Merge branch 'master' into T1110.001_II

atomics/Indexes/Indexes-CSV/index.csv

@@ -244,6 +244,8 @@ defense-evasion,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,2
 defense-evasion,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,3,Set a SetGID flag on file,db55f666-7cba-46c6-9fe6-205a05c3242c,sh
 defense-evasion,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,4,Make and modify capabilities of a binary,db53959c-207d-4000-9e7a-cd8eb417e072,sh
 defense-evasion,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,5,Provide the SetUID capability to a file,1ac3272f-9bcf-443a-9888-4b1d3de785c1,sh
+defense-evasion,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,6,Do reconnaissance for files that have the setuid bit set,8e36da01-cd29-45fd-be72-8a0fcaad4481,sh
+defense-evasion,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,7,Do reconnaissance for files that have the setgid bit set,3fb46e17-f337-4c14-9f9a-a471946533e2,sh
 defense-evasion,T1218.008,Signed Binary Proxy Execution: Odbcconf,1,Odbcconf.exe - Execute Arbitrary DLL,2430498b-06c0-4b92-a448-8ad263c388e2,command_prompt
 defense-evasion,T1218.008,Signed Binary Proxy Execution: Odbcconf,2,Odbcconf.exe - Load Response File,331ce274-f9c9-440b-9f8c-a1006e1fce0b,command_prompt
 defense-evasion,T1562.006,Impair Defenses: Indicator Blocking,1,Auditing Configuration Changes on Linux Host,212cfbcf-4770-4980-bc21-303e37abd0e3,bash
@@ -537,6 +539,8 @@ privilege-escalation,T1548.001,Abuse Elevation Control Mechanism: Setuid and Set
 privilege-escalation,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,3,Set a SetGID flag on file,db55f666-7cba-46c6-9fe6-205a05c3242c,sh
 privilege-escalation,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,4,Make and modify capabilities of a binary,db53959c-207d-4000-9e7a-cd8eb417e072,sh
 privilege-escalation,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,5,Provide the SetUID capability to a file,1ac3272f-9bcf-443a-9888-4b1d3de785c1,sh
+privilege-escalation,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,6,Do reconnaissance for files that have the setuid bit set,8e36da01-cd29-45fd-be72-8a0fcaad4481,sh
+privilege-escalation,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,7,Do reconnaissance for files that have the setgid bit set,3fb46e17-f337-4c14-9f9a-a471946533e2,sh
 privilege-escalation,T1547.004,Boot or Logon Autostart Execution: Winlogon Helper DLL,1,Winlogon Shell Key Persistence - PowerShell,bf9f9d65-ee4d-4c3e-a843-777d04f19c38,powershell
 privilege-escalation,T1547.004,Boot or Logon Autostart Execution: Winlogon Helper DLL,2,Winlogon Userinit Key Persistence - PowerShell,fb32c935-ee2e-454b-8fa3-1c46b42e8dfb,powershell
 privilege-escalation,T1547.004,Boot or Logon Autostart Execution: Winlogon Helper DLL,3,Winlogon Notify Key Logon Persistence - PowerShell,d40da266-e073-4e5a-bb8b-2b385023e5f9,powershell

