From 07b0f40e60bf481c8c8c2c7b10bb900ee26d09f0 Mon Sep 17 00:00:00 2001
From: well123cs <119821998+well123cs@users.noreply.github.com>
Date: Wed, 12 Apr 2023 13:56:18 -0700
Subject: [PATCH] Delete T1612.yaml

---
 atomics/T1612/T1612.yaml | 30 ------------------------------
 1 file changed, 30 deletions(-)
 delete mode 100644 atomics/T1612/T1612.yaml

diff --git a/atomics/T1612/T1612.yaml b/atomics/T1612/T1612.yaml
deleted file mode 100644
index ffed1670..00000000
--- a/atomics/T1612/T1612.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-attack_technique: T1612
-display_name: "Build Image on Host"
-atomic_tests:
-- name: Build Image On Host
-  auto_generated_guid:
-  description: Adversaries may build a container image directly on a host to bypass defenses that monitor for the retrieval of malicious images from a public registry. An adversary may take advantage of that build API to build a custom image on the host that includes malware downloaded from their C2 server, and then they then may utilize Deploy Container using that custom image.
-  supported_platforms:
-  - containers
-  dependency_executor_name: sh
-  dependencies:
-  - description: Verify docker is installed.
-    prereq_command: |
-      which docker
-    get_prereq_command: |
-      if [ "" == "`which docker`" ]; then echo "Docker Not Found"; if [ -n "`which apt-get`" ]; then sudo apt-get -y install docker ; elif [ -n "`which yum`" ]; then sudo yum -y install docker ; fi ; else echo "Docker installed"; fi
-
-  - description: Verify docker service is running.
-    prereq_command: |
-      sudo systemctl status docker  --no-pager
-    get_prereq_command: |
-      sudo systemctl start docker
-  executor:
-    command: |-
-      docker build -t t1612  $PathtoAtomicsFolder/T1612/src/
-      docker run --name t1612_container  -d -t t1612
-      docker exec t1612_container ./test.sh
-    cleanup_command: |-
-      docker stop t1612_container
-      docker rmi -f t1612
-    name: sh