Merge pull request #2571 from five-three/master

Correct the capitalization in file names and remove blank lines

atomics/T1552/T1552.md

@@ -43,7 +43,6 @@ echo "starting detonate"
 #### Cleanup Commands:
 ```sh
 export AWS_REGION=#{aws_region}
-
 echo "Cleanup detonation"
 cd #{stratus_path}
 ./stratus cleanup --all
@@ -64,7 +63,7 @@ if [ "$(uname)" == "Darwin" ]
 then DOWNLOAD_URL=$(curl -s https://api.github.com/repos/DataDog/stratus-red-team/releases/latest | grep browser_download_url | grep Darwin_x86_64 | cut -d '"' -f 4); wget -q -O #{stratus_path}/stratus-red-team-latest.tar.gz $DOWNLOAD_URL
   tar -xzvf #{stratus_path}/stratus-red-team-latest.tar.gz --directory #{stratus_path}/
 elif [ "$(expr substr $(uname) 1 5)" == "Linux" ]
-then DOWNLOAD_URL=$(curl -s https://api.github.com/repos/DataDog/stratus-red-team/releases/latest | grep browser_download_url | grep linux_x86_64 | cut -d '"' -f 4) 
+then DOWNLOAD_URL=$(curl -s https://api.github.com/repos/DataDog/stratus-red-team/releases/latest | grep browser_download_url | grep Linux_x86_64 | cut -d '"' -f 4) 
   wget -q -O #{stratus_path}/stratus-red-team-latest.tar.gz $DOWNLOAD_URL
   tar -xzvf #{stratus_path}/stratus-red-team-latest.tar.gz --directory #{stratus_path}/
 fi

atomics/T1552/T1552.yaml

@@ -29,7 +29,7 @@ atomic_tests:
       then DOWNLOAD_URL=$(curl -s https://api.github.com/repos/DataDog/stratus-red-team/releases/latest | grep browser_download_url | grep Darwin_x86_64 | cut -d '"' -f 4); wget -q -O #{stratus_path}/stratus-red-team-latest.tar.gz $DOWNLOAD_URL
         tar -xzvf #{stratus_path}/stratus-red-team-latest.tar.gz --directory #{stratus_path}/
       elif [ "$(expr substr $(uname) 1 5)" == "Linux" ]
-      then DOWNLOAD_URL=$(curl -s https://api.github.com/repos/DataDog/stratus-red-team/releases/latest | grep browser_download_url | grep linux_x86_64 | cut -d '"' -f 4) 
+      then DOWNLOAD_URL=$(curl -s https://api.github.com/repos/DataDog/stratus-red-team/releases/latest | grep browser_download_url | grep Linux_x86_64 | cut -d '"' -f 4) 
         wget -q -O #{stratus_path}/stratus-red-team-latest.tar.gz $DOWNLOAD_URL
         tar -xzvf #{stratus_path}/stratus-red-team-latest.tar.gz --directory #{stratus_path}/
       fi
@@ -49,7 +49,6 @@ atomic_tests:
       ./stratus detonate aws.credential-access.ec2-get-password-data --force
     cleanup_command: |
       export AWS_REGION=#{aws_region}
-
       echo "Cleanup detonation"
       cd #{stratus_path}
       ./stratus cleanup --all

atomics/T1555.003/T1555.003.md

@@ -3,7 +3,7 @@
 <blockquote>Adversaries may acquire credentials from web browsers by reading files specific to the target browser.(Citation: Talos Olympic Destroyer 2018) Web browsers commonly save credentials such as website usernames and passwords so that they do not need to be entered manually in the future. Web browsers typically store the credentials in an encrypted format within a credential store; however, methods exist to extract plaintext credentials from web browsers.
 
 For example, on Windows systems, encrypted credentials may be obtained from Google Chrome by reading a database file, <code>AppData\Local\Google\Chrome\User Data\Default\Login Data</code> and executing a SQL query: <code>SELECT action_url, username_value, password_value FROM logins;</code>. The plaintext password can then be obtained by passing the encrypted credentials to the Windows API function <code>CryptUnprotectData</code>, which uses the victim’s cached logon credentials as the decryption key.(Citation: Microsoft CryptUnprotectData April 2018)
- 
+
 Adversaries have executed similar procedures for common web browsers such as FireFox, Safari, Edge, etc.(Citation: Proofpoint Vega Credential Stealer May 2018)(Citation: FireEye HawkEye Malware July 2017) Windows stores Internet Explorer and Microsoft Edge credentials in Credential Lockers managed by the [Windows Credential Manager](https://attack.mitre.org/techniques/T1555/004).
 
 Adversaries may also acquire credentials by searching web browser process memory for patterns that commonly match credentials.(Citation: GitHub Mimikittenz July 2016)