Generated docs from job=generate-docs branch=master [ci skip]

redcanaryco · Sep 14, 2024 · 3f9d6f4 · 3f9d6f4
1 parent f624645
commit 3f9d6f4
Show file tree

Hide file tree

Showing 7 changed files with 15 additions and 15 deletions.
diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv
@@ -1377,7 +1377,7 @@ collection,T1560.001,Archive Collected Data: Archive via Utility,1,Compress Data
 collection,T1560.001,Archive Collected Data: Archive via Utility,2,Compress Data and lock with password for Exfiltration with winrar,8dd61a55-44c6-43cc-af0c-8bdda276860c,command_prompt
 collection,T1560.001,Archive Collected Data: Archive via Utility,3,Compress Data and lock with password for Exfiltration with winzip,01df0353-d531-408d-a0c5-3161bf822134,command_prompt
 collection,T1560.001,Archive Collected Data: Archive via Utility,4,Compress Data and lock with password for Exfiltration with 7zip,d1334303-59cb-4a03-8313-b3e24d02c198,command_prompt
-collection,T1560.001,Archive Collected Data: Archive via Utility,5,Data Compressed - nix - zip,c51cec55-28dd-4ad2-9461-1eacbc82c3a0,sh
+collection,T1560.001,Archive Collected Data: Archive via Utility,5,Data Compressed - nix - zip,c51cec55-28dd-4ad2-9461-1eacbc82c3a0,bash
 collection,T1560.001,Archive Collected Data: Archive via Utility,6,Data Compressed - nix - gzip Single File,cde3c2af-3485-49eb-9c1f-0ed60e9cc0af,sh
 collection,T1560.001,Archive Collected Data: Archive via Utility,7,Data Compressed - nix - tar Folder or File,7af2b51e-ad1c-498c-aca8-d3290c19535a,sh
 collection,T1560.001,Archive Collected Data: Archive via Utility,8,Data Encrypted with zip and gpg symmetric,0286eb44-e7ce-41a0-b109-3da516e05a5f,sh

diff --git a/atomics/Indexes/Indexes-CSV/linux-index.csv b/atomics/Indexes/Indexes-CSV/linux-index.csv
@@ -202,7 +202,7 @@ command-and-control,T1105,Ingress Tool Transfer,14,whois file download,c99a829f-
 command-and-control,T1105,Ingress Tool Transfer,27,Linux Download File and Run,bdc373c5-e9cf-4563-8a7b-a9ba720a90f3,sh
 command-and-control,T1001.002,Data Obfuscation via Steganography,3,Execute Embedded Script in Image via Steganography,4ff61684-ad91-405c-9fbc-048354ff1d07,sh
 command-and-control,T1090.001,Proxy: Internal Proxy,1,Connection Proxy,0ac21132-4485-4212-a681-349e8a6637cd,sh
-collection,T1560.001,Archive Collected Data: Archive via Utility,5,Data Compressed - nix - zip,c51cec55-28dd-4ad2-9461-1eacbc82c3a0,sh
+collection,T1560.001,Archive Collected Data: Archive via Utility,5,Data Compressed - nix - zip,c51cec55-28dd-4ad2-9461-1eacbc82c3a0,bash
 collection,T1560.001,Archive Collected Data: Archive via Utility,6,Data Compressed - nix - gzip Single File,cde3c2af-3485-49eb-9c1f-0ed60e9cc0af,sh
 collection,T1560.001,Archive Collected Data: Archive via Utility,7,Data Compressed - nix - tar Folder or File,7af2b51e-ad1c-498c-aca8-d3290c19535a,sh
 collection,T1560.001,Archive Collected Data: Archive via Utility,8,Data Encrypted with zip and gpg symmetric,0286eb44-e7ce-41a0-b109-3da516e05a5f,sh

