Generated docs from job=generate-docs branch=master [ci skip]

README.md

@@ -2,7 +2,7 @@
 
 # Atomic Red Team
 
-![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1644-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
+![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1648-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
 
 Atomic Red Team™ is a library of tests mapped to the
 [MITRE ATT&CK®](https://attack.mitre.org/) framework. Security teams can use

atomics/Indexes/Indexes-CSV/index.csv

@@ -363,6 +363,7 @@ defense-evasion,T1574.006,Hijack Execution Flow: LD_PRELOAD,3,Dylib Injection vi
 defense-evasion,T1070.001,Indicator Removal on Host: Clear Windows Event Logs,1,Clear Logs,e6abb60e-26b8-41da-8aae-0c35174b0967,command_prompt
 defense-evasion,T1070.001,Indicator Removal on Host: Clear Windows Event Logs,2,Delete System Logs Using Clear-EventLog,b13e9306-3351-4b4b-a6e8-477358b0b498,powershell
 defense-evasion,T1070.001,Indicator Removal on Host: Clear Windows Event Logs,3,Clear Event Logs via VBA,1b682d84-f075-4f93-9a89-8a8de19ffd6e,powershell
+defense-evasion,T1222,File and Directory Permissions Modification,1,Enable Local and Remote Symbolic Links via fsutil,6c4ac96f-d4fa-44f4-83ca-56d8f4a55c02,command_prompt
 defense-evasion,T1134.002,Create Process with Token,1,Access Token Manipulation,dbf4f5a9-b8e0-46a3-9841-9ad71247239e,powershell
 defense-evasion,T1134.002,Create Process with Token,2,WinPwn - Get SYSTEM shell - Pop System Shell using Token Manipulation technique,ccf4ac39-ec93-42be-9035-90e2f26bcd92,powershell
 defense-evasion,T1548.001,Abuse Elevation Control Mechanism: Setuid and Setgid,1,Make and modify binary from C source,896dfe97-ae43-4101-8e96-9a7996555d80,sh
@@ -585,6 +586,7 @@ defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,7,Delete an e
 defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,8,Delete Filesystem - Linux,f3aa95fe-4f10-4485-ad26-abf22a764c52,sh
 defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,9,Delete Prefetch File,36f96049-0ad7-4a5f-8418-460acaeb92fb,powershell
 defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,10,Delete TeamViewer Log Files,69f50a5f-967c-4327-a5bb-e1a9a9983785,powershell
+defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,11,Clears Recycle bin via rd,f723d13d-48dc-4317-9990-cf43a9ac0bf2,command_prompt
 defense-evasion,T1221,Template Injection,1,WINWORD Remote Template Injection,1489e08a-82c7-44ee-b769-51b72d03521d,command_prompt
 defense-evasion,T1027.002,Obfuscated Files or Information: Software Packing,1,Binary simply packed by UPX (linux),11c46cd8-e471-450e-acb8-52a1216ae6a4,sh
 defense-evasion,T1027.002,Obfuscated Files or Information: Software Packing,2,"Binary packed by UPX, with modified headers (linux)",f06197f8-ff46-48c2-a0c6-afc1b50665e1,sh
@@ -1868,6 +1870,7 @@ discovery,T1057,Process Discovery,5,Process Discovery - wmic process,640cbf6d-65
 discovery,T1057,Process Discovery,6,Discover Specific Process - tasklist,11ba69ee-902e-4a0f-b3b6-418aed7d7ddb,command_prompt
 discovery,T1057,Process Discovery,7,Process Discovery - Process Hacker,966f4c16-1925-4d9b-8ce0-01334ee0867d,powershell
 discovery,T1057,Process Discovery,8,Process Discovery - PC Hunter,b4ca838d-d013-4461-bf2c-f7132617b409,powershell
+discovery,T1057,Process Discovery,9,Launch Taskmgr from cmd to View running processes,4fd35378-39aa-481e-b7c4-e3bf49375c67,command_prompt
 discovery,T1069.001,Permission Groups Discovery: Local Groups,1,Permission Groups Discovery (Local),952931a4-af0b-4335-bbbe-73c8c5b327ae,sh
 discovery,T1069.001,Permission Groups Discovery: Local Groups,2,Basic Permission Groups Discovery Windows (Local),1f454dd6-e134-44df-bebb-67de70fb6cd8,command_prompt
 discovery,T1069.001,Permission Groups Discovery: Local Groups,3,Permission Groups Discovery PowerShell (Local),a580462d-2c19-4bc7-8b9a-57a41b7d3ba4,powershell
@@ -1899,6 +1902,7 @@ discovery,T1012,Query Registry,1,Query Registry,8f7578c4-9863-4d83-875c-a565573b
 discovery,T1012,Query Registry,2,Query Registry with Powershell cmdlets,0434d081-bb32-42ce-bcbb-3548e4f2628f,powershell
 discovery,T1012,Query Registry,3,Enumerate COM Objects in Registry with Powershell,0d80d088-a84c-4353-af1a-fc8b439f1564,powershell
 discovery,T1012,Query Registry,4,Reg query for AlwaysInstallElevated status,6fb4c4c5-f949-4fd2-8af5-ddbc61595223,command_prompt
+discovery,T1012,Query Registry,5,Check Software Inventory Logging (SIL) status via Registry,5c784969-1d43-4ac7-8c3d-ed6d025ed10d,command_prompt
 discovery,T1614,System Location Discovery,1,Get geolocation info through IP-Lookup services using curl Windows,fe53e878-10a3-477b-963e-4367348f5af5,command_prompt
 discovery,T1614,System Location Discovery,2,"Get geolocation info through IP-Lookup services using curl freebsd, linux or macos",552b4db3-8850-412c-abce-ab5cc8a86604,bash
 discovery,T1518.001,Software Discovery: Security Software Discovery,1,Security Software Discovery,f92a380f-ced9-491f-b338-95a991418ce2,command_prompt