atomics/Indexes/Indexes-CSV/linux-index.csv

@@ -58,6 +58,8 @@ defense-evasion,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,2
 defense-evasion,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,3,Set a SetGID flag on file,db55f666-7cba-46c6-9fe6-205a05c3242c,sh
 defense-evasion,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,4,Make and modify capabilities of a binary,db53959c-207d-4000-9e7a-cd8eb417e072,sh
 defense-evasion,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,5,Provide the SetUID capability to a file,1ac3272f-9bcf-443a-9888-4b1d3de785c1,sh
+defense-evasion,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,6,Do reconnaissance for files that have the setuid bit set,8e36da01-cd29-45fd-be72-8a0fcaad4481,sh
+defense-evasion,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,7,Do reconnaissance for files that have the setgid bit set,3fb46e17-f337-4c14-9f9a-a471946533e2,sh
 defense-evasion,T1562.006,Impair Defenses: Indicator Blocking,1,Auditing Configuration Changes on Linux Host,212cfbcf-4770-4980-bc21-303e37abd0e3,bash
 defense-evasion,T1562.006,Impair Defenses: Indicator Blocking,2,Logging Configuration Changes on Linux Host,7d40bc58-94c7-4fbb-88d9-ebce9fcdb60c,bash
 defense-evasion,T1562.003,Impair Defenses: HISTCONTROL,1,Disable history collection,4eafdb45-0f79-4d66-aa86-a3e2c08791f5,sh
@@ -142,6 +144,8 @@ privilege-escalation,T1548.001,Abuse Elevation Control Mechanism: Setuid and Set
 privilege-escalation,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,3,Set a SetGID flag on file,db55f666-7cba-46c6-9fe6-205a05c3242c,sh
 privilege-escalation,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,4,Make and modify capabilities of a binary,db53959c-207d-4000-9e7a-cd8eb417e072,sh
 privilege-escalation,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,5,Provide the SetUID capability to a file,1ac3272f-9bcf-443a-9888-4b1d3de785c1,sh
+privilege-escalation,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,6,Do reconnaissance for files that have the setuid bit set,8e36da01-cd29-45fd-be72-8a0fcaad4481,sh
+privilege-escalation,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,7,Do reconnaissance for files that have the setgid bit set,3fb46e17-f337-4c14-9f9a-a471946533e2,sh
 privilege-escalation,T1547.006,Boot or Logon Autostart Execution: Kernel Modules and Extensions,1,Linux - Load Kernel Module via insmod,687dcb93-9656-4853-9c36-9977315e9d23,bash
 privilege-escalation,T1053.006,Scheduled Task/Job: Systemd Timers,1,Create Systemd Service and Timer,f4983098-bb13-44fb-9b2c-46149961807b,bash
 privilege-escalation,T1053.006,Scheduled Task/Job: Systemd Timers,2,Create a user level transient systemd service and timer,3de33f5b-62e5-4e63-a2a0-6fd8808c80ec,sh

atomics/Indexes/Indexes-Markdown/index.md

@@ -332,6 +332,8 @@
   - Atomic Test #3: Set a SetGID flag on file [macos, linux]
   - Atomic Test #4: Make and modify capabilities of a binary [linux]
   - Atomic Test #5: Provide the SetUID capability to a file [linux]
+  - Atomic Test #6: Do reconnaissance for files that have the setuid bit set [linux]
+  - Atomic Test #7: Do reconnaissance for files that have the setgid bit set [linux]
 - T1117 Regsvr32 [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1054 Indicator Blocking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1108 Redundant Access [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -810,6 +812,8 @@
   - Atomic Test #3: Set a SetGID flag on file [macos, linux]
   - Atomic Test #4: Make and modify capabilities of a binary [linux]
   - Atomic Test #5: Provide the SetUID capability to a file [linux]
+  - Atomic Test #6: Do reconnaissance for files that have the setuid bit set [linux]
+  - Atomic Test #7: Do reconnaissance for files that have the setgid bit set [linux]
 - [T1547.004 Boot or Logon Autostart Execution: Winlogon Helper DLL](../../T1547.004/T1547.004.md)
   - Atomic Test #1: Winlogon Shell Key Persistence - PowerShell [windows]
   - Atomic Test #2: Winlogon Userinit Key Persistence - PowerShell [windows]

