updating yaml

atomics/T1053.002/T1053.002.yaml

@@ -54,3 +54,35 @@ atomic_tests:
     elevation_required: false
     command: |-
       echo "#{at_command}" | at #{time_spec}
+
+- name: At - Schedule a job via kubectl in a Pod
+  auto_generated_guid: 9c8a5a3e-1d64-4b4a-9f9a-0e6a9c1b5f2e
+  description: |
+    Launches a short-lived Ubuntu pod, installs the `at` utility, starts the `atd` daemon,
+    and submits a job with `at`. The pod is deleted after execution.
+  supported_platforms:
+  - containers
+  input_arguments:
+    pod_name:
+      description: K8s pod name to execute the command in
+      type: string
+      default: atomic-at-schedule
+    time_spec:
+      description: Time specification of when the command should run
+      type: string
+      default: now + 1 minute
+    at_command:
+      description: The command to be run
+      type: string
+      default: echo Hello from Atomic Red Team
+  dependencies:
+  - description: kubectl must be installed and configured
+    get_prereq_command: |
+      echo "kubectl must be installed manually"
+    prereq_command: |
+      which kubectl
+  executor:
+    name: bash
+    elevation_required: false
+    command: |
+      kubectl run #{pod_name} --image=ubuntu --restart=Never --attach --rm -i -- bash -lc "apt-get update -y >/dev/null 2>&1 && apt-get install -y at >/dev/null 2>&1 && (atd || /usr/sbin/atd) && echo '#{at_command}' | at #{time_spec} && at -l"

atomics/T1195.002/T1195.002.yaml

@@ -0,0 +1,27 @@
+attack_technique: T1195.002
+display_name: Compromise Software Supply Chain
+atomic_tests:
+- name: Simulate npm package installation on a Linux system
+  description: |
+    Launches a short‑lived Kubernetes pod using the Node 18 image, initializes a minimal npm project in /tmp/test, and installs the specified npm package without audit/fund/package‑lock options, simulating potentially suspicious package retrieval (e.g., typosquatting/dependency confusion) from within a container. The pod is deleted after execution.
+  supported_platforms:
+    - containers
+    - linux
+  input_arguments:
+    pod_name:
+      description: Name of the pod
+      type: string
+      default: atomic-npm-install
+    package_name:
+      description: NPM package to install
+      type: string
+      default: lodash
+  dependencies:
+    - description: kubectl must be installed and configured
+      get_prereq_command: echo "kubectl must be installed"
+      prereq_command: which kubectl
+  executor:
+      name: bash
+      elevation_required: false
+      command: |
+        kubectl run #{pod_name} --image=node:18 --restart=Never --attach --rm -i -- bash -lc "mkdir /tmp/test && cd /tmp/test && npm init -y >/dev/null 2>&1 && npm install #{package_name} --no-audit --no-fund --no-package-lock"