diff --git a/atomics/T1485/T1485.md b/atomics/T1485/T1485.md
index 3adfad03..b58bf90b 100644
--- a/atomics/T1485/T1485.md
+++ b/atomics/T1485/T1485.md
@@ -16,6 +16,8 @@ To maximize impact on the target organization in operations where network-wide a
- [Atomic Test #4 - Windows - Overwrite file with Sysinternals SDelete](#atomic-test-4---windows---overwrite-file-with-sysinternals-sdelete)
+- [Atomic Test #5 - macOS/Linux - Overwrite file with DD](#atomic-test-5---macoslinux---overwrite-file-with-dd)
+
@@ -77,3 +79,24 @@ Requires the download of either Sysinternals Suite or the individual SDelete uti
sdelete.exe #{file_to_overwrite}
```
+
+
+## Atomic Test #5 - macOS/Linux - Overwrite file with DD
+Overwrites and deletes a file using DD.
+
+To stop the test, break the command with CTRL/CMD+C.
+
+**Supported Platforms:** CentOS, Linux, macOS, Ubuntu
+
+
+#### Inputs
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| overwrite_source | Path of data source to overwrite with | Path | /dev/zero|
+| file_to_overwrite | Path of file to overwrite and remove | Path | /var/log/syslog|
+
+#### Run it with `bash`!
+```
+dd of=#{file_to_overwrite} if=#{overwrite_source}
+```
+
diff --git a/atomics/T1496/T1496.md b/atomics/T1496/T1496.md
new file mode 100644
index 00000000..5f2865d3
--- /dev/null
+++ b/atomics/T1496/T1496.md
@@ -0,0 +1,25 @@
+# T1496 - Resource Hijacking
+## [Description from ATT&CK](https://attack.mitre.org/wiki/Technique/T1496)
+Adversaries may leverage the resources of co-opted systems in order to solve resource intensive problems which may impact system and/or hosted service availability.
+
+One common purpose for Resource Hijacking is to validate transactions of cryptocurrency networks and earn virtual currency. Adversaries may consume enough system resources to negatively impact and/or cause affected machines to become unresponsive.(Citation: Kaspersky Lazarus Under The Hood Blog 2017) Servers and cloud-based systems are common targets because of the high potential for available resources, but user endpoint systems may also be compromised and used for Resource Hijacking and cryptocurrency mining.
+
+## Atomic Tests
+
+- [Atomic Test #1 - macOS/Linux - Simulate CPU Load with Yes](#atomic-test-1---macoslinux---simulate-cpu-load-with-yes)
+
+
+
+
+## Atomic Test #1 - macOS/Linux - Simulate CPU Load with Yes
+This test simulates a high CPU load as you might observe during cryptojacking attacks.
+End the test by using CTRL/CMD+C to break.
+
+**Supported Platforms:** macOS, CentOS, Ubuntu, Linux
+
+
+#### Run it with `bash`!
