Generate docs from job=validate_atomics_generate_docs branch=master

atomics/T1027/T1027.md

@@ -101,7 +101,7 @@ powershell.exe -Command "IEX ([Text.Encoding]::UNICODE.GetString([Convert]::From
 
 #### Cleanup Commands:
 ```
-Remove-ItemProperty -Force -Path -Path #{registry_key_storage} -Name #{registry_entry_storage}
+Remove-ItemProperty -Force -ErrorAction Ignore -Path #{registry_key_storage} -Name #{registry_entry_storage}
 ```
 
 

atomics/T1036/T1036.md

@@ -182,7 +182,7 @@ Stop-Process -ID $myT1036
 
 #### Cleanup Commands:
 ```
-del #{outputfile}
+Remove-Item #{outputfile} -Force -ErrorAction Ignore
 ```
 
 
@@ -214,7 +214,7 @@ Stop-Process -ID $myT1036
 
 #### Cleanup Commands:
 ```
-del #{outputfile}
+Remove-Item #{outputfile} -Force -ErrorAction Ignore
 ```
 
 

atomics/T1050/T1050.md

@@ -60,14 +60,15 @@ Installs A Local Service via PowerShell
 
 #### Attack Commands: Run with `powershell`!  Elevation Required (e.g. root or admin) 
 ```
-New-Service -Name "#{service_name}" -BinaryPathName "#{binary_path}"
+New-Service -Name "#{service_name}" -BinaryPathName "#{binary_path}" 2>&1 | Out-Null
 Start-Service -Name "#{service_name}"
 ```
 
 #### Cleanup Commands:
 ```
-Stop-Service -Name "#{service_name}"
-(Get-WmiObject Win32_Service -filter "name='#{service_name}'").Delete()
+Stop-Service -Name "#{service_name}" 2>&1 | Out-Null
+try {(Get-WmiObject Win32_Service -filter "name='#{service_name}'").Delete()}
+catch {}
 ```
 
 

atomics/T1053/T1053.md

@@ -120,7 +120,7 @@ Register-ScheduledTask AtomicTask -InputObject $object
 
 #### Cleanup Commands:
 ```
-Unregister-ScheduledTask -TaskName "AtomicTask" -confirm:$false
+Unregister-ScheduledTask -TaskName "AtomicTask" -confirm:$false >$null 2>&1
 ```
 
 

atomics/index.yaml

@@ -3294,11 +3294,12 @@ persistence:
         name: powershell
         elevation_required: true
         command: |
-          New-Service -Name "#{service_name}" -BinaryPathName "#{binary_path}"
+          New-Service -Name "#{service_name}" -BinaryPathName "#{binary_path}" 2>&1 | Out-Null
           Start-Service -Name "#{service_name}"
-        cleanup_command: |
-          Stop-Service -Name "#{service_name}"
-          (Get-WmiObject Win32_Service -filter "name='#{service_name}'").Delete()
+        cleanup_command: |-
+          Stop-Service -Name "#{service_name}" 2>&1 | Out-Null
+          try {(Get-WmiObject Win32_Service -filter "name='#{service_name}'").Delete()}
+          catch {}
   T1137:
     technique:
       x_mitre_data_sources:
@@ -4154,6 +4155,7 @@ persistence:
           $object = New-ScheduledTask -Action $Action -Principal $User -Trigger $Trigger -Settings $Set
           Register-ScheduledTask AtomicTask -InputObject $object
         cleanup_command: 'Unregister-ScheduledTask -TaskName "AtomicTask" -confirm:$false
+          >$null 2>&1
 
 '
   T1180:
@@ -9505,7 +9507,7 @@ defense-evasion:
           copy #{inputfile} #{outputfile}
           $myT1036 = (Start-Process -PassThru -FilePath #{outputfile}).Id
           Stop-Process -ID $myT1036
-        cleanup_command: 'del #{outputfile}
+        cleanup_command: 'Remove-Item #{outputfile} -Force -ErrorAction Ignore
 
 '
     - name: Masquerading - windows exe running as different windows exe
@@ -9531,7 +9533,7 @@ defense-evasion:
           copy #{inputfile} #{outputfile}
           $myT1036 = (Start-Process -PassThru -FilePath #{outputfile}).Id
           Stop-Process -ID $myT1036
-        cleanup_command: 'del #{outputfile}
+        cleanup_command: 'Remove-Item #{outputfile} -Force -ErrorAction Ignore
 
 '
     - name: Malicious process Masquerading as LSM.exe
@@ -10396,10 +10398,8 @@ defense-evasion:
 
           Set-ItemProperty -Force -Path #{registry_key_storage} -Name #{registry_entry_storage} -Value $EncodedCommand
           powershell.exe -Command "IEX ([Text.Encoding]::UNICODE.GetString([Convert]::FromBase64String((gp #{registry_key_storage} #{registry_entry_storage}).#{registry_entry_storage})))"
-        cleanup_command: 'Remove-ItemProperty -Force -Path -Path #{registry_key_storage}
-          -Name #{registry_entry_storage}
-
-'
+        cleanup_command: 'Remove-ItemProperty -Force -ErrorAction Ignore -Path #{registry_key_storage}
+          -Name #{registry_entry_storage}'
   T1502:
     technique:
       x_mitre_data_sources:
@@ -14390,11 +14390,12 @@ privilege-escalation:
         name: powershell
         elevation_required: true
         command: |
-          New-Service -Name "#{service_name}" -BinaryPathName "#{binary_path}"
+          New-Service -Name "#{service_name}" -BinaryPathName "#{binary_path}" 2>&1 | Out-Null
           Start-Service -Name "#{service_name}"
-        cleanup_command: |
-          Stop-Service -Name "#{service_name}"
-          (Get-WmiObject Win32_Service -filter "name='#{service_name}'").Delete()
+        cleanup_command: |-
+          Stop-Service -Name "#{service_name}" 2>&1 | Out-Null
+          try {(Get-WmiObject Win32_Service -filter "name='#{service_name}'").Delete()}
+          catch {}
   T1502:
     technique:
       x_mitre_data_sources:
@@ -15132,6 +15133,7 @@ privilege-escalation:
           $object = New-ScheduledTask -Action $Action -Principal $User -Trigger $Trigger -Settings $Set
           Register-ScheduledTask AtomicTask -InputObject $object
         cleanup_command: 'Unregister-ScheduledTask -TaskName "AtomicTask" -confirm:$false
+          >$null 2>&1
 
 '
   T1058:
@@ -23147,6 +23149,7 @@ execution:
           $object = New-ScheduledTask -Action $Action -Principal $User -Trigger $Trigger -Settings $Set
           Register-ScheduledTask AtomicTask -InputObject $object
         cleanup_command: 'Unregister-ScheduledTask -TaskName "AtomicTask" -confirm:$false
+          >$null 2>&1
 
 '
   T1064: