From 87b5a285ca30fa93cf5dc03bb829355cf1c347e4 Mon Sep 17 00:00:00 2001 From: Atomic Red Team doc generator Date: Wed, 3 Jul 2024 22:29:55 +0000 Subject: [PATCH] Generated docs from job=generate-docs branch=master [ci skip] --- atomics/Indexes/index.yaml | 16 +++------------- atomics/Indexes/linux-index.yaml | 16 +++------------- atomics/Indexes/macos-index.yaml | 16 +++------------- atomics/T1070.006/T1070.006.md | 13 +------------ 4 files changed, 10 insertions(+), 51 deletions(-) diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index 89efc53a..30c5f05f 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -9886,20 +9886,10 @@ defense-evasion: description: Path of reference file to read timestamps from type: path default: "/bin/sh" - dependencies: - - description: 'The file must exist in order to be timestomped - - ' - prereq_command: 'test -e #{target_file_path} && exit 0 || exit 1 - - ' - get_prereq_command: 'echo ''T1070.006 reference file timestomp test'' > #{target_file_path} - - ' executor: - command: 'touch -acmr #{reference_file_path} #{target_file_path} - - ' + command: | + touch #{target_file_path} + touch -acmr #{reference_file_path} #{target_file_path} cleanup_command: 'rm -f #{target_file_path} ' diff --git a/atomics/Indexes/linux-index.yaml b/atomics/Indexes/linux-index.yaml index aef87993..493abefe 100644 --- a/atomics/Indexes/linux-index.yaml +++ b/atomics/Indexes/linux-index.yaml @@ -5705,20 +5705,10 @@ defense-evasion: description: Path of reference file to read timestamps from type: path default: "/bin/sh" - dependencies: - - description: 'The file must exist in order to be timestomped - - ' - prereq_command: 'test -e #{target_file_path} && exit 0 || exit 1 - - ' - get_prereq_command: 'echo ''T1070.006 reference file timestomp test'' > #{target_file_path} - - ' executor: - command: 'touch -acmr #{reference_file_path} #{target_file_path} - - ' + command: | + touch #{target_file_path} + touch -acmr #{reference_file_path} #{target_file_path} cleanup_command: 'rm -f #{target_file_path} ' diff --git a/atomics/Indexes/macos-index.yaml b/atomics/Indexes/macos-index.yaml index 57361ea2..96bf9226 100644 --- a/atomics/Indexes/macos-index.yaml +++ b/atomics/Indexes/macos-index.yaml @@ -5215,20 +5215,10 @@ defense-evasion: description: Path of reference file to read timestamps from type: path default: "/bin/sh" - dependencies: - - description: 'The file must exist in order to be timestomped - - ' - prereq_command: 'test -e #{target_file_path} && exit 0 || exit 1 - - ' - get_prereq_command: 'echo ''T1070.006 reference file timestomp test'' > #{target_file_path} - - ' executor: - command: 'touch -acmr #{reference_file_path} #{target_file_path} - - ' + command: | + touch #{target_file_path} + touch -acmr #{reference_file_path} #{target_file_path} cleanup_command: 'rm -f #{target_file_path} ' diff --git a/atomics/T1070.006/T1070.006.md b/atomics/T1070.006/T1070.006.md index b76a9563..500844b3 100644 --- a/atomics/T1070.006/T1070.006.md +++ b/atomics/T1070.006/T1070.006.md @@ -196,6 +196,7 @@ This technique was used by the threat actor Rocke during the compromise of Linux ```sh +touch #{target_file_path} touch -acmr #{reference_file_path} #{target_file_path} ``` @@ -206,18 +207,6 @@ rm -f #{target_file_path} -#### Dependencies: Run with `sh`! -##### Description: The file must exist in order to be timestomped -##### Check Prereq Commands: -```sh -test -e #{target_file_path} && exit 0 || exit 1 -``` -##### Get Prereq Commands: -```sh -echo 'T1070.006 reference file timestomp test' > #{target_file_path} -``` - -