From ac7da2beefb97d82c074fe23413bc9ed2b4b7854 Mon Sep 17 00:00:00 2001
From: System Administrator <root@RC-MH.jetpack>
Date: Fri, 25 May 2018 06:52:09 -0400
Subject: [PATCH] T1083 yaml

---
 atomics/T1083/T1083.yaml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 atomics/T1083/T1083.yaml

diff --git a/atomics/T1083/T1083.yaml b/atomics/T1083/T1083.yaml
new file mode 100644
index 00000000..107ac4d9
--- /dev/null
+++ b/atomics/T1083/T1083.yaml
@@ -0,0 +1,23 @@
+---
+attack_technique: T1083
+display_name: File and Directory Discovery
+
+atomic_tests:
+- name: File and Directory Discovery
+  description: |
+    Find or discovery files on the file system
+
+  supported_platforms:
+    - windows
+
+  executor:
+    name: command_prompt
+    command: |
+     dir /s c:\ >> %temp%\download
+     dir /s "c:\Documents and Settings" >> %temp%\download
+     dir /s "c:\Program Files\" >> %temp%\download
+     dir /s d:\ >> %temp%\download
+     dir "%systemdrive%\Users\*.*"
+     dir "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.*"
+     dir "%userprofile%\Desktop\*.*"
+     tree /F >> %temp%\download