Generate docs from job=validate_atomics_generate_docs branch=master

atomics/Indexes/Indexes-CSV/index.csv

@@ -46,9 +46,9 @@ privilege-escalation,T1547.007,Re-opened Applications,2,Re-Opened Applications,5
 privilege-escalation,T1547.001,Registry Run Keys / Startup Folder,1,Reg Key Run,e55be3fd-3521-4610-9d1a-e210e42dcf05,command_prompt
 privilege-escalation,T1547.001,Registry Run Keys / Startup Folder,2,Reg Key RunOnce,554cbd88-cde1-4b56-8168-0be552eed9eb,command_prompt
 privilege-escalation,T1547.001,Registry Run Keys / Startup Folder,3,PowerShell Registry RunOnce,eb44f842-0457-4ddc-9b92-c4caa144ac42,powershell
-privilege-escalation,T1547.001,Registry Run Keys / Startup Folder,4,Supicious vbs file run from startup Folder,2cb98256-625e-4da9-9d44-f2e5f90b8bd5,powershell
-privilege-escalation,T1547.001,Registry Run Keys / Startup Folder,5,Supicious jse file run from startup Folder,dade9447-791e-4c8f-b04b-3a35855dfa06,powershell
-privilege-escalation,T1547.001,Registry Run Keys / Startup Folder,6,Supicious bat file run from startup Folder,5b6768e4-44d2-44f0-89da-a01d1430fd5e,powershell
+privilege-escalation,T1547.001,Registry Run Keys / Startup Folder,4,Suspicious vbs file run from startup Folder,2cb98256-625e-4da9-9d44-f2e5f90b8bd5,powershell
+privilege-escalation,T1547.001,Registry Run Keys / Startup Folder,5,Suspicious jse file run from startup Folder,dade9447-791e-4c8f-b04b-3a35855dfa06,powershell
+privilege-escalation,T1547.001,Registry Run Keys / Startup Folder,6,Suspicious bat file run from startup Folder,5b6768e4-44d2-44f0-89da-a01d1430fd5e,powershell
 privilege-escalation,T1053.005,Scheduled Task,1,Scheduled Task Startup Script,fec27f65-db86-4c2d-b66c-61945aee87c2,command_prompt
 privilege-escalation,T1053.005,Scheduled Task,2,Scheduled task Local,42f53695-ad4a-4546-abb6-7d837f644a71,command_prompt
 privilege-escalation,T1053.005,Scheduled Task,3,Scheduled task Remote,2e5eac3e-327b-4a88-a0c0-c4057039a8dd,command_prompt
@@ -124,9 +124,9 @@ persistence,T1547.007,Re-opened Applications,2,Re-Opened Applications,5f5b71da-e
 persistence,T1547.001,Registry Run Keys / Startup Folder,1,Reg Key Run,e55be3fd-3521-4610-9d1a-e210e42dcf05,command_prompt
 persistence,T1547.001,Registry Run Keys / Startup Folder,2,Reg Key RunOnce,554cbd88-cde1-4b56-8168-0be552eed9eb,command_prompt
 persistence,T1547.001,Registry Run Keys / Startup Folder,3,PowerShell Registry RunOnce,eb44f842-0457-4ddc-9b92-c4caa144ac42,powershell
-persistence,T1547.001,Registry Run Keys / Startup Folder,4,Supicious vbs file run from startup Folder,2cb98256-625e-4da9-9d44-f2e5f90b8bd5,powershell
-persistence,T1547.001,Registry Run Keys / Startup Folder,5,Supicious jse file run from startup Folder,dade9447-791e-4c8f-b04b-3a35855dfa06,powershell
-persistence,T1547.001,Registry Run Keys / Startup Folder,6,Supicious bat file run from startup Folder,5b6768e4-44d2-44f0-89da-a01d1430fd5e,powershell
+persistence,T1547.001,Registry Run Keys / Startup Folder,4,Suspicious vbs file run from startup Folder,2cb98256-625e-4da9-9d44-f2e5f90b8bd5,powershell
+persistence,T1547.001,Registry Run Keys / Startup Folder,5,Suspicious jse file run from startup Folder,dade9447-791e-4c8f-b04b-3a35855dfa06,powershell
+persistence,T1547.001,Registry Run Keys / Startup Folder,6,Suspicious bat file run from startup Folder,5b6768e4-44d2-44f0-89da-a01d1430fd5e,powershell
 persistence,T1053.005,Scheduled Task,1,Scheduled Task Startup Script,fec27f65-db86-4c2d-b66c-61945aee87c2,command_prompt
 persistence,T1053.005,Scheduled Task,2,Scheduled task Local,42f53695-ad4a-4546-abb6-7d837f644a71,command_prompt
 persistence,T1053.005,Scheduled Task,3,Scheduled task Remote,2e5eac3e-327b-4a88-a0c0-c4057039a8dd,command_prompt

