From e74e89f802252af7b67037ccc4461390fd11d617 Mon Sep 17 00:00:00 2001
From: jorik <47347649+jorik-utwente@users.noreply.github.com>
Date: Mon, 2 Dec 2024 16:40:09 +0100
Subject: [PATCH] remove host software binary compromise

---
 ...st-via-host-software-binary-compromise.yml | 21 -------------------
 1 file changed, 21 deletions(-)
 delete mode 100644 nursery/persist-via-host-software-binary-compromise.yml

diff --git a/nursery/persist-via-host-software-binary-compromise.yml b/nursery/persist-via-host-software-binary-compromise.yml
deleted file mode 100644
index dd426a5e..00000000
--- a/nursery/persist-via-host-software-binary-compromise.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-rule:
-  meta:
-    name: persist via host software binary compromise
-    namespace: persistence/file-system
-    authors:
-      - j.j.vannielen@utwente.nl
-    scopes:
-      static: function
-      dynamic: call
-    att&ck:
-      - Persistence::Compromise Client Software Binary [T1554]
-  features:
-    - and:
-      - or:
-        - match: copy file
-        - match: move file
-        - match: write file on Windows
-      - or:
-        - string: /Windows/i
-        - string: /Program Files/i
-      - string: /.exe$/i