From 2a7ba54263d0e20b6e94b97cf5ff9e41cabddad1 Mon Sep 17 00:00:00 2001
From: Jake Hill <thefinger31@gmail.com>
Date: Tue, 5 Nov 2019 14:05:28 -0500
Subject: [PATCH] Add test for T1518 that displays Internet Explorer Version
 (#605)

---
 atomics/T1518/T1518.yaml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 atomics/T1518/T1518.yaml

diff --git a/atomics/T1518/T1518.yaml b/atomics/T1518/T1518.yaml
new file mode 100644
index 00000000..f48643c1
--- /dev/null
+++ b/atomics/T1518/T1518.yaml
@@ -0,0 +1,18 @@
+---
+attack_technique: T1518
+display_name: Software Discovery	
+
+atomic_tests:
+- name: Find and Display Iinternet Explorer Browser Version
+  description: |
+    Adversaries may attempt to get a listing of non-security related software that is installed on the system. Adversaries may use the information from Software Discovery during automated discovery to shape follow-on behaviors
+
+  supported_platforms:
+    - windows
+
+  executor:
+    name: command_prompt
+    elevation_required: false # indicates whether command must be run with admin privileges. If the elevation_required attribute is not defined, the value is assumed to be false
+    command: | # these are the actaul attack commands, at least one command must be provided
+      reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer" /v svcVersion
+