atomics/Indexes/Indexes-CSV/windows-index.csv

@@ -258,6 +258,7 @@ defense-evasion,T1078.001,Valid Accounts: Default Accounts,2,Activate Guest Acco
 defense-evasion,T1070.001,Indicator Removal on Host: Clear Windows Event Logs,1,Clear Logs,e6abb60e-26b8-41da-8aae-0c35174b0967,command_prompt
 defense-evasion,T1070.001,Indicator Removal on Host: Clear Windows Event Logs,2,Delete System Logs Using Clear-EventLog,b13e9306-3351-4b4b-a6e8-477358b0b498,powershell
 defense-evasion,T1070.001,Indicator Removal on Host: Clear Windows Event Logs,3,Clear Event Logs via VBA,1b682d84-f075-4f93-9a89-8a8de19ffd6e,powershell
+defense-evasion,T1222,File and Directory Permissions Modification,1,Enable Local and Remote Symbolic Links via fsutil,6c4ac96f-d4fa-44f4-83ca-56d8f4a55c02,command_prompt
 defense-evasion,T1134.002,Create Process with Token,1,Access Token Manipulation,dbf4f5a9-b8e0-46a3-9841-9ad71247239e,powershell
 defense-evasion,T1134.002,Create Process with Token,2,WinPwn - Get SYSTEM shell - Pop System Shell using Token Manipulation technique,ccf4ac39-ec93-42be-9035-90e2f26bcd92,powershell
 defense-evasion,T1218.008,Signed Binary Proxy Execution: Odbcconf,1,Odbcconf.exe - Execute Arbitrary DLL,2430498b-06c0-4b92-a448-8ad263c388e2,command_prompt
@@ -407,6 +408,7 @@ defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,6,Delete a si
 defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,7,Delete an entire folder - Windows PowerShell,edd779e4-a509-4cba-8dfa-a112543dbfb1,powershell
 defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,9,Delete Prefetch File,36f96049-0ad7-4a5f-8418-460acaeb92fb,powershell
 defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,10,Delete TeamViewer Log Files,69f50a5f-967c-4327-a5bb-e1a9a9983785,powershell
+defense-evasion,T1070.004,Indicator Removal on Host: File Deletion,11,Clears Recycle bin via rd,f723d13d-48dc-4317-9990-cf43a9ac0bf2,command_prompt
 defense-evasion,T1221,Template Injection,1,WINWORD Remote Template Injection,1489e08a-82c7-44ee-b769-51b72d03521d,command_prompt
 defense-evasion,T1622,Debugger Evasion,1,Detect a Debugger Presence in the Machine,58bd8c8d-3a1a-4467-a69c-439c75469b07,powershell
 defense-evasion,T1550.002,Use Alternate Authentication Material: Pass the Hash,1,Mimikatz Pass the Hash,ec23cef9-27d9-46e4-a68d-6f75f7b86908,command_prompt
@@ -1262,6 +1264,7 @@ discovery,T1057,Process Discovery,5,Process Discovery - wmic process,640cbf6d-65
 discovery,T1057,Process Discovery,6,Discover Specific Process - tasklist,11ba69ee-902e-4a0f-b3b6-418aed7d7ddb,command_prompt
 discovery,T1057,Process Discovery,7,Process Discovery - Process Hacker,966f4c16-1925-4d9b-8ce0-01334ee0867d,powershell
 discovery,T1057,Process Discovery,8,Process Discovery - PC Hunter,b4ca838d-d013-4461-bf2c-f7132617b409,powershell
+discovery,T1057,Process Discovery,9,Launch Taskmgr from cmd to View running processes,4fd35378-39aa-481e-b7c4-e3bf49375c67,command_prompt
 discovery,T1069.001,Permission Groups Discovery: Local Groups,2,Basic Permission Groups Discovery Windows (Local),1f454dd6-e134-44df-bebb-67de70fb6cd8,command_prompt
 discovery,T1069.001,Permission Groups Discovery: Local Groups,3,Permission Groups Discovery PowerShell (Local),a580462d-2c19-4bc7-8b9a-57a41b7d3ba4,powershell
 discovery,T1069.001,Permission Groups Discovery: Local Groups,4,SharpHound3 - LocalAdmin,e03ada14-0980-4107-aff1-7783b2b59bb1,powershell
@@ -1280,6 +1283,7 @@ discovery,T1012,Query Registry,1,Query Registry,8f7578c4-9863-4d83-875c-a565573b
 discovery,T1012,Query Registry,2,Query Registry with Powershell cmdlets,0434d081-bb32-42ce-bcbb-3548e4f2628f,powershell
 discovery,T1012,Query Registry,3,Enumerate COM Objects in Registry with Powershell,0d80d088-a84c-4353-af1a-fc8b439f1564,powershell
 discovery,T1012,Query Registry,4,Reg query for AlwaysInstallElevated status,6fb4c4c5-f949-4fd2-8af5-ddbc61595223,command_prompt
+discovery,T1012,Query Registry,5,Check Software Inventory Logging (SIL) status via Registry,5c784969-1d43-4ac7-8c3d-ed6d025ed10d,command_prompt
 discovery,T1614,System Location Discovery,1,Get geolocation info through IP-Lookup services using curl Windows,fe53e878-10a3-477b-963e-4367348f5af5,command_prompt
 discovery,T1518.001,Software Discovery: Security Software Discovery,1,Security Software Discovery,f92a380f-ced9-491f-b338-95a991418ce2,command_prompt
 discovery,T1518.001,Software Discovery: Security Software Discovery,2,Security Software Discovery - powershell,7f566051-f033-49fb-89de-b6bacab730f0,powershell

