From dd4372d5cd3cf57dbf46c5c65b547007b0270e5e Mon Sep 17 00:00:00 2001
From: publish bot <opensource@redcanary.com>
Date: Thu, 25 Apr 2024 17:07:26 +0000
Subject: [PATCH] updating atomics count and guids [ci skip]

---
 atomics/T1135/T1135.yaml | 1 +
 atomics/T1622/T1622.yaml | 1 +
 atomics/used_guids.txt   | 1 +
 3 files changed, 3 insertions(+)

diff --git a/atomics/T1135/T1135.yaml b/atomics/T1135/T1135.yaml
index 9553e687..41629f30 100644
--- a/atomics/T1135/T1135.yaml
+++ b/atomics/T1135/T1135.yaml
@@ -182,6 +182,7 @@ atomic_tests:
       dir \\#{computer_ip}\IPC$
     name: command_prompt
 - name: Enumerate All Network Shares with SharpShares
+  auto_generated_guid: d1fa2a69-b0a2-4e8a-9112-529b00c19a41
   description: |
     SharpShares is a command line tool that can be integrated with Cobalt Strike's execute-assembly module, allowing for the enumeration of network shares. 
     This technique has been utilized by various ransomware groups, including BianLian.
diff --git a/atomics/T1622/T1622.yaml b/atomics/T1622/T1622.yaml
index e2258689..d4f52a93 100644
--- a/atomics/T1622/T1622.yaml
+++ b/atomics/T1622/T1622.yaml
@@ -2,6 +2,7 @@ attack_technique: T1622
 display_name: Debugger Evasion
 atomic_tests:
 - name: Detect a Debugger Presence in the Machine
+  auto_generated_guid: 58bd8c8d-3a1a-4467-a69c-439c75469b07
   description: Detecting a running debugger process or if the debugger is attached to a process via PowerShell
   supported_platforms:
   - windows 
diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt
index e735731c..c4ead938 100644
--- a/atomics/used_guids.txt
+++ b/atomics/used_guids.txt
@@ -1593,3 +1593,4 @@ f3ad3c5b-1db1-45c1-81bf-d3370ebab6c8
 ed952f70-91d4-445a-b7ff-30966bfb1aff
 5bcefe5f-3f30-4f1c-a61a-8d7db3f4450c
 36657d95-d9d6-4fbf-8a31-f4085607bafd
+d1fa2a69-b0a2-4e8a-9112-529b00c19a4158bd8c8d-3a1a-4467-a69c-439c75469b07
\ No newline at end of file