Create T1622.yaml (#2752)

Created a new folder T1622 and an yaml file for new atomic test

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>

atomics/T1622/T1622.yaml

@@ -0,0 +1,15 @@
+attack_technique: T1622
+display_name: Debugger Evasion
+atomic_tests:
+- name: Detect a Debugger Presence in the Machine
+  description: Detecting a running debugger process or if the debugger is attached to a process via PowerShell
+  supported_platforms:
+  - windows 
+  executor:
+    command: |-
+      # Check for common debugger processes
+      $debuggerProcesses = Get-Process | Where-Object { $_.ProcessName -match "dbg" -or $_.ProcessName -match "debug" }
+      # Check for debugging flags
+      $debuggingFlags = [System.Diagnostics.Debugger]::IsAttached 
+    name: powershell
+    elevation_required: true