From b5dde3c8f2168d5e752977972d4c4338498bbaa2 Mon Sep 17 00:00:00 2001
From: Atomic Red Team GUID generator <opensource@redcanary.com>
Date: Wed, 4 Jan 2023 03:19:21 +0000
Subject: [PATCH] Generate GUIDs from job=generate-docs branch=master [skip ci]

---
 atomics/T1505.004/T1505.004.yaml | 2 ++
 atomics/T1562.002/T1562.002.yaml | 1 +
 atomics/used_guids.txt           | 3 +++
 3 files changed, 6 insertions(+)

diff --git a/atomics/T1505.004/T1505.004.yaml b/atomics/T1505.004/T1505.004.yaml
index 756e15e7..a0ac74a4 100644
--- a/atomics/T1505.004/T1505.004.yaml
+++ b/atomics/T1505.004/T1505.004.yaml
@@ -2,6 +2,7 @@ attack_technique: T1505.004
 display_name: IIS Components
 atomic_tests:
 - name: Install IIS Module using AppCmd.exe
+  auto_generated_guid: 53adbdfa-8200-490c-871c-d3b1ab3324b2
   description: |
     The following Atomic will utilize AppCmd.exe to install a new IIS Module. IIS must be installed.
     This atomic utilizes a DLL on disk, but to test further suspiciousness, compile and load [IIS-Raid](https://www.mdsec.co.uk/2020/02/iis-raid-backdooring-iis-using-native-modules/).
@@ -35,6 +36,7 @@ atomic_tests:
       %windir%\system32\inetsrv\appcmd.exe uninstall module #{module_name}
     name: command_prompt
 - name: Install IIS Module using PowerShell Cmdlet New-WebGlobalModule
+  auto_generated_guid: cc3381fb-4bd0-405c-a8e4-6cacfac3b06c
   description: |
     The following Atomic will utilize PowerShell Cmdlet New-WebGlobalModule to install a new IIS Module. IIS must be installed.
     This atomic utilizes a DLL on disk, but to test further suspiciousness, compile and load [IIS-Raid](https://www.mdsec.co.uk/2020/02/iis-raid-backdooring-iis-using-native-modules/).
diff --git a/atomics/T1562.002/T1562.002.yaml b/atomics/T1562.002/T1562.002.yaml
index 129fe98b..cf3e4390 100644
--- a/atomics/T1562.002/T1562.002.yaml
+++ b/atomics/T1562.002/T1562.002.yaml
@@ -24,6 +24,7 @@ atomic_tests:
       }
     name: powershell
 - name: Disable Windows IIS HTTP Logging via PowerShell
+  auto_generated_guid: a957fb0f-1e85-49b2-a211-413366784b1e
   description: |
     Disables HTTP logging on a Windows IIS web server as seen by Threat Group 3390 (Bronze Union).
     This action requires HTTP logging configurations in IIS to be unlocked.
diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt
index f61afece..a6b99418 100644
--- a/atomics/used_guids.txt
+++ b/atomics/used_guids.txt
@@ -1199,3 +1199,6 @@ b1cbdf8b-6078-48f5-a890-11ea19d7f8e9
 999bff6d-dc15-44c9-9f5c-e1051bfc86e1
 40075d5f-3a70-4c66-9125-f72bee87247d
 fe7974e5-5813-477b-a7bd-311d4f535e83
+53adbdfa-8200-490c-871c-d3b1ab3324b2
+cc3381fb-4bd0-405c-a8e4-6cacfac3b06c
+a957fb0f-1e85-49b2-a211-413366784b1e