atomics/Indexes/Indexes-Markdown/index.md

@@ -443,7 +443,8 @@
   - Atomic Test #1: Clear Logs [windows]
   - Atomic Test #2: Delete System Logs Using Clear-EventLog [windows]
   - Atomic Test #3: Clear Event Logs via VBA [windows]
-- T1222 File and Directory Permissions Modification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
+- [T1222 File and Directory Permissions Modification](../../T1222/T1222.md)
+  - Atomic Test #1: Enable Local and Remote Symbolic Links via fsutil [windows]
 - T1548 Abuse Elevation Control Mechanism [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1134.002 Create Process with Token](../../T1134.002/T1134.002.md)
   - Atomic Test #1: Access Token Manipulation [windows]
@@ -750,6 +751,7 @@
   - Atomic Test #8: Delete Filesystem - Linux [linux]
   - Atomic Test #9: Delete Prefetch File [windows]
   - Atomic Test #10: Delete TeamViewer Log Files [windows]
+  - Atomic Test #11: Clears Recycle bin via rd [windows]
 - [T1221 Template Injection](../../T1221/T1221.md)
   - Atomic Test #1: WINWORD Remote Template Injection [windows]
 - T1134 Access Token Manipulation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -2543,6 +2545,7 @@
   - Atomic Test #6: Discover Specific Process - tasklist [windows]
   - Atomic Test #7: Process Discovery - Process Hacker [windows]
   - Atomic Test #8: Process Discovery - PC Hunter [windows]
+  - Atomic Test #9: Launch Taskmgr from cmd to View running processes [windows]
 - T1497.002 User Activity Based Checks [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1069.001 Permission Groups Discovery: Local Groups](../../T1069.001/T1069.001.md)
   - Atomic Test #1: Permission Groups Discovery (Local) [linux, macos]
@@ -2579,6 +2582,7 @@
   - Atomic Test #2: Query Registry with Powershell cmdlets [windows]
   - Atomic Test #3: Enumerate COM Objects in Registry with Powershell [windows]
   - Atomic Test #4: Reg query for AlwaysInstallElevated status [windows]
+  - Atomic Test #5: Check Software Inventory Logging (SIL) status via Registry [windows]
 - [T1614 System Location Discovery](../../T1614/T1614.md)
   - Atomic Test #1: Get geolocation info through IP-Lookup services using curl Windows [windows]
   - Atomic Test #2: Get geolocation info through IP-Lookup services using curl freebsd, linux or macos [macos, linux]