atomics/Indexes/Indexes-Markdown/linux-index.md

@@ -92,6 +92,8 @@
   - Atomic Test #3: Set a SetGID flag on file [macos, linux]
   - Atomic Test #4: Make and modify capabilities of a binary [linux]
   - Atomic Test #5: Provide the SetUID capability to a file [linux]
+  - Atomic Test #6: Do reconnaissance for files that have the setuid bit set [linux]
+  - Atomic Test #7: Do reconnaissance for files that have the setgid bit set [linux]
 - T1108 Redundant Access [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1562.006 Impair Defenses: Indicator Blocking](../../T1562.006/T1562.006.md)
   - Atomic Test #1: Auditing Configuration Changes on Linux Host [linux]
@@ -336,6 +338,8 @@
   - Atomic Test #3: Set a SetGID flag on file [macos, linux]
   - Atomic Test #4: Make and modify capabilities of a binary [linux]
   - Atomic Test #5: Provide the SetUID capability to a file [linux]
+  - Atomic Test #6: Do reconnaissance for files that have the setuid bit set [linux]
+  - Atomic Test #7: Do reconnaissance for files that have the setgid bit set [linux]
 - T1055.014 VDSO Hijacking [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1169 Sudo [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1547.006 Boot or Logon Autostart Execution: Kernel Modules and Extensions](../../T1547.006/T1547.006.md)

atomics/Indexes/index.yaml

@@ -12510,7 +12510,7 @@ defense-evasion:
         command: |
           sudo touch #{file_to_setuid}
           sudo chown root #{file_to_setuid}
-          sudo chmod u+s #{file_to_setuid}
+          sudo chmod u+xs #{file_to_setuid}
         cleanup_command: 'sudo rm #{file_to_setuid}
 
           '
@@ -12533,7 +12533,7 @@ defense-evasion:
         command: |
           sudo touch #{file_to_setuid}
           sudo chown root #{file_to_setuid}
-          sudo chmod g+s #{file_to_setuid}
+          sudo chmod g+xs #{file_to_setuid}
         cleanup_command: 'sudo rm #{file_to_setuid}
 
           '
@@ -12585,6 +12585,32 @@ defense-evasion:
           '
         name: sh
         elevation_required: true
+    - name: Do reconnaissance for files that have the setuid bit set
+      auto_generated_guid: 8e36da01-cd29-45fd-be72-8a0fcaad4481
+      description: 'This test simulates a command that can be run to enumerate files
+        that have the setuid bit set
+
+        '
+      supported_platforms:
+      - linux
+      executor:
+        command: 'find /usr/bin -perm -4000
+
+          '
+        name: sh
+    - name: Do reconnaissance for files that have the setgid bit set
+      auto_generated_guid: 3fb46e17-f337-4c14-9f9a-a471946533e2
+      description: 'This test simulates a command that can be run to enumerate files
+        that have the setgid bit set
+
+        '
+      supported_platforms:
+      - linux
+      executor:
+        command: 'find /usr/bin -perm -2000
+
+          '
+        name: sh
   T1117:
     technique:
       x_mitre_platforms:
@@ -34058,7 +34084,7 @@ privilege-escalation:
         command: |
           sudo touch #{file_to_setuid}
           sudo chown root #{file_to_setuid}
-          sudo chmod u+s #{file_to_setuid}
+          sudo chmod u+xs #{file_to_setuid}
         cleanup_command: 'sudo rm #{file_to_setuid}
 
           '
@@ -34081,7 +34107,7 @@ privilege-escalation:
         command: |
           sudo touch #{file_to_setuid}
           sudo chown root #{file_to_setuid}
-          sudo chmod g+s #{file_to_setuid}
+          sudo chmod g+xs #{file_to_setuid}
         cleanup_command: 'sudo rm #{file_to_setuid}
 
