Removed more offending IDs

Author: dlamspl

local/macros.conf

@@ -1,3 +1,3 @@
 [get_attack_data]
-definition = index="attack" Technique!="Technique" Technique!="" Technique!="T1531"
+definition = index="attack" Technique!="Technique" Technique!="" Technique!="T1531" Technique!="T1482" Technique!="T1485" Technique!="T1489" Technique!="T1490" Technique!="T1500" Technique!="T1502" Technique!="T1504" Technique!="T1505" Technique!="T1518" Technique!="T1529"
 iseval = 0

lookups/windows-atomic-red-tests.csv

@@ -10,7 +10,6 @@ defense-evasion,T1088,5,Bypass UAC using ComputerDefaults (PowerShell)
 defense-evasion,T1088,6,Bypass UAC by Mocking Trusted Directories
 defense-evasion,T1191,1,CMSTP Executing Remote Scriptlet
 defense-evasion,T1191,2,CMSTP Executing UAC Bypass
-defense-evasion,T1500,1,Compile After Delivery using csc.exe
 defense-evasion,T1223,1,Compiled HTML Help Local Payload
 defense-evasion,T1223,2,Compiled HTML Help Remote Payload
 defense-evasion,T1090,2,portproxy reg key
@@ -90,7 +89,6 @@ defense-evasion,T1126,2,Remove Network Share
 defense-evasion,T1126,3,Remove Network Share PowerShell
 defense-evasion,T1027,2,Execute base64-encoded PowerShell
 defense-evasion,T1027,3,Execute base64-encoded PowerShell from Windows Registry
-defense-evasion,T1502,1,Parent PID Spoofing using PowerShell
 defense-evasion,T1093,1,Process Hollowing using PowerShell
 defense-evasion,T1055,1,Process Injection via mavinject.exe
 defense-evasion,T1055,4,Process Injection via C#
@@ -147,8 +145,6 @@ privilege-escalation,T1183,1,IFEO Add Debugger
 privilege-escalation,T1183,2,IFEO Global Flags
 privilege-escalation,T1050,1,Service Installation CMD
 privilege-escalation,T1050,2,Service Installation PowerShell
-privilege-escalation,T1502,1,Parent PID Spoofing using PowerShell
-privilege-escalation,T1504,1,Append malicious start-process cmdlet
 privilege-escalation,T1055,1,Process Injection via mavinject.exe
 privilege-escalation,T1055,4,Process Injection via C#
 privilege-escalation,T1055,5,svchost writing a file to a UNC path
@@ -193,7 +189,6 @@ persistence,T1128,1,Netsh Helper DLL Registration
 persistence,T1050,1,Service Installation CMD
 persistence,T1050,2,Service Installation PowerShell
 persistence,T1137,1,DDEAUTO
-persistence,T1504,1,Append malicious start-process cmdlet
 persistence,T1060,1,Reg Key Run
 persistence,T1060,2,Reg Key RunOnce
 persistence,T1060,3,PowerShell Registry RunOnce
@@ -203,7 +198,6 @@ persistence,T1053,3,Scheduled task Remote
 persistence,T1053,4,Powershell Cmdlet Scheduled Task
 persistence,T1180,1,Set Arbitrary Binary as Screensaver
 persistence,T1101,1,Modify SSP configuration in registry
-persistence,T1505,1,Install MS Exchange Transport Agent Persistence
 persistence,T1058,1,Service Registry Permissions Weakness
 persistence,T1023,1,Shortcut Modification
 persistence,T1023,2,Create shortcut to cmd in startup folders
@@ -212,28 +206,13 @@ persistence,T1084,1,Persistence via WMI Event Subscription
 persistence,T1004,1,Winlogon Shell Key Persistence - PowerShell
 persistence,T1004,2,Winlogon Userinit Key Persistence - PowerShell
 persistence,T1004,3,Winlogon Notify Key Logon Persistence - PowerShell
-impact,T1485,1,Windows - Overwrite file with Sysinternals SDelete
-impact,T1490,1,Windows - Delete Volume Shadow Copies
-impact,T1490,2,Windows - Delete Volume Shadow Copies via WMI
-impact,T1490,3,Windows - Delete Windows Backup Catalog
-impact,T1490,4,Windows - Disable Windows Recovery Console Repair
-impact,T1490,5,Windows - Delete Volume Shadow Copies via WMI with PowerShell
-impact,T1490,6,Windows - Delete Backup Files
-impact,T1489,1,Windows - Stop service using Service Controller
-impact,T1489,2,Windows - Stop service using net.exe
-impact,T1489,3,Windows - Stop service by killing process
-impact,T1529,1,Shutdown System - Windows
-impact,T1529,2,Restart System - Windows
 discovery,T1087,8,Enumerate all accounts
 discovery,T1087,9,Enumerate all accounts via PowerShell
 discovery,T1087,10,Enumerate logged on users
 discovery,T1087,11,Enumerate logged on users via PowerShell
 discovery,T1010,1,List Process Main Windows - C# .NET
 discovery,T1217,4,List Google Chrome Bookmarks on Windows with powershell
 discovery,T1217,5,List Google Chrome Bookmarks on Windows with command prompt
-discovery,T1482,1,Windows - Discover domain trusts with dsquery
-discovery,T1482,2,Windows - Discover domain trusts with nltest
-discovery,T1482,3,Powershell enumerate domains and forests
 discovery,T1083,1,File and Directory Discovery (cmd.exe)
 discovery,T1083,2,File and Directory Discovery (PowerShell)
 discovery,T1135,2,Network Share Discovery command prompt
@@ -258,8 +237,6 @@ discovery,T1063,1,Security Software Discovery
 discovery,T1063,2,Security Software Discovery - powershell
 discovery,T1063,4,Security Software Discovery - Sysmon Service
 discovery,T1063,5,Security Software Discovery - AV Discovery via WMI
-discovery,T1518,1,Find and Display Internet Explorer Browser Version
-discovery,T1518,2,Applications Installed
 discovery,T1082,1,System Information Discovery
 discovery,T1082,6,Hostname Discovery (Windows)
 discovery,T1082,8,Windows MachineGUID Discovery

metadata/local.meta

@@ -61,4 +61,4 @@ access = read : [ * ]
 export = none
 owner = admin
 version = 8.0.1
-modtime = 1587039526.751615000
+modtime = 1587043563.477440000