From 6063e0efac81b0b40c19f56d8b1188eb612083c5 Mon Sep 17 00:00:00 2001
From: Swelc <shane@swelcher.com>
Date: Sun, 1 Jul 2018 14:50:26 -0500
Subject: [PATCH] Added T1062

---
 atomics/T1062/T1062.yaml | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 atomics/T1062/T1062.yaml

diff --git a/atomics/T1062/T1062.yaml b/atomics/T1062/T1062.yaml
new file mode 100644
index 00000000..d0436626
--- /dev/null
+++ b/atomics/T1062/T1062.yaml
@@ -0,0 +1,34 @@
+---
+attack_technique: T1062
+display_name: Hypervisor
+
+atomic_tests:
+- name: Installing Hyper-V Feature
+  description: |
+    PowerShell command to check if Hyper-v is installed .
+    Install Hyper-V feature.
+    Create a New-VM
+
+  supported_platforms:
+    - windows
+
+  input_arguments:
+    hostname:
+      description: Host to query to see if Hyper-V feature is installed.
+      type: string
+      default: test-vm
+    vm_name:
+      description: Create a new VM.
+      type: string
+      default: testvm
+    file_location:
+      description: Location of new VHDX file
+      type: string
+      default: C:\Temp\test.vhdx
+
+  executor:
+    name: powershell
+    command: |
+      Get-WindowsFeature -Name Hyper-V -ComputerName #{hostname}
+      Install-WindowsFeature -Name Hyper-V -ComputerName #{hostname} -IncludeManagementTools
+      New-VM -Name #{vm_name} -MemoryStartupBytes 1GB -NewVHDPath #{file_location} -NewVHDSizeBytes 21474836480