           '
@@ -34133,6 +34159,32 @@ privilege-escalation:
           '
         name: sh
         elevation_required: true
+    - name: Do reconnaissance for files that have the setuid bit set
+      auto_generated_guid: 8e36da01-cd29-45fd-be72-8a0fcaad4481
+      description: 'This test simulates a command that can be run to enumerate files
+        that have the setuid bit set
+
+        '
+      supported_platforms:
+      - linux
+      executor:
+        command: 'find /usr/bin -perm -4000
+
+          '
+        name: sh
+    - name: Do reconnaissance for files that have the setgid bit set
+      auto_generated_guid: 3fb46e17-f337-4c14-9f9a-a471946533e2
+      description: 'This test simulates a command that can be run to enumerate files
+        that have the setgid bit set
+
+        '
+      supported_platforms:
+      - linux
+      executor:
+        command: 'find /usr/bin -perm -2000
+
+          '
+        name: sh
   T1547.004:
     technique:
       x_mitre_platforms:

atomics/Indexes/linux-index.yaml

@@ -7525,7 +7525,7 @@ defense-evasion:
         command: |
           sudo touch #{file_to_setuid}
           sudo chown root #{file_to_setuid}
-          sudo chmod u+s #{file_to_setuid}
+          sudo chmod u+xs #{file_to_setuid}
         cleanup_command: 'sudo rm #{file_to_setuid}
 
           '
@@ -7548,7 +7548,7 @@ defense-evasion:
         command: |
           sudo touch #{file_to_setuid}
           sudo chown root #{file_to_setuid}
-          sudo chmod g+s #{file_to_setuid}
+          sudo chmod g+xs #{file_to_setuid}
         cleanup_command: 'sudo rm #{file_to_setuid}
 
           '
@@ -7600,6 +7600,32 @@ defense-evasion:
           '
         name: sh
         elevation_required: true
+    - name: Do reconnaissance for files that have the setuid bit set
+      auto_generated_guid: 8e36da01-cd29-45fd-be72-8a0fcaad4481
+      description: 'This test simulates a command that can be run to enumerate files
+        that have the setuid bit set
+
+        '
+      supported_platforms:
+      - linux
+      executor:
+        command: 'find /usr/bin -perm -4000
+
+          '
+        name: sh
+    - name: Do reconnaissance for files that have the setgid bit set
+      auto_generated_guid: 3fb46e17-f337-4c14-9f9a-a471946533e2
+      description: 'This test simulates a command that can be run to enumerate files
+        that have the setgid bit set
+
+        '
+      supported_platforms:
+      - linux
+      executor:
+        command: 'find /usr/bin -perm -2000
+
+          '
+        name: sh
   T1117:
     technique:
       x_mitre_platforms:
@@ -21826,7 +21852,7 @@ privilege-escalation:
         command: |
           sudo touch #{file_to_setuid}
           sudo chown root #{file_to_setuid}
-          sudo chmod u+s #{file_to_setuid}
+          sudo chmod u+xs #{file_to_setuid}
         cleanup_command: 'sudo rm #{file_to_setuid}
 
           '
@@ -21849,7 +21875,7 @@ privilege-escalation:
         command: |
           sudo touch #{file_to_setuid}
           sudo chown root #{file_to_setuid}
-          sudo chmod g+s #{file_to_setuid}
+          sudo chmod g+xs #{file_to_setuid}
         cleanup_command: 'sudo rm #{file_to_setuid}
 
           '
@@ -21901,6 +21927,32 @@ privilege-escalation:
           '
         name: sh
         elevation_required: true
+    - name: Do reconnaissance for files that have the setuid bit set
+      auto_generated_guid: 8e36da01-cd29-45fd-be72-8a0fcaad4481
+      description: 'This test simulates a command that can be run to enumerate files
+        that have the setuid bit set
+
+        '
+      supported_platforms:
+      - linux
+      executor:
+        command: 'find /usr/bin -perm -4000
+
+          '
+        name: sh
+    - name: Do reconnaissance for files that have the setgid bit set
+      auto_generated_guid: 3fb46e17-f337-4c14-9f9a-a471946533e2
+      description: 'This test simulates a command that can be run to enumerate files
+        that have the setgid bit set
+
+        '
+      supported_platforms:
+      - linux
+      executor:
+        command: 'find /usr/bin -perm -2000
+
+          '
+        name: sh
   T1547.004:
     technique:
       x_mitre_platforms:

atomics/Indexes/macos-index.yaml

@@ -6901,7 +6901,7 @@ defense-evasion:
         command: |
           sudo touch #{file_to_setuid}
           sudo chown root #{file_to_setuid}
-          sudo chmod u+s #{file_to_setuid}
+          sudo chmod u+xs #{file_to_setuid}
         cleanup_command: 'sudo rm #{file_to_setuid}
 