+```
+yes > /dev/null
+```
+
diff --git a/atomics/art_navigator_layer.json b/atomics/art_navigator_layer.json
index 2d32acc4..9dc6caca 100644
--- a/atomics/art_navigator_layer.json
+++ b/atomics/art_navigator_layer.json
@@ -1 +1 @@
-{"version":"2.1","name":"Atomic Red Team","description":"Atomic Red Team MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"techniques":[{"techniqueID":"T1002","score":100,"enabled":true},{"techniqueID":"T1003","score":100,"enabled":true},{"techniqueID":"T1004","score":100,"enabled":true},{"techniqueID":"T1005","score":100,"enabled":true},{"techniqueID":"T1007","score":100,"enabled":true},{"techniqueID":"T1009","score":100,"enabled":true},{"techniqueID":"T1010","score":100,"enabled":true},{"techniqueID":"T1012","score":100,"enabled":true},{"techniqueID":"T1014","score":100,"enabled":true},{"techniqueID":"T1015","score":100,"enabled":true},{"techniqueID":"T1016","score":100,"enabled":true},{"techniqueID":"T1018","score":100,"enabled":true},{"techniqueID":"T1022","score":100,"enabled":true},{"techniqueID":"T1027","score":100,"enabled":true},{"techniqueID":"T1028","score":100,"enabled":true},{"techniqueID":"T1030","score":100,"enabled":true},{"techniqueID":"T1031","score":100,"enabled":true},{"techniqueID":"T1033","score":100,"enabled":true},{"techniqueID":"T1035","score":100,"enabled":true},{"techniqueID":"T1036","score":100,"enabled":true},{"techniqueID":"T1037","score":100,"enabled":true},{"techniqueID":"T1040","score":100,"enabled":true},{"techniqueID":"T1042","score":100,"enabled":true},{"techniqueID":"T1046","score":100,"enabled":true},{"techniqueID":"T1047","score":100,"enabled":true},{"techniqueID":"T1048","score":100,"enabled":true},{"techniqueID":"T1049","score":100,"enabled":true},{"techniqueID":"T1050","score":100,"enabled":true},{"techniqueID":"T1053","score":100,"enabled":true},{"techniqueID":"T1055","score":100,"enabled":true},{"techniqueID":"T1056","score":100,"enabled":true},{"techniqueID":"T1057","score":100,"enabled":true},{"techniqueID":"T1059","score":100,"enabled":true},{"techniqueID":"T1060","score":100,"enabled":true},{"techniqueID":"T1062","score":100,"enabled":true},{"techniqueID":"T1063","score":100,"enabled":true},{"techniqueID":"T1064","score":100,"enabled":true},{"techniqueID":"T1065","score":100,"enabled":true},{"techniqueID":"T1069","score":100,"enabled":true},{"techniqueID":"T1070","score":100,"enabled":true},{"techniqueID":"T1071","score":100,"enabled":true},{"techniqueID":"T1074","score":100,"enabled":true},{"techniqueID":"T1075","score":100,"enabled":true},{"techniqueID":"T1076","score":100,"enabled":true},{"techniqueID":"T1077","score":100,"enabled":true},{"techniqueID":"T1081","score":100,"enabled":true},{"techniqueID":"T1082","score":100,"enabled":true},{"techniqueID":"T1083","score":100,"enabled":true},{"techniqueID":"T1084","score":100,"enabled":true},{"techniqueID":"T1085","score":100,"enabled":true},{"techniqueID":"T1086","score":100,"enabled":true},{"techniqueID":"T1087","score":100,"enabled":true},{"techniqueID":"T1088","score":100,"enabled":true},{"techniqueID":"T1089","score":100,"enabled":true},{"techniqueID":"T1090","score":100,"enabled":true},{"techniqueID":"T1096","score":100,"enabled":true},{"techniqueID":"T1098","score":100,"enabled":true},{"techniqueID":"T1099","score":100,"enabled":true},{"techniqueID":"T1100","score":100,"enabled":true},{"techniqueID":"T1101","score":100,"enabled":true},{"techniqueID":"T1103","score":100,"enabled":true},{"techniqueID":"T1105","score":100,"enabled":true},{"techniqueID":"T1107","score":100,"enabled":true},{"techniqueID":"T1110","score":100,"enabled":true},{"techniqueID":"T1112","score":100,"enabled":true},{"techniqueID":"T1113","score":100,"enabled":true},{"techniqueID":"T1114