New atomic Test-1072.001 (#2141)

* New atomic Test-1072.001

The Software deployment tool-PDQ Deploy used to deploy remote access tool in the device. Adding as T1072.001 for PDQ Deploy tool.

* Update T1072.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>

atomics/T1072/T1072.yaml

@@ -31,4 +31,35 @@ atomic_tests:
     name: command_prompt
     elevation_required: true 
     command: | 
-      "#{radmin_exe}"
+      "#{radmin_exe}"
+      
+- name: PDQ Deploy RAT
+  description: |
+    An adversary may use PDQ Deploy Software to deploy the Remote Adminstartion Tool, this will start the PDQ console.
+  supported_platforms:
+    - windows
+  input_arguments:
+    PDQ_Deploy_installer:
+      description: PDQ Deploy Install
+      type: Path
+      default: '%TEMP%\PDQDeploysetup.exe'
+    PDQ_Deploy_exe:
+      description: The PDQDeployConsole.exe executable from PDQDeploysetup.exe
+      type: Path
+      default: '%PROGRAMFILES(x86)%\Admin Arsenal\PDQ Deploy\PDQDeployConsole.exe'
+
+  dependencies:
+    - description: |
+        Radmin Viewer Utility must be installed at specified location (#{PDQ_Deploy_exe})
+      prereq_command: |
+        if not exist "#{PDQ_Deploy_exe}" (exit /b 1)
+      get_prereq_command: |
+        echo Downloading PDQ Deploy installer
+        bitsadmin /transfer myDownloadJob /download /priority normal "https://download.pdq.com/release/19/Deploy_19.3.350.0.exe" #{PDQ_Deploy_installer}
+        msiexec /i "#{PDQ_Deploy_installer}" /qn
+
+  executor:
+    name: command_prompt
+    elevation_required: true 
+    command: | 
+      "#{PDQ_Deploy_exe}"