From 7ff7030e7543f015e52f6a29bcc28ce6331f6f4e Mon Sep 17 00:00:00 2001
From: well123cs <119821998+well123cs@users.noreply.github.com>
Date: Sun, 2 Apr 2023 19:12:05 -0700
Subject: [PATCH] Update T1069.001.yaml

---
 atomics/T1069.001/T1069.001.yaml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/atomics/T1069.001/T1069.001.yaml b/atomics/T1069.001/T1069.001.yaml
index 02e0909b..eb33a8e0 100644
--- a/atomics/T1069.001/T1069.001.yaml
+++ b/atomics/T1069.001/T1069.001.yaml
@@ -99,3 +99,28 @@ atomic_tests:
     command: |
       Get-WMIObject Win32_Group
     name: powershell
+- name: Permission Groups Discovery for Containers- Local Groups
+  description: Attackers may try to obtain a list of services that are operating on remote hosts and local network infrastructure devices, in order to identify potential vulnerabilities that can be exploited through remote software attacks. They typically use tools to conduct port and vulnerability scans in order to obtain this information.
+  supported_platforms:
+  - containers
+  dependency_executor_name: sh
+  dependencies:
+  - description: Verify docker is installed.
+    prereq_command: |
+      which docker
+    get_prereq_command: |
+      if [ "" == "`which docker`" ]; then echo "Docker Not Found"; if [ -n "`which apt-get`" ]; then sudo apt-get -y install docker ; elif [ -n "`which yum`" ]; then sudo yum -y install docker ; fi ; else echo "Docker installed"; fi
+  - description: Verify docker service is running.
+    prereq_command: |
+      sudo systemctl status docker  --no-pager
+    get_prereq_command: |
+      sudo systemctl start docker
+  executor:
+    command: |-
+      docker build -t t1069 PathtoAtomicsFolder/T1069/src/
+      docker run --name t1069_container  -d -t t1069
+      docker exec t1069_container ./test.sh
+    cleanup_command: |-
+      docker stop t1069_container
+      docker rmi -f t1069
+    name: sh