atomics/Indexes/Indexes-Markdown/windows-index.md

@@ -322,7 +322,8 @@
   - Atomic Test #1: Clear Logs [windows]
   - Atomic Test #2: Delete System Logs Using Clear-EventLog [windows]
   - Atomic Test #3: Clear Event Logs via VBA [windows]
-- T1222 File and Directory Permissions Modification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
+- [T1222 File and Directory Permissions Modification](../../T1222/T1222.md)
+  - Atomic Test #1: Enable Local and Remote Symbolic Links via fsutil [windows]
 - T1548 Abuse Elevation Control Mechanism [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1134.002 Create Process with Token](../../T1134.002/T1134.002.md)
   - Atomic Test #1: Access Token Manipulation [windows]
@@ -536,6 +537,7 @@
   - Atomic Test #7: Delete an entire folder - Windows PowerShell [windows]
   - Atomic Test #9: Delete Prefetch File [windows]
   - Atomic Test #10: Delete TeamViewer Log Files [windows]
+  - Atomic Test #11: Clears Recycle bin via rd [windows]
 - [T1221 Template Injection](../../T1221/T1221.md)
   - Atomic Test #1: WINWORD Remote Template Injection [windows]
 - T1134 Access Token Manipulation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -1783,6 +1785,7 @@
   - Atomic Test #6: Discover Specific Process - tasklist [windows]
   - Atomic Test #7: Process Discovery - Process Hacker [windows]
   - Atomic Test #8: Process Discovery - PC Hunter [windows]
+  - Atomic Test #9: Launch Taskmgr from cmd to View running processes [windows]
 - T1497.002 User Activity Based Checks [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1069.001 Permission Groups Discovery: Local Groups](../../T1069.001/T1069.001.md)
   - Atomic Test #2: Basic Permission Groups Discovery Windows (Local) [windows]
@@ -1806,6 +1809,7 @@
   - Atomic Test #2: Query Registry with Powershell cmdlets [windows]
   - Atomic Test #3: Enumerate COM Objects in Registry with Powershell [windows]
   - Atomic Test #4: Reg query for AlwaysInstallElevated status [windows]
+  - Atomic Test #5: Check Software Inventory Logging (SIL) status via Registry [windows]
 - [T1614 System Location Discovery](../../T1614/T1614.md)
   - Atomic Test #1: Get geolocation info through IP-Lookup services using curl Windows [windows]
 - [T1518.001 Software Discovery: Security Software Discovery](../../T1518.001/T1518.001.md)

atomics/Indexes/Matrices/matrix.md

@@ -80,7 +80,7 @@
 |  |  | Container Service [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Event Triggered Execution: Component Object Model Hijacking](../../T1546.015/T1546.015.md) | [Valid Accounts: Default Accounts](../../T1078.001/T1078.001.md) |  |  |  |  |  |  |  |
 |  |  | Valid Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Hijack Execution Flow: Path Interception by Unquoted Path](../../T1574.009/T1574.009.md) | [Hijack Execution Flow: LD_PRELOAD](../../T1574.006/T1574.006.md) |  |  |  |  |  |  |  |
 |  |  | Multi-Factor Authentication [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Boot or Logon Initialization Scripts: Startup Items](../../T1037.005/T1037.005.md) | [Indicator Removal on Host: Clear Windows Event Logs](../../T1070.001/T1070.001.md) |  |  |  |  |  |  |  |
-|  |  | [IIS Components](../../T1505.004/T1505.004.md) | Domain Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | File and Directory Permissions Modification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
+|  |  | [IIS Components](../../T1505.004/T1505.004.md) | Domain Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [File and Directory Permissions Modification](../../T1222/T1222.md) |  |  |  |  |  |  |  |
 |  |  | [Event Triggered Execution](../../T1546/T1546.md) | Network Logon Script [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Abuse Elevation Control Mechanism [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
 |  |  | [Event Triggered Execution: .bash_profile .bashrc and .shrc](../../T1546.004/T1546.004.md) | [Event Triggered Execution: AppInit DLLs](../../T1546.010/T1546.010.md) | [Create Process with Token](../../T1134.002/T1134.002.md) |  |  |  |  |  |  |  |
 |  |  | [Authentication Package](../../T1547.002/T1547.002.md) | [Event Triggered Execution: Screensaver](../../T1546.002/T1546.002.md) | [Abuse Elevation Control Mechanism: Setuid and Setgid](../../T1548.001/T1548.001.md) |  |  |  |  |  |  |  |