","score":100,"enabled":true},{"techniqueID":"T1115","score":100,"enabled":true},{"techniqueID":"T1117","score":100,"enabled":true},{"techniqueID":"T1118","score":100,"enabled":true},{"techniqueID":"T1119","score":100,"enabled":true},{"techniqueID":"T1121","score":100,"enabled":true},{"techniqueID":"T1122","score":100,"enabled":true},{"techniqueID":"T1123","score":100,"enabled":true},{"techniqueID":"T1124","score":100,"enabled":true},{"techniqueID":"T1126","score":100,"enabled":true},{"techniqueID":"T1127","score":100,"enabled":true},{"techniqueID":"T1128","score":100,"enabled":true},{"techniqueID":"T1130","score":100,"enabled":true},{"techniqueID":"T1132","score":100,"enabled":true},{"techniqueID":"T1134","score":100,"enabled":true},{"techniqueID":"T1135","score":100,"enabled":true},{"techniqueID":"T1136","score":100,"enabled":true},{"techniqueID":"T1137","score":100,"enabled":true},{"techniqueID":"T1138","score":100,"enabled":true},{"techniqueID":"T1139","score":100,"enabled":true},{"techniqueID":"T1140","score":100,"enabled":true},{"techniqueID":"T1141","score":100,"enabled":true},{"techniqueID":"T1142","score":100,"enabled":true},{"techniqueID":"T1144","score":100,"enabled":true},{"techniqueID":"T1145","score":100,"enabled":true},{"techniqueID":"T1146","score":100,"enabled":true},{"techniqueID":"T1147","score":100,"enabled":true},{"techniqueID":"T1148","score":100,"enabled":true},{"techniqueID":"T1150","score":100,"enabled":true},{"techniqueID":"T1151","score":100,"enabled":true},{"techniqueID":"T1152","score":100,"enabled":true},{"techniqueID":"T1153","score":100,"enabled":true},{"techniqueID":"T1154","score":100,"enabled":true},{"techniqueID":"T1155","score":100,"enabled":true},{"techniqueID":"T1156","score":100,"enabled":true},{"techniqueID":"T1158","score":100,"enabled":true},{"techniqueID":"T1159","score":100,"enabled":true},{"techniqueID":"T1160","score":100,"enabled":true},{"techniqueID":"T1163","score":100,"enabled":true},{"techniqueID":"T1164","score":100,"enabled":true},{"techniqueID":"T1165","score":100,"enabled":true},{"techniqueID":"T1166","score":100,"enabled":true},{"techniqueID":"T1168","score":100,"enabled":true},{"techniqueID":"T1169","score":100,"enabled":true},{"techniqueID":"T1170","score":100,"enabled":true},{"techniqueID":"T1173","score":100,"enabled":true},{"techniqueID":"T1174","score":100,"enabled":true},{"techniqueID":"T1176","score":100,"enabled":true},{"techniqueID":"T1179","score":100,"enabled":true},{"techniqueID":"T1180","score":100,"enabled":true},{"techniqueID":"T1183","score":100,"enabled":true},{"techniqueID":"T1191","score":100,"enabled":true},{"techniqueID":"T1193","score":100,"enabled":true},{"techniqueID":"T1197","score":100,"enabled":true},{"techniqueID":"T1201","score":100,"enabled":true},{"techniqueID":"T1202","score":100,"enabled":true},{"techniqueID":"T1206","score":100,"enabled":true},{"techniqueID":"T1207","score":100,"enabled":true},{"techniqueID":"T1214","score":100,"enabled":true},{"techniqueID":"T1216","score":100,"enabled":true},{"techniqueID":"T1217","score":100,"enabled":true},{"techniqueID":"T1218","score":100,"enabled":true},{"techniqueID":"T1220","score":100,"enabled":true},{"techniqueID":"T1222","score":100,"enabled":true},{"techniqueID":"T1223","score":100,"enabled":true},{"techniqueID":"T1482","score":100,"enabled":true},{"techniqueID":"T1485","score":100,"enabled":true},{"techniqueID":"T1489","score":100,"enabled":true},{"techniqueID":"T1490","score":100,"enabled":true},{"techniqueID":"T1501","score":100,"enabled":true}]}
\ No newline at end of file
+{"version":"2.1","name":"Atomic Red Team","description":"Atomic Red Team MITRE ATT&CK Navigator Layer","domain":"mitre-enterprise","gradient":{"colors":["#ce232e","#ce232e"],"minValue":0,"maxValue":100},"techniques":[{"techniqueID":"T1002","score":100,"enabled":true},{"techniqueID":"T1003","score":100,"enabled":true},{"techniqueID":"T1004","score":100,"enabled":true},{"techniqueID":"T1005","score":100,"enabled":true},{"techniqueID":"T1007","score":100,"enabled":true},{"techniqueID":"T1009","score":100,"enabled":true},{"techniqueID":"T1010","score":100,"enabled":true},{"techniqueID":"T1012","score":100,"enabled":true},{"techniqueID":"T1014","score":100,"enabled":true},{"techniqueID":"T1015","score":100,"enabled":true},{"techniqueID":"T1016","score":100,"enabled":true},{"techniqueID":"T1018","score":100,"enabled":true},{"techniqueID":"T1022","score":100,"enabled":true},{"techniqueID":"T1027","score":100,"enabled":true},{"techniqueID":"T1028","score":100,"enabled":true},{"techniqueID":"T1030","score":100,"enabled":true},{"techniqueID":"T1031","score":100,"enabled":true},{"techniqueID":"T1033","score":100,"enabled":true},{"techniqueID":"T1035","score":100,"enabled":true},{"techniqueID":"T1036","score":100,"enabled":true},{"techniqueID":"T1037","score":100,"enabled":true},{"techniqueID":"T1040","score":100,"enabled":true},{"techniqueID":"T1042","score":100,"enabled":true},{"techniqueID":"T1046","score":100,"enabled":true},{"techniqueID":"T1047","score":100,"enabled":true},{"techniqueID":"T1048","score":100,"enabled":true},{"techniqueID":"T1049","score":100,"enabled":true},{"techniqueID":"T1050","score":100,"enabled":true},{"techniqueID":"T1053","score":100,"enabled":true},{"techniqueID":"T1055","score":100,"enabled":true},{"techniqueID":"T1056","score":100,"enabled":true},{"techniqueID":"T1057","score":100,"enabled":true},{"techniqueID":"T1059","score":100,"enabled":true},{"techniqueID":"T1060","score":100,"enabled":true},{"techniqueID":"T1062","score":100,"enabled":true},{"techniqueID":"T1063","score":100,"enabled":true},{"techniqueID":"T1064","score":100,"enabled":true},{"techniqueID":"T1065","score":100,"enabled":true},{"techniqueID":"T1069","score":100,"enabled":true},{"techniqueID":"T1070","score":100,"enabled":true},{"techniqueID":"T1071","score":100,"enabled":true},{"techniqueID":"T1074","score":100,"enabled":true},{"techniqueID":"T1075","score":100,"enabled":true},{"techniqueID":"T1076","score":100,"enabled":true},{"techniqueID":"T1077","score":100,"enabled":true},{"techniqueID":"T1081","score":100,"enabled":true},{"techniqueID":"T1082","score":100,"enabled":true},{"techniqueID":"T1083","score":100,"enabled":true},{"techniqueID":"T1084","score":100,"enabled":true},{"techniqueID":"T1085","score":100,"enabled":true},{"techniqueID":"T1086","score":100,"enabled":true},{"techniqueID":"T1087","score":100,"enabled":true},{"techniqueID":"T1088","score":100,"enabled":true},{"techniqueID":"T1089","score":100,"enabled":true},{"techniqueID":"T1090","score":100,"enabled":true},{"techniqueID":"T1096","score":100,"enabled":true},{"techniqueID":"T1098","score":100,"enabled":true},{"techniqueID":"T1099","score":100,"enabled":true},{"techniqueID":"T1100","score":100,"enabled":true},{"techniqueID":"T1101","score":100,"enabled":true},{"techniqueID":"T1103","score":100,"enabled":true},{"techniqueID":"T1105","score":100,"enabled":true},{"techniqueID":"T1107","score":100,"enabled":true},{"techniqueID":"T1110","score":100,"enabled":true},{"techniqueID":"T1112","score":100,"enabled":true},{"techniqueID":"T1113","score":100,"enabled":true},{"techniqueID":"T1114","score":100,"enabled":true},{"techniqueID":"T1115","score":100,"enabled":true},{"techniqueID":"T1117","score":100,"enabled":true},{"techniqueID":"T1118","score":100,"enabled":true},{"techniqueID":"T1119","score":100,"enabled":true},{"techniqueID":"T1121","score":100,"enabled":true},{"techniqueID":"T1122","score":100,"enabled":true