diff --git a/atomics/T1016/T1016.md b/atomics/T1016/T1016.md
index fe9e7326..0e77875d 100644
--- a/atomics/T1016/T1016.md
+++ b/atomics/T1016/T1016.md
@@ -12,6 +12,8 @@ Adversaries may use the information from [System Network Configuration Discovery
 
 - [Atomic Test #3 - System Network Configuration Discovery](#atomic-test-3---system-network-configuration-discovery)
 
+- [Atomic Test #4 - System Network Configuration Discovery (Trickbot Style)](#atomic-test-4---system-network-configuration-discovery-trickbot-style)
+
 
 <br/>
 
@@ -66,4 +68,23 @@ ifconfig
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #4 - System Network Configuration Discovery (Trickbot Style)
+Identify network configuration information as seen by Trickbot and described here https://www.sneakymonkey.net/2019/10/29/trickbot-analysis-part-ii/
+
+**Supported Platforms:** Windows
+
+
+#### Run it with `command_prompt`! 
+```
+ipconfig /all
+net config workstation
+net view /all /domain
+nltest /domain_trusts
+```
+
+
+
 <br/>
diff --git a/atomics/index.md b/atomics/index.md
index e102fa0c..f96b0e0a 100644
--- a/atomics/index.md
+++ b/atomics/index.md
@@ -614,6 +614,7 @@
   - Atomic Test #1: System Network Configuration Discovery [windows]
   - Atomic Test #2: List Windows Firewall Rules [windows]
   - Atomic Test #3: System Network Configuration Discovery [macos, linux]
+  - Atomic Test #4: System Network Configuration Discovery (Trickbot Style) [windows]
 - [T1049 System Network Connections Discovery](./T1049/T1049.md)
   - Atomic Test #1: System Network Connections Discovery [windows]
   - Atomic Test #2: System Network Connections Discovery with PowerShell [windows]
diff --git a/atomics/index.yaml b/atomics/index.yaml
index 66aeab8e..5194610a 100644
--- a/atomics/index.yaml
+++ b/atomics/index.yaml
@@ -17560,6 +17560,21 @@ discovery:
           arp -a
           netstat -ant | awk '{print $NF}' | grep -v '[a-z]' | sort | uniq -c
           ifconfig
+    - name: System Network Configuration Discovery (Trickbot Style)
+      description: 'Identify network configuration information as seen by Trickbot
+        and described here