From f4338f3e0d6ed87da44eae2c41e490fc2b86f9b6 Mon Sep 17 00:00:00 2001
From: aman143kri <42419157+aman143kri@users.noreply.github.com>
Date: Thu, 15 Dec 2022 20:08:54 -0800
Subject: [PATCH] Added Deploying a docker

Fairly straight forward to deploy a container.

Details:
There was no test case for deploying a container in the atomic-red team and I was working with atomic red team so thought to create a pr for this feature

Testing:
Tested using ubuntu as the base image. It creates an image and runs that image to check that image is deployed properly.

It may take up to a couple of minutes to run due to image creation. If it hangs for longer than a minute, something went wrong.

Associated Issues:
None
---
 atomics/T1610/Src/dockerfile |  5 +++++
 atomics/T1610/T1610.yaml     | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 atomics/T1610/Src/dockerfile
 create mode 100644 atomics/T1610/T1610.yaml

diff --git a/atomics/T1610/Src/dockerfile b/atomics/T1610/Src/dockerfile
new file mode 100644
index 00000000..e210c05f
--- /dev/null
+++ b/atomics/T1610/Src/dockerfile
@@ -0,0 +1,5 @@
+FROM ubuntu
+ARG DEBIAN_FRONTEND=noninteractive
+
+RUN  echo "1" > /tmp/output.txt && \
+     echo ' bin/sh -c "while true; do sleep 30;done;"' > /tmp/script.sh && chmod +x /tmp/script.sh
\ No newline at end of file
diff --git a/atomics/T1610/T1610.yaml b/atomics/T1610/T1610.yaml
new file mode 100644
index 00000000..339901b4
--- /dev/null
+++ b/atomics/T1610/T1610.yaml
@@ -0,0 +1,36 @@
+---
+attack_technique: T1610
+display_name: "Deploy a container"
+
+atomic_tests:
+- name: deploycontainer
+  auto_generated_guid: ab2f9520-a17a-4671-9dba-3bd034099fff
+  description: |
+    Adversaries may deploy containers based on retrieved or built malicious images or from benign images that download and execute malicious payloads at runtime. They can do this using docker create and docker start commands 
+
+  supported_platforms:
+  - containers
+  
+  dependency_executor_name: sh
+  dependencies: 
+  - description: Verify docker is installed.
+    prereq_command: |
+      which docker
+    get_prereq_command: |
+      if [ "" == "`which docker`" ]; then echo "Docker Not Found"; if [ -n "`which apt-get`" ]; then sudo apt-get -y install docker ; elif [ -n "`which yum`" ]; then sudo yum -y install docker ; fi ; else echo "Docker installed"; fi
+  
+  - description: Verify docker service is running.
+    prereq_command: |
+      sudo systemctl status docker  --no-pager
+    get_prereq_command: |
+      sudo systemctl start docker
+  
+
+  executor:
+    command: |
+      docker build -t t1610 /home/kali/test/atomic-red-team/atomics/T1610/src/
+      docker run --name t1610_container --rm -itd t1610 bash /tmp/script.sh
+    name: bash
+    cleanup_command: |
+      docker stop t1610_container
+      docker rmi -f t1610:latest