},{"techniqueID":"T1123","score":100,"enabled":true},{"techniqueID":"T1124","score":100,"enabled":true},{"techniqueID":"T1126","score":100,"enabled":true},{"techniqueID":"T1127","score":100,"enabled":true},{"techniqueID":"T1128","score":100,"enabled":true},{"techniqueID":"T1130","score":100,"enabled":true},{"techniqueID":"T1132","score":100,"enabled":true},{"techniqueID":"T1134","score":100,"enabled":true},{"techniqueID":"T1135","score":100,"enabled":true},{"techniqueID":"T1136","score":100,"enabled":true},{"techniqueID":"T1137","score":100,"enabled":true},{"techniqueID":"T1138","score":100,"enabled":true},{"techniqueID":"T1139","score":100,"enabled":true},{"techniqueID":"T1140","score":100,"enabled":true},{"techniqueID":"T1141","score":100,"enabled":true},{"techniqueID":"T1142","score":100,"enabled":true},{"techniqueID":"T1144","score":100,"enabled":true},{"techniqueID":"T1145","score":100,"enabled":true},{"techniqueID":"T1146","score":100,"enabled":true},{"techniqueID":"T1147","score":100,"enabled":true},{"techniqueID":"T1148","score":100,"enabled":true},{"techniqueID":"T1150","score":100,"enabled":true},{"techniqueID":"T1151","score":100,"enabled":true},{"techniqueID":"T1152","score":100,"enabled":true},{"techniqueID":"T1153","score":100,"enabled":true},{"techniqueID":"T1154","score":100,"enabled":true},{"techniqueID":"T1155","score":100,"enabled":true},{"techniqueID":"T1156","score":100,"enabled":true},{"techniqueID":"T1158","score":100,"enabled":true},{"techniqueID":"T1159","score":100,"enabled":true},{"techniqueID":"T1160","score":100,"enabled":true},{"techniqueID":"T1163","score":100,"enabled":true},{"techniqueID":"T1164","score":100,"enabled":true},{"techniqueID":"T1165","score":100,"enabled":true},{"techniqueID":"T1166","score":100,"enabled":true},{"techniqueID":"T1168","score":100,"enabled":true},{"techniqueID":"T1169","score":100,"enabled":true},{"techniqueID":"T1170","score":100,"enabled":true},{"techniqueID":"T1173","score":100,"enabled":true},{"techniqueID":"T1174","score":100,"enabled":true},{"techniqueID":"T1176","score":100,"enabled":true},{"techniqueID":"T1179","score":100,"enabled":true},{"techniqueID":"T1180","score":100,"enabled":true},{"techniqueID":"T1183","score":100,"enabled":true},{"techniqueID":"T1191","score":100,"enabled":true},{"techniqueID":"T1193","score":100,"enabled":true},{"techniqueID":"T1197","score":100,"enabled":true},{"techniqueID":"T1201","score":100,"enabled":true},{"techniqueID":"T1202","score":100,"enabled":true},{"techniqueID":"T1206","score":100,"enabled":true},{"techniqueID":"T1207","score":100,"enabled":true},{"techniqueID":"T1214","score":100,"enabled":true},{"techniqueID":"T1216","score":100,"enabled":true},{"techniqueID":"T1217","score":100,"enabled":true},{"techniqueID":"T1218","score":100,"enabled":true},{"techniqueID":"T1220","score":100,"enabled":true},{"techniqueID":"T1222","score":100,"enabled":true},{"techniqueID":"T1223","score":100,"enabled":true},{"techniqueID":"T1482","score":100,"enabled":true},{"techniqueID":"T1485","score":100,"enabled":true},{"techniqueID":"T1489","score":100,"enabled":true},{"techniqueID":"T1490","score":100,"enabled":true},{"techniqueID":"T1496","score":100,"enabled":true},{"techniqueID":"T1501","score":100,"enabled":true}]}
\ No newline at end of file
diff --git a/atomics/index.md b/atomics/index.md
index 28414e78..22805814 100644
--- a/atomics/index.md
+++ b/atomics/index.md
@@ -785,6 +785,7 @@
- Atomic Test #2: Windows - Delete Windows Backup Catalog [windows]
- Atomic Test #3: Windows - Disable Windows Recovery Console Repair [windows]
- Atomic Test #4: Windows - Overwrite file with Sysinternals SDelete [windows]
+ - Atomic Test #5: macOS/Linux - Overwrite file with DD [centos, linux, macos, ubuntu]
- T1486 Data Encrypted for Impact [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- T1491 Defacement [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- T1488 Disk Content Wipe [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
@@ -797,7 +798,8 @@
- Atomic Test #3: Windows - Delete Windows Backup Catalog [windows]
- Atomic Test #4: Windows - Disable Windows Recovery Console Repair [windows]
- T1498 Network Denial of Service [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
-- T1496 Resource Hijacking [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
+- [T1496 Resource Hijacking](./T1496/T1496.md)
+ - Atomic Test #1: macOS/Linux - Simulate CPU Load with Yes [macos, centos, ubuntu, linux]
- T1494 Runtime Data Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- [T1489 Service Stop](./T1489/T1489.md)
- Atomic Test #1: Windows - Stop service using Service Controller [windows]
diff --git a/atomics/index.yaml b/atomics/index.yaml
index 19e897a0..8ff99320 100644
--- a/atomics/index.yaml
+++ b/atomics/index.yaml
@@ -21289,7 +21289,31 @@ impact:
default: C:\some\file.txt
executor:
name: command_prompt
- command: 'sdelete.exe #{file_to_overwrite}'
+ command: 'sdelete.exe #{file_to_overwrite}
+
+'
+ - name: macOS/Linux - Overwrite file with DD
+ description: |
+ Overwrites and deletes a file using DD.
+
+ To stop the test, break the command with CTRL/CMD+C.
+ supported_platforms:
+ - centos
+ - linux
+ - macos
+ - ubuntu
+ input_arguments:
+ overwrite_source:
+ description: Path of data source to overwrite with
+ type: Path
+ default: "/dev/zero"
+ file_to_overwrite:
+ description: Path of file to overwrite and remove
+ type: Path
+ default: "/var/log/syslog"
+ executor:
+ name: bash
+ command: dd of=#{file_to_overwrite} if=#{overwrite_source}
'':
technique:
external_references:
@@ -21456,6 +21480,74 @@ impact:
command: |
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
bcdedit.exe /set {default} recoveryenabled no
+ T1496:
+ technique:
+ external_references:
+ - external_id: T1496
+ source_name: mitre-attack
+ url: https://attack.mitre.org/techniques/T1496
+ - url: https://securelist.com/lazarus-under-the-hood/77908/
+ source_name: Kaspersky Lazarus Under The Hood Blog 2017
+ description: GReAT. (2017, April 3). Lazarus Under the Hood. Retrieved April
+ 17, 2019.
+ object_marking_refs:
+ - marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168
+ x_mitre_data_sources:
+ - Process use of network
+ - Process monitoring
+ - Network protocol analysis
+ - Network device logs
+ modified: '2019-04-26T15:26:57.896Z'
+ x_mitre_detection: Consider monitoring process resource usage to determine anomalous
+ activity associated with malicious hijacking of computer resources such as
+ CPU, memory, and graphics processing resources. Monitor for suspicious use
+ of network resources associated with cryptocurrency mining software. Monitor
+ for common cryptomining software process names and files on local systems
+ that may indicate compromise and resource usage.
+ created_by_ref: identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5
+ x_mitre_platforms:
+ - Linux
+ - macOS
+ - Windows
+ kill_chain_phases:
+ - phase_name: impact
+ kill_chain_name: mitre-attack
+ x_mitre_impact_type:
+ - Availability
+ id: attack-pattern--cd25c1b4-935c-4f0e-ba8d-552f28bc4783
+ name: Resource Hijacking
+ created: '2019-04-17T14:50:05.682Z'
+ x_mitre_version: '1.0'
+ type: attack-pattern
+ description: "Adversaries may leverage the resources of co-opted systems in
+ order to solve resource intensive problems which may impact system and/or
+ hosted service availability. \n\nOne common purpose for Resource Hijacking
+ is to validate transactions of cryptocurrency networks and earn virtual currency.
