move emond test into correct T# (#791)

Co-authored-by: Tony M Lambert <ForensicITGuy@users.noreply.github.com>

atomics/T1165/T1165.yaml

@@ -19,26 +19,3 @@ atomic_tests:
       sudo touch /Library/StartupItems/EvilStartup.plist
     cleanup_command: |
       sudo rm /Library/StartupItems/EvilStartup.plist
-
-- name: Persistance with Event Monitor - emond
-  description: |
-    Establish persistence via a rule run by OSX's emond (Event Monitor) daemon at startup, based on https://posts.specterops.io/leveraging-emond-on-macos-for-persistence-a040a2785124
-
-  supported_platforms:
-    - macos
-
-  input_arguments:
-    plist:
-      description: Path to attacker emond plist file
-      type: path
-      default: $PathToAtomics/T1165/src/T1165_emond.plist
-
-  executor:
-    name: sh
-    elevation_required: true
-    command: |
-      sudo cp "#{plist}" /etc/emond.d/rules/T1165_emond.plist
-      sudo touch /private/var/db/emondClients/T1165
-    cleanup_command: |
-      sudo rm /etc/emond.d/rules/T1165_emond.plist
-      sudo rm /private/var/db/emondClients/T1165

atomics/T1519/T1519.yaml

@@ -0,0 +1,27 @@
+---
+attack_technique: T1519
+display_name: Emond
+
+atomic_tests:
+- name: Persistance with Event Monitor - emond
+  description: |
+    Establish persistence via a rule run by OSX's emond (Event Monitor) daemon at startup, based on https://posts.specterops.io/leveraging-emond-on-macos-for-persistence-a040a2785124
+
+  supported_platforms:
+    - macos
+
+  input_arguments:
+    plist:
+      description: Path to attacker emond plist file
+      type: path
+      default: PathToAtomicsFolder/T1519/src/T1519_emond.plist
+
+  executor:
+    name: sh
+    elevation_required: true
+    command: |
+      sudo cp "#{plist}" /etc/emond.d/rules/T1519_emond.plist
+      sudo touch /private/var/db/emondClients/T1519
+    cleanup_command: |
+      sudo rm /etc/emond.d/rules/T1519_emond.plist
+      sudo rm /private/var/db/emondClients/T1519