atomics/Indexes/Indexes-CSV/windows-index.csv

@@ -30,9 +30,9 @@ privilege-escalation,T1055,Process Injection,1,Process Injection via mavinject.e
 privilege-escalation,T1547.001,Registry Run Keys / Startup Folder,1,Reg Key Run,e55be3fd-3521-4610-9d1a-e210e42dcf05,command_prompt
 privilege-escalation,T1547.001,Registry Run Keys / Startup Folder,2,Reg Key RunOnce,554cbd88-cde1-4b56-8168-0be552eed9eb,command_prompt
 privilege-escalation,T1547.001,Registry Run Keys / Startup Folder,3,PowerShell Registry RunOnce,eb44f842-0457-4ddc-9b92-c4caa144ac42,powershell
-privilege-escalation,T1547.001,Registry Run Keys / Startup Folder,4,Supicious vbs file run from startup Folder,2cb98256-625e-4da9-9d44-f2e5f90b8bd5,powershell
-privilege-escalation,T1547.001,Registry Run Keys / Startup Folder,5,Supicious jse file run from startup Folder,dade9447-791e-4c8f-b04b-3a35855dfa06,powershell
-privilege-escalation,T1547.001,Registry Run Keys / Startup Folder,6,Supicious bat file run from startup Folder,5b6768e4-44d2-44f0-89da-a01d1430fd5e,powershell
+privilege-escalation,T1547.001,Registry Run Keys / Startup Folder,4,Suspicious vbs file run from startup Folder,2cb98256-625e-4da9-9d44-f2e5f90b8bd5,powershell
+privilege-escalation,T1547.001,Registry Run Keys / Startup Folder,5,Suspicious jse file run from startup Folder,dade9447-791e-4c8f-b04b-3a35855dfa06,powershell
+privilege-escalation,T1547.001,Registry Run Keys / Startup Folder,6,Suspicious bat file run from startup Folder,5b6768e4-44d2-44f0-89da-a01d1430fd5e,powershell
 privilege-escalation,T1053.005,Scheduled Task,1,Scheduled Task Startup Script,fec27f65-db86-4c2d-b66c-61945aee87c2,command_prompt
 privilege-escalation,T1053.005,Scheduled Task,2,Scheduled task Local,42f53695-ad4a-4546-abb6-7d837f644a71,command_prompt
 privilege-escalation,T1053.005,Scheduled Task,3,Scheduled task Remote,2e5eac3e-327b-4a88-a0c0-c4057039a8dd,command_prompt
@@ -210,9 +210,9 @@ persistence,T1546.013,PowerShell Profile,1,Append malicious start-process cmdlet
 persistence,T1547.001,Registry Run Keys / Startup Folder,1,Reg Key Run,e55be3fd-3521-4610-9d1a-e210e42dcf05,command_prompt
 persistence,T1547.001,Registry Run Keys / Startup Folder,2,Reg Key RunOnce,554cbd88-cde1-4b56-8168-0be552eed9eb,command_prompt
 persistence,T1547.001,Registry Run Keys / Startup Folder,3,PowerShell Registry RunOnce,eb44f842-0457-4ddc-9b92-c4caa144ac42,powershell
-persistence,T1547.001,Registry Run Keys / Startup Folder,4,Supicious vbs file run from startup Folder,2cb98256-625e-4da9-9d44-f2e5f90b8bd5,powershell
-persistence,T1547.001,Registry Run Keys / Startup Folder,5,Supicious jse file run from startup Folder,dade9447-791e-4c8f-b04b-3a35855dfa06,powershell
-persistence,T1547.001,Registry Run Keys / Startup Folder,6,Supicious bat file run from startup Folder,5b6768e4-44d2-44f0-89da-a01d1430fd5e,powershell
+persistence,T1547.001,Registry Run Keys / Startup Folder,4,Suspicious vbs file run from startup Folder,2cb98256-625e-4da9-9d44-f2e5f90b8bd5,powershell
+persistence,T1547.001,Registry Run Keys / Startup Folder,5,Suspicious jse file run from startup Folder,dade9447-791e-4c8f-b04b-3a35855dfa06,powershell
+persistence,T1547.001,Registry Run Keys / Startup Folder,6,Suspicious bat file run from startup Folder,5b6768e4-44d2-44f0-89da-a01d1430fd5e,powershell
 persistence,T1053.005,Scheduled Task,1,Scheduled Task Startup Script,fec27f65-db86-4c2d-b66c-61945aee87c2,command_prompt
 persistence,T1053.005,Scheduled Task,2,Scheduled task Local,42f53695-ad4a-4546-abb6-7d837f644a71,command_prompt
 persistence,T1053.005,Scheduled Task,3,Scheduled task Remote,2e5eac3e-327b-4a88-a0c0-c4057039a8dd,command_prompt