           '
@@ -6924,7 +6924,7 @@ defense-evasion:
         command: |
           sudo touch #{file_to_setuid}
           sudo chown root #{file_to_setuid}
-          sudo chmod g+s #{file_to_setuid}
+          sudo chmod g+xs #{file_to_setuid}
         cleanup_command: 'sudo rm #{file_to_setuid}
 
           '
@@ -21148,7 +21148,7 @@ privilege-escalation:
         command: |
           sudo touch #{file_to_setuid}
           sudo chown root #{file_to_setuid}
-          sudo chmod u+s #{file_to_setuid}
+          sudo chmod u+xs #{file_to_setuid}
         cleanup_command: 'sudo rm #{file_to_setuid}
 
           '
@@ -21171,7 +21171,7 @@ privilege-escalation:
         command: |
           sudo touch #{file_to_setuid}
           sudo chown root #{file_to_setuid}
-          sudo chmod g+s #{file_to_setuid}
+          sudo chmod g+xs #{file_to_setuid}
         cleanup_command: 'sudo rm #{file_to_setuid}
 
           '

atomics/T1059.004/T1059.004.yaml

@@ -162,3 +162,40 @@ atomic_tests:
       echo "\$ART=$ART"
       echo -n "$ART" |base64 -d |/bin/bash
       unset ART 
+- name: Change login shell
+  auto_generated_guid: c7ac59cb-13cc-4622-81dc-6d2fee9bfac7
+  description: |
+    An adversary may want to use a different login shell. The chsh command changes the user login shell. The following test, creates an art user with a /bin/bash shell, changes the users shell to sh, then deletes the art user. 
+  supported_platforms:
+    - linux
+  dependencies:
+  - description: |
+      chsh - change login shell, must be installed
+    prereq_command: |
+      if [ -f /usr/bin/chsh ]; then echo "exit 0"; else echo "exit 1"; exit 1; fi
+    get_prereq_command: |
+      echo "Automated installer not implemented yet, please install chsh manually"
+  executor:
+    name: bash
+    elevation_required: true 
+    command: |      
+      useradd -s /bin/bash art
+      cat /etc/passwd |grep ^art
+      chsh -s /bin/sh art
+      cat /etc/passwd |grep ^art
+    cleanup_command: | 
+      userdel art
+- name: Environment variable scripts
+  auto_generated_guid: bdaebd56-368b-4970-a523-f905ff4a8a51
+  description: |
+    An adversary may place scripts in an environment variable because they can't or don't wish to create script files on the host. The following test, in a bash shell, exports the ART variable containing an echo command, then pipes the variable to /bin/bash
+  supported_platforms:
+    - linux
+  executor:
+    name: bash
+    elevation_required: false 
+    command: |
+      export ART='echo "Atomic Red Team was here... T1059.004"'
+      echo $ART |/bin/bash
+    cleanup_command: | 
+      unset ART

atomics/T1548.001/T1548.001.md

@@ -20,6 +20,10 @@ Alternatively, adversaries may choose to find and target vulnerable binaries wit
 
 - [Atomic Test #5 - Provide the SetUID capability to a file](#atomic-test-5---provide-the-setuid-capability-to-a-file)
 
+- [Atomic Test #6 - Do reconnaissance for files that have the setuid bit set](#atomic-test-6---do-reconnaissance-for-files-that-have-the-setuid-bit-set)
+
+- [Atomic Test #7 - Do reconnaissance for files that have the setgid bit set](#atomic-test-7---do-reconnaissance-for-files-that-have-the-setgid-bit-set)
+
 
