T1082 Add Hostname and MachineGUID tests (#683)

* T1082 Add Hostname and MachineGUID tests * Generate docs from job=validate_atomics_generate_docs branch=t1082-hostname-machineguid
2019-11-20 16:42:33 -06:00
parent 0afc5beb6f
commit ccb4a26407
7 changed files with 104 additions and 2 deletions
@@ -34,6 +34,10 @@ In Azure, the API request <code>GET https://management.azure.com/subscriptions/{

 - [Atomic Test #5 - Linux VM Check via Kernel Modules](#atomic-test-5---linux-vm-check-via-kernel-modules)

+- [Atomic Test #6 - Hostname Discovery](#atomic-test-6---hostname-discovery)
+
+- [Atomic Test #7 - Windows MachineGUID Discovery](#atomic-test-7---windows-machineguid-discovery)
+

 <br/>

@@ -132,4 +136,36 @@ sudo lsmod | grep -i "hv_vmbus\|hv_blkvsc\|hv_netvsc\|hv_utils\|hv_storvsc"



+<br/>
+<br/>
+
+## Atomic Test #6 - Hostname Discovery
+Identify system hostname for Windows, Linux, and macOS systems.
+
+**Supported Platforms:** Windows, Linux, macOS
+
+
+#### Run it with `bash`! 
+```
+hostname
+```
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #7 - Windows MachineGUID Discovery
+Identify the Windows MachineGUID value for a system.
+
+**Supported Platforms:** Windows
+
+
+#### Run it with `command_prompt`! 
+```
+REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
+```
+
+
+
 <br/>
@@ -82,4 +82,37 @@ atomic_tests:
      sudo lsmod | grep -i "vmw_baloon\|vmxnet"
      sudo lsmod | grep -i "xen-vbd\|xen-vnif"
      sudo lsmod | grep -i "virtio_pci\|virtio_net"
-      sudo lsmod | grep -i "hv_vmbus\|hv_blkvsc\|hv_netvsc\|hv_utils\|hv_storvsc"
+      sudo lsmod | grep -i "hv_vmbus\|hv_blkvsc\|hv_netvsc\|hv_utils\|hv_storvsc"
+
+- name: Hostname Discovery
+  description: |
+    Identify system hostname for Windows, Linux, and macOS systems.
+
+  supported_platforms:
+    - windows
+    - linux
+    - macos
+
+  executor:
+    name: command_prompt
+    elevation_required: false
+    command: |
+      hostname
+
+    name: bash
+    elevation_required: false
+    command: | 
+      hostname
+
+- name: Windows MachineGUID Discovery
+  description: |
+    Identify the Windows MachineGUID value for a system.
+
+  supported_platforms:
+    - windows
+
+  executor:
+    name: command_prompt
+    elevation_required: false
+    command: |
+      REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
@@ -600,6 +600,8 @@
  - Atomic Test #3: List OS Information [linux, macos]
  - Atomic Test #4: Linux VM Check via Hardware [linux]
  - Atomic Test #5: Linux VM Check via Kernel Modules [linux]
+  - Atomic Test #6: Hostname Discovery [windows, linux, macos]
+  - Atomic Test #7: Windows MachineGUID Discovery [windows]
 - [T1016 System Network Configuration Discovery](./T1016/T1016.md)
  - Atomic Test #1: System Network Configuration Discovery [windows]
  - Atomic Test #2: List Windows Firewall Rules [windows]
@@ -17292,12 +17292,39 @@ discovery:
      - linux
      executor:
        name: bash
-        command: |-
+        command: |
          sudo lsmod | grep -i "vboxsf\|vboxguest"
          sudo lsmod | grep -i "vmw_baloon\|vmxnet"
          sudo lsmod | grep -i "xen-vbd\|xen-vnif"
          sudo lsmod | grep -i "virtio_pci\|virtio_net"
          sudo lsmod | grep -i "hv_vmbus\|hv_blkvsc\|hv_netvsc\|hv_utils\|hv_storvsc"
+    - name: Hostname Discovery
+      description: 'Identify system hostname for Windows, Linux, and macOS systems.
+
+'
+      supported_platforms:
+      - windows
+      - linux
+      - macos
+      executor:
+        name: bash
+        elevation_required: false
+        command: 'hostname
+
+'
+    - name: Windows MachineGUID Discovery
+      description: 'Identify the Windows MachineGUID value for a system.
+
+'
+      supported_platforms:
+      - windows
+      executor:
+        name: command_prompt
+        elevation_required: false
+        command: 'REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v
+          MachineGuid
+
+'
  T1016:
    technique:
      x_mitre_data_sources:
@@ -102,6 +102,7 @@
  - Atomic Test #3: List OS Information [linux, macos]
  - Atomic Test #4: Linux VM Check via Hardware [linux]
  - Atomic Test #5: Linux VM Check via Kernel Modules [linux]
+  - Atomic Test #6: Hostname Discovery [windows, linux, macos]
 - [T1016 System Network Configuration Discovery](./T1016/T1016.md)
  - Atomic Test #3: System Network Configuration Discovery [macos, linux]
 - [T1049 System Network Connections Discovery](./T1049/T1049.md)
@@ -114,6 +114,7 @@
 - [T1082 System Information Discovery](./T1082/T1082.md)
  - Atomic Test #2: System Information Discovery [linux, macos]
  - Atomic Test #3: List OS Information [linux, macos]
+  - Atomic Test #6: Hostname Discovery [windows, linux, macos]
 - [T1016 System Network Configuration Discovery](./T1016/T1016.md)
  - Atomic Test #3: System Network Configuration Discovery [macos, linux]
 - [T1049 System Network Connections Discovery](./T1049/T1049.md)
@@ -421,6 +421,8 @@
  - Atomic Test #1: Find and Display Iinternet Explorer Browser Version [windows]
 - [T1082 System Information Discovery](./T1082/T1082.md)
  - Atomic Test #1: System Information Discovery [windows]
+  - Atomic Test #6: Hostname Discovery [windows, linux, macos]
+  - Atomic Test #7: Windows MachineGUID Discovery [windows]
 - [T1016 System Network Configuration Discovery](./T1016/T1016.md)
  - Atomic Test #1: System Network Configuration Discovery [windows]
  - Atomic Test #2: List Windows Firewall Rules [windows]