atomics/Indexes/Indexes-Markdown/index.md

@@ -112,9 +112,9 @@
   - Atomic Test #1: Reg Key Run [windows]
   - Atomic Test #2: Reg Key RunOnce [windows]
   - Atomic Test #3: PowerShell Registry RunOnce [windows]
-  - Atomic Test #4: Supicious vbs file run from startup Folder [windows]
-  - Atomic Test #5: Supicious jse file run from startup Folder [windows]
-  - Atomic Test #6: Supicious bat file run from startup Folder [windows]
+  - Atomic Test #4: Suspicious vbs file run from startup Folder [windows]
+  - Atomic Test #5: Suspicious jse file run from startup Folder [windows]
+  - Atomic Test #6: Suspicious bat file run from startup Folder [windows]
 - T1134.005 SID-History Injection [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1053.005 Scheduled Task](../../T1053.005/T1053.005.md)
   - Atomic Test #1: Scheduled Task Startup Script [windows]
@@ -287,9 +287,9 @@
   - Atomic Test #1: Reg Key Run [windows]
   - Atomic Test #2: Reg Key RunOnce [windows]
   - Atomic Test #3: PowerShell Registry RunOnce [windows]
-  - Atomic Test #4: Supicious vbs file run from startup Folder [windows]
-  - Atomic Test #5: Supicious jse file run from startup Folder [windows]
-  - Atomic Test #6: Supicious bat file run from startup Folder [windows]
+  - Atomic Test #4: Suspicious vbs file run from startup Folder [windows]
+  - Atomic Test #5: Suspicious jse file run from startup Folder [windows]
+  - Atomic Test #6: Suspicious bat file run from startup Folder [windows]
 - T1505.001 SQL Stored Procedures [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1053.005 Scheduled Task](../../T1053.005/T1053.005.md)
   - Atomic Test #1: Scheduled Task Startup Script [windows]

atomics/Indexes/Indexes-Markdown/windows-index.md

@@ -77,9 +77,9 @@
   - Atomic Test #1: Reg Key Run [windows]
   - Atomic Test #2: Reg Key RunOnce [windows]
   - Atomic Test #3: PowerShell Registry RunOnce [windows]
-  - Atomic Test #4: Supicious vbs file run from startup Folder [windows]
-  - Atomic Test #5: Supicious jse file run from startup Folder [windows]
-  - Atomic Test #6: Supicious bat file run from startup Folder [windows]
+  - Atomic Test #4: Suspicious vbs file run from startup Folder [windows]
+  - Atomic Test #5: Suspicious jse file run from startup Folder [windows]
+  - Atomic Test #6: Suspicious bat file run from startup Folder [windows]
 - T1134.005 SID-History Injection [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1053.005 Scheduled Task](../../T1053.005/T1053.005.md)
   - Atomic Test #1: Scheduled Task Startup Script [windows]
@@ -434,9 +434,9 @@
   - Atomic Test #1: Reg Key Run [windows]
   - Atomic Test #2: Reg Key RunOnce [windows]
   - Atomic Test #3: PowerShell Registry RunOnce [windows]
-  - Atomic Test #4: Supicious vbs file run from startup Folder [windows]
-  - Atomic Test #5: Supicious jse file run from startup Folder [windows]
-  - Atomic Test #6: Supicious bat file run from startup Folder [windows]
+  - Atomic Test #4: Suspicious vbs file run from startup Folder [windows]
+  - Atomic Test #5: Suspicious jse file run from startup Folder [windows]
+  - Atomic Test #6: Suspicious bat file run from startup Folder [windows]
 - T1505.001 SQL Stored Procedures [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1053.005 Scheduled Task](../../T1053.005/T1053.005.md)
   - Atomic Test #1: Scheduled Task Startup Script [windows]

atomics/Indexes/index.yaml

@@ -5675,7 +5675,7 @@ privilege-escalation:
 '
         name: powershell
         elevation_required: true
-    - name: Supicious vbs file run from startup Folder
+    - name: Suspicious vbs file run from startup Folder
       auto_generated_guid: 2cb98256-625e-4da9-9d44-f2e5f90b8bd5
       description: "vbs files can be placed in and ran from the startup folder to
         maintain persistance. Upon execution, \"T1547.001 Hello, World VBS!\" will
@@ -5695,7 +5695,7 @@ privilege-escalation:
           Remove-Item "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\vbsstartup.vbs" -ErrorAction Ignore
         name: powershell
         elevation_required: true
-    - name: Supicious jse file run from startup Folder
+    - name: Suspicious jse file run from startup Folder
       auto_generated_guid: dade9447-791e-4c8f-b04b-3a35855dfa06
       description: "jse files can be placed in and ran from the startup folder to
         maintain persistance.\nUpon execution, \"T1547.001 Hello, World JSE!\" will
@@ -5715,7 +5715,7 @@ privilege-escalation:
           Remove-Item "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\jsestartup.jse" -ErrorAction Ignore
         name: powershell
         elevation_required: true
-    - name: Supicious bat file run from startup Folder
+    - name: Suspicious bat file run from startup Folder
       auto_generated_guid: 5b6768e4-44d2-44f0-89da-a01d1430fd5e
       description: |
         bat files can be placed in and executed from the startup folder to maintain persistance.
@@ -13669,7 +13669,7 @@ persistence:
 '
         name: powershell
         elevation_required: true
-    - name: Supicious vbs file run from startup Folder
+    - name: Suspicious vbs file run from startup Folder
       auto_generated_guid: 2cb98256-625e-4da9-9d44-f2e5f90b8bd5
       description: "vbs files can be placed in and ran from the startup folder to
         maintain persistance. Upon execution, \"T1547.001 Hello, World VBS!\" will
@@ -13689,7 +13689,7 @@ persistence:
           Remove-Item "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\vbsstartup.vbs" -ErrorAction Ignore
         name: powershell
         elevation_required: true
-    - name: Supicious jse file run from startup Folder
+    - name: Suspicious jse file run from startup Folder
       auto_generated_guid: dade9447-791e-4c8f-b04b-3a35855dfa06
       description: "jse files can be placed in and ran from the startup folder to
         maintain persistance.\nUpon execution, \"T1547.001 Hello, World JSE!\" will
@@ -13709,7 +13709,7 @@ persistence:
           Remove-Item "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\jsestartup.jse" -ErrorAction Ignore
         name: powershell
         elevation_required: true
-    - name: Supicious bat file run from startup Folder
+    - name: Suspicious bat file run from startup Folder
       auto_generated_guid: 5b6768e4-44d2-44f0-89da-a01d1430fd5e
       description: |
         bat files can be placed in and executed from the startup folder to maintain persistance.

atomics/T1547.001/T1547.001.md

@@ -44,11 +44,11 @@ Adversaries can use these configuration locations to execute malware, such as re
 
 - [Atomic Test #3 - PowerShell Registry RunOnce](#atomic-test-3---powershell-registry-runonce)
 
-- [Atomic Test #4 - Supicious vbs file run from startup Folder](#atomic-test-4---supicious-vbs-file-run-from-startup-folder)
+- [Atomic Test #4 - Suspicious vbs file run from startup Folder](#atomic-test-4---suspicious-vbs-file-run-from-startup-folder)
 
-- [Atomic Test #5 - Supicious jse file run from startup Folder](#atomic-test-5---supicious-jse-file-run-from-startup-folder)
+- [Atomic Test #5 - Suspicious jse file run from startup Folder](#atomic-test-5---suspicious-jse-file-run-from-startup-folder)
 
-- [Atomic Test #6 - Supicious bat file run from startup Folder](#atomic-test-6---supicious-bat-file-run-from-startup-folder)
+- [Atomic Test #6 - Suspicious bat file run from startup Folder](#atomic-test-6---suspicious-bat-file-run-from-startup-folder)
 
 
 <br/>
@@ -159,7 +159,7 @@ Remove-ItemProperty -Path #{reg_key_path} -Name "NextRun" -Force -ErrorAction Ig
 <br/>
 <br/>
 
-## Atomic Test #4 - Supicious vbs file run from startup Folder
+## Atomic Test #4 - Suspicious vbs file run from startup Folder
 vbs files can be placed in and ran from the startup folder to maintain persistance. Upon execution, "T1547.001 Hello, World VBS!" will be displayed twice. 
 Additionally, the new files can be viewed in the "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup"
 folder and will also run when the computer is restarted and the user logs in.
@@ -193,7 +193,7 @@ Remove-Item "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\vbssta
 <br/>
 <br/>
 
-## Atomic Test #5 - Supicious jse file run from startup Folder
+## Atomic Test #5 - Suspicious jse file run from startup Folder
 jse files can be placed in and ran from the startup folder to maintain persistance.
 Upon execution, "T1547.001 Hello, World JSE!" will be displayed twice. 
 Additionally, the new files can be viewed in the "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup"
@@ -228,7 +228,7 @@ Remove-Item "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\jsesta
 <br/>
 <br/>
 
-## Atomic Test #6 - Supicious bat file run from startup Folder
+## Atomic Test #6 - Suspicious bat file run from startup Folder
 bat files can be placed in and executed from the startup folder to maintain persistance.
 Upon execution, cmd will be run and immediately closed. Additionally, the new files can be viewed in the "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup"
 folder and will also run when the computer is restarted and the user logs in.