Execute base64-encoded PowerShell
   auto_generated_guid: a50d5a97-2531-499e-a1de-5544c74432c6