diff --git a/atomics/Indexes/Indexes-CSV/macos-index.csv b/atomics/Indexes/Indexes-CSV/macos-index.csv
@@ -134,7 +134,7 @@ command-and-control,T1105,Ingress Tool Transfer,14,whois file download,c99a829f-
 command-and-control,T1105,Ingress Tool Transfer,31,File download via nscurl,5bcefe5f-3f30-4f1c-a61a-8d7db3f4450c,sh
 command-and-control,T1090.001,Proxy: Internal Proxy,1,Connection Proxy,0ac21132-4485-4212-a681-349e8a6637cd,sh
 command-and-control,T1090.001,Proxy: Internal Proxy,2,Connection Proxy for macOS UI,648d68c1-8bcd-4486-9abe-71c6655b6a2c,sh
-collection,T1560.001,Archive Collected Data: Archive via Utility,5,Data Compressed - nix - zip,c51cec55-28dd-4ad2-9461-1eacbc82c3a0,sh
+collection,T1560.001,Archive Collected Data: Archive via Utility,5,Data Compressed - nix - zip,c51cec55-28dd-4ad2-9461-1eacbc82c3a0,bash
 collection,T1560.001,Archive Collected Data: Archive via Utility,6,Data Compressed - nix - gzip Single File,cde3c2af-3485-49eb-9c1f-0ed60e9cc0af,sh
 collection,T1560.001,Archive Collected Data: Archive via Utility,7,Data Compressed - nix - tar Folder or File,7af2b51e-ad1c-498c-aca8-d3290c19535a,sh
 collection,T1560.001,Archive Collected Data: Archive via Utility,8,Data Encrypted with zip and gpg symmetric,0286eb44-e7ce-41a0-b109-3da516e05a5f,sh

diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
@@ -79681,8 +79681,8 @@ collection:
           (which yum && yum -y install epel-release zip)||(which apt-get && apt-get install -y zip)
           echo Please set input_files argument to include files that exist
       executor:
-        name: sh
-        elevation_required: false
+        name: bash
+        elevation_required: true
         command: 'zip #{output_file} #{input_files}
 
           '

diff --git a/atomics/Indexes/linux-index.yaml b/atomics/Indexes/linux-index.yaml
@@ -46667,8 +46667,8 @@ collection:
           (which yum && yum -y install epel-release zip)||(which apt-get && apt-get install -y zip)
           echo Please set input_files argument to include files that exist
       executor:
-        name: sh
-        elevation_required: false
+        name: bash
+        elevation_required: true
         command: 'zip #{output_file} #{input_files}
 
           '

diff --git a/atomics/Indexes/macos-index.yaml b/atomics/Indexes/macos-index.yaml
@@ -43687,8 +43687,8 @@ collection:
           (which yum && yum -y install epel-release zip)||(which apt-get && apt-get install -y zip)
           echo Please set input_files argument to include files that exist
       executor:
-        name: sh
-        elevation_required: false
+        name: bash
+        elevation_required: true
         command: 'zip #{output_file} #{input_files}
 
           '

diff --git a/atomics/T1560.001/T1560.001.md b/atomics/T1560.001/T1560.001.md
@@ -275,28 +275,28 @@ An adversary may compress data (e.g., sensitive documents) that is collected pri
 | output_file | Path that should be output as a zip archive | path | $HOME/data.zip|
 
 
-#### Attack Commands: Run with `sh`! 
+#### Attack Commands: Run with `bash`!  Elevation Required (e.g. root or admin) 
 
 
-```sh
+```bash
 zip #{output_file} #{input_files}
 ```
 
 #### Cleanup Commands:
-```sh
+```bash
 rm -f #{output_file}
 ```
 
 
 
-#### Dependencies:  Run with `sh`!
+#### Dependencies:  Run with `bash`!
 ##### Description: Files to zip must exist (#{input_files})
 ##### Check Prereq Commands:
-```sh
+```bash
 if [ $(ls #{input_files} | wc -l) > 0 ] && [ -x $(which zip) ] ; then exit 0; else exit 1; fi;
 ```
 ##### Get Prereq Commands:
-```sh
+```bash
 (which yum && yum -y install epel-release zip)||(which apt-get && apt-get install -y zip)
 echo Please set input_files argument to include files that exist
 ```