atomics/Indexes/Matrices/windows-matrix.md

@@ -64,7 +64,7 @@
 |  |  | [Authentication Package](../../T1547.002/T1547.002.md) | Installer Packages [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Domain Policy Modification: Group Policy Modification](../../T1484.001/T1484.001.md) |  |  |  |  |  |  |  |
 |  |  | [Event Triggered Execution: Component Object Model Hijacking](../../T1546.015/T1546.015.md) | Access Token Manipulation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Valid Accounts: Default Accounts](../../T1078.001/T1078.001.md) |  |  |  |  |  |  |  |
 |  |  | [Office Application Startup: Outlook Home Page](../../T1137.004/T1137.004.md) | Thread Local Storage [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Indicator Removal on Host: Clear Windows Event Logs](../../T1070.001/T1070.001.md) |  |  |  |  |  |  |  |
-|  |  | [Hijack Execution Flow: Path Interception by Unquoted Path](../../T1574.009/T1574.009.md) | [Hijack Execution Flow: DLL Side-Loading](../../T1574.002/T1574.002.md) | File and Directory Permissions Modification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
+|  |  | [Hijack Execution Flow: Path Interception by Unquoted Path](../../T1574.009/T1574.009.md) | [Hijack Execution Flow: DLL Side-Loading](../../T1574.002/T1574.002.md) | [File and Directory Permissions Modification](../../T1222/T1222.md) |  |  |  |  |  |  |  |
 |  |  | Domain Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Account Manipulation: Additional Email Delegate Permissions [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | Abuse Elevation Control Mechanism [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) |  |  |  |  |  |  |  |
 |  |  | Network Logon Script [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing) | [Boot or Logon Initialization Scripts: Logon Script (Windows)](../../T1037.001/T1037.001.md) | [Create Process with Token](../../T1134.002/T1134.002.md) |  |  |  |  |  |  |  |
 |  |  | [BITS Jobs](../../T1197/T1197.md) | [Process Injection: ListPlanting](../../T1055.015/T1055.015.md) | [Signed Binary Proxy Execution: Odbcconf](../../T1218.008/T1218.008.md) |  |  |  |  |  |  |  |

atomics/Indexes/azure-ad-index.yaml

@@ -6224,6 +6224,7 @@ defense-evasion:
       x_mitre_attack_spec_version: 2.1.0
       x_mitre_modified_by_ref: identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5
       spec_version: '2.1'
+      identifier: T1222
     atomic_tests: []
   T1548:
     technique:

atomics/Indexes/containers-index.yaml

@@ -6162,6 +6162,7 @@ defense-evasion:
       x_mitre_attack_spec_version: 2.1.0
       x_mitre_modified_by_ref: identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5
       spec_version: '2.1'
+      identifier: T1222
     atomic_tests: []
   T1548:
     technique:

atomics/Indexes/google-workspace-index.yaml

@@ -6128,6 +6128,7 @@ defense-evasion:
       x_mitre_attack_spec_version: 2.1.0
       x_mitre_modified_by_ref: identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5
       spec_version: '2.1'
+      identifier: T1222
     atomic_tests: []
   T1548:
     technique:

atomics/Indexes/iaas-index.yaml

@@ -6128,6 +6128,7 @@ defense-evasion:
       x_mitre_attack_spec_version: 2.1.0
       x_mitre_modified_by_ref: identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5
       spec_version: '2.1'
+      identifier: T1222
     atomic_tests: []
   T1548:
     technique: