From 41393c010fe62096bbeb9d613cf70fe61ff291e4 Mon Sep 17 00:00:00 2001
From: Nathan McNulty <6653432+nathanmcnulty@users.noreply.github.com>
Date: Mon, 20 Feb 2023 20:35:11 -0800
Subject: [PATCH 1/2] Fix T1543.001 Test 2 Defaults (#2338)

Co-authored-by: Nathan McNulty <nathanmcnulty@outlook.com>
---
 atomics/T1543.001/T1543.001.md   | 4 ++--
 atomics/T1543.001/T1543.001.yaml | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/atomics/T1543.001/T1543.001.md b/atomics/T1543.001/T1543.001.md
index a8563591..92b45534 100644
--- a/atomics/T1543.001/T1543.001.md
+++ b/atomics/T1543.001/T1543.001.md
@@ -83,8 +83,8 @@ This test adds persistence via a plist to execute via the macOS Event Monitor Da
 #### Inputs:
 | Name | Description | Type | Default Value |
 |------|-------------|------|---------------|
-| script_location | evil plist location | path | $PathToAtomicsFolder/T1053.004/src/atomicredteam_T1053_004.plist|
-| script_destination | Path where to move the evil plist | path | /etc/emond.d/rules/atomicredteam_T1053_004.plist|
+| script_location | evil plist location | path | $PathToAtomicsFolder/T1543.001/src/atomicredteam_T1543_001.plist|
+| script_destination | Path where to move the evil plist | path | /etc/emond.d/rules/atomicredteam_T1543_001.plist|
 | empty_file | Random name of the empty file used to trigger emond service | string | randomflag|
 
 
diff --git a/atomics/T1543.001/T1543.001.yaml b/atomics/T1543.001/T1543.001.yaml
index 3ada90e1..4f4c8b8c 100644
--- a/atomics/T1543.001/T1543.001.yaml
+++ b/atomics/T1543.001/T1543.001.yaml
@@ -45,11 +45,11 @@ atomic_tests:
     script_location:
       description: evil plist location
       type: path
-      default: $PathToAtomicsFolder/T1053.004/src/atomicredteam_T1053_004.plist
+      default: $PathToAtomicsFolder/T1543.001/src/atomicredteam_T1543_001.plist
     script_destination:
       description: Path where to move the evil plist
       type: path
-      default: /etc/emond.d/rules/atomicredteam_T1053_004.plist
+      default: /etc/emond.d/rules/atomicredteam_T1543_001.plist
     empty_file:
       description: Random name of the empty file used to trigger emond service
       type: string

From 7cfbdc1449f25986639c1ca06746e9668188c06c Mon Sep 17 00:00:00 2001
From: Atomic Red Team doc generator <opensource@redcanary.com>
Date: Tue, 21 Feb 2023 04:36:32 +0000
Subject: [PATCH 2/2] Generated docs from job=generate-docs branch=master [ci
 skip]

---
 atomics/Indexes/index.yaml       | 8 ++++----
 atomics/Indexes/macos-index.yaml | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 8716915c..f6eed336 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -40078,11 +40078,11 @@ privilege-escalation:
         script_location:
           description: evil plist location
           type: path
-          default: "$PathToAtomicsFolder/T1053.004/src/atomicredteam_T1053_004.plist"
+          default: "$PathToAtomicsFolder/T1543.001/src/atomicredteam_T1543_001.plist"
         script_destination:
           description: Path where to move the evil plist
           type: path
-          default: "/etc/emond.d/rules/atomicredteam_T1053_004.plist"
+          default: "/etc/emond.d/rules/atomicredteam_T1543_001.plist"
         empty_file:
           description: Random name of the empty file used to trigger emond service
           type: string
@@ -63920,11 +63920,11 @@ persistence:
         script_location:
           description: evil plist location
           type: path
-          default: "$PathToAtomicsFolder/T1053.004/src/atomicredteam_T1053_004.plist"
+          default: "$PathToAtomicsFolder/T1543.001/src/atomicredteam_T1543_001.plist"
         script_destination:
           description: Path where to move the evil plist
           type: path
-          default: "/etc/emond.d/rules/atomicredteam_T1053_004.plist"
+          default: "/etc/emond.d/rules/atomicredteam_T1543_001.plist"
         empty_file:
           description: Random name of the empty file used to trigger emond service
           type: string
diff --git a/atomics/Indexes/macos-index.yaml b/atomics/Indexes/macos-index.yaml
index 5542f33d..a834871d 100644
--- a/atomics/Indexes/macos-index.yaml
+++ b/atomics/Indexes/macos-index.yaml
@@ -25215,11 +25215,11 @@ privilege-escalation:
         script_location:
           description: evil plist location
           type: path
-          default: "$PathToAtomicsFolder/T1053.004/src/atomicredteam_T1053_004.plist"
+          default: "$PathToAtomicsFolder/T1543.001/src/atomicredteam_T1543_001.plist"
         script_destination:
           description: Path where to move the evil plist
           type: path
-          default: "/etc/emond.d/rules/atomicredteam_T1053_004.plist"
+          default: "/etc/emond.d/rules/atomicredteam_T1543_001.plist"
         empty_file:
           description: Random name of the empty file used to trigger emond service
           type: string
@@ -41310,11 +41310,11 @@ persistence:
         script_location:
           description: evil plist location
           type: path
-          default: "$PathToAtomicsFolder/T1053.004/src/atomicredteam_T1053_004.plist"
+          default: "$PathToAtomicsFolder/T1543.001/src/atomicredteam_T1543_001.plist"
         script_destination:
           description: Path where to move the evil plist
           type: path
-          default: "/etc/emond.d/rules/atomicredteam_T1053_004.plist"
+          default: "/etc/emond.d/rules/atomicredteam_T1543_001.plist"
         empty_file:
           description: Random name of the empty file used to trigger emond service
           type: string