+ Adversaries may consume enough system resources to negatively impact and/or
+ cause affected machines to become unresponsive.(Citation: Kaspersky Lazarus
+ Under The Hood Blog 2017) Servers and cloud-based systems are common targets
+ because of the high potential for available resources, but user endpoint systems
+ may also be compromised and used for Resource Hijacking and cryptocurrency
+ mining."
+ x_mitre_permissions_required:
+ - User
+ - Administrator
+ identifier: T1496
+ atomic_tests:
+ - name: macOS/Linux - Simulate CPU Load with Yes
+ description: |
+ This test simulates a high CPU load as you might observe during cryptojacking attacks.
+ End the test by using CTRL/CMD+C to break.
+ supported_platforms:
+ - macos
+ - centos
+ - ubuntu
+ - linux
+ executor:
+ name: bash
+ command: 'yes > /dev/null
+
+'
T1489:
technique:
external_references:
diff --git a/atomics/linux-index.md b/atomics/linux-index.md
index 6b0465a9..d3147144 100644
--- a/atomics/linux-index.md
+++ b/atomics/linux-index.md
@@ -268,6 +268,7 @@
# impact
- [T1485 Data Destruction](./T1485/T1485.md)
+ - Atomic Test #5: macOS/Linux - Overwrite file with DD [centos, linux, macos, ubuntu]
- T1486 Data Encrypted for Impact [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- T1491 Defacement [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- T1488 Disk Content Wipe [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
@@ -276,7 +277,8 @@
- T1495 Firmware Corruption [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- [T1490 Inhibit System Recovery](./T1490/T1490.md)
- T1498 Network Denial of Service [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
-- T1496 Resource Hijacking [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
+- [T1496 Resource Hijacking](./T1496/T1496.md)
+ - Atomic Test #1: macOS/Linux - Simulate CPU Load with Yes [macos, centos, ubuntu, linux]
- T1494 Runtime Data Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- T1492 Stored Data Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- T1493 Transmitted Data Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
diff --git a/atomics/macos-index.md b/atomics/macos-index.md
index db571b86..b136cf55 100644
--- a/atomics/macos-index.md
+++ b/atomics/macos-index.md
@@ -305,6 +305,7 @@
# impact
- [T1485 Data Destruction](./T1485/T1485.md)
+ - Atomic Test #5: macOS/Linux - Overwrite file with DD [centos, linux, macos, ubuntu]
- T1486 Data Encrypted for Impact [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- T1491 Defacement [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- T1488 Disk Content Wipe [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
@@ -313,7 +314,8 @@
- T1495 Firmware Corruption [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- [T1490 Inhibit System Recovery](./T1490/T1490.md)
- T1498 Network Denial of Service [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
-- T1496 Resource Hijacking [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
+- [T1496 Resource Hijacking](./T1496/T1496.md)
+ - Atomic Test #1: macOS/Linux - Simulate CPU Load with Yes [macos, centos, ubuntu, linux]
- T1494 Runtime Data Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- T1492 Stored Data Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- T1493 Transmitted Data Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
diff --git a/atomics/windows-index.md b/atomics/windows-index.md
index 01ace0e9..354f69d1 100644
--- a/atomics/windows-index.md
+++ b/atomics/windows-index.md
@@ -566,7 +566,7 @@
- Atomic Test #3: Windows - Delete Windows Backup Catalog [windows]
- Atomic Test #4: Windows - Disable Windows Recovery Console Repair [windows]
- T1498 Network Denial of Service [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
-- T1496 Resource Hijacking [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
+- [T1496 Resource Hijacking](./T1496/T1496.md)
- T1494 Runtime Data Manipulation [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- [T1489 Service Stop](./T1489/T1489.md)
- Atomic Test #1: Windows - Stop service using Service Controller [windows]