 <br/>
 
@@ -90,7 +94,7 @@ This test sets the SetUID flag on a file in Linux and macOS.
 ```sh
 sudo touch #{file_to_setuid}
 sudo chown root #{file_to_setuid}
-sudo chmod u+s #{file_to_setuid}
+sudo chmod u+xs #{file_to_setuid}
 ```
 
 #### Cleanup Commands:
@@ -129,7 +133,7 @@ This test sets the SetGID flag on a file in Linux and macOS.
 ```sh
 sudo touch #{file_to_setuid}
 sudo chown root #{file_to_setuid}
-sudo chmod g+s #{file_to_setuid}
+sudo chmod g+xs #{file_to_setuid}
 ```
 
 #### Cleanup Commands:
@@ -222,4 +226,60 @@ rm #{file_to_setcap}
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #6 - Do reconnaissance for files that have the setuid bit set
+This test simulates a command that can be run to enumerate files that have the setuid bit set
+
+**Supported Platforms:** Linux
+
+
+**auto_generated_guid:** 8e36da01-cd29-45fd-be72-8a0fcaad4481
+
+
+
+
+
+
+#### Attack Commands: Run with `sh`! 
+
+
+```sh
+find /usr/bin -perm -4000
+```
+
+
+
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #7 - Do reconnaissance for files that have the setgid bit set
+This test simulates a command that can be run to enumerate files that have the setgid bit set
+
+**Supported Platforms:** Linux
+
+
+**auto_generated_guid:** 3fb46e17-f337-4c14-9f9a-a471946533e2
+
+
+
+
+
+
+#### Attack Commands: Run with `sh`! 
+
+
+```sh
+find /usr/bin -perm -2000
+```
+
+
+
+
+
+
 <br/>

atomics/T1548.001/T1548.001.yaml

@@ -42,7 +42,7 @@ atomic_tests:
     command: |
       sudo touch #{file_to_setuid}
       sudo chown root #{file_to_setuid}
-      sudo chmod u+s #{file_to_setuid}
+      sudo chmod u+xs #{file_to_setuid}
     cleanup_command: |
       sudo rm #{file_to_setuid}
     name: sh
@@ -63,7 +63,7 @@ atomic_tests:
     command: |
       sudo touch #{file_to_setuid}
       sudo chown root #{file_to_setuid}
-      sudo chmod g+s #{file_to_setuid}
+      sudo chmod g+xs #{file_to_setuid}
     cleanup_command: |
       sudo rm #{file_to_setuid}
     name: sh
@@ -111,3 +111,23 @@ atomic_tests:
       rm #{file_to_setcap}
     name: sh
     elevation_required: true
+- name: Do reconnaissance for files that have the setuid bit set
+  auto_generated_guid: 8e36da01-cd29-45fd-be72-8a0fcaad4481
+  description: |
+    This test simulates a command that can be run to enumerate files that have the setuid bit set
+  supported_platforms:
+  - linux
+  executor:
+    command: |
+      find /usr/bin -perm -4000
+    name: sh
+- name: Do reconnaissance for files that have the setgid bit set
+  auto_generated_guid: 3fb46e17-f337-4c14-9f9a-a471946533e2
+  description: |
+    This test simulates a command that can be run to enumerate files that have the setgid bit set
+  supported_platforms:
+  - linux
+  executor:
+    command: |
+      find /usr/bin -perm -2000
+    name: sh

atomics/used_guids.txt

@@ -1239,3 +1239,7 @@ bbdb06bc-bab6-4f5b-8232-ba3fbed51d77
 5d7057c9-2c8a-4026-91dd-13b5584daa69
 cb8f7cdc-36c4-4ed0-befc-7ad7d24dfd7a
 53ead5db-7098-4111-bb3f-563be390e72e
+8e36da01-cd29-45fd-be72-8a0fcaad4481
+3fb46e17-f337-4c14-9f9a-a471946533e2
+c7ac59cb-13cc-4622-81dc-6d2fee9bfac7
+bdaebd56-368b-4970-a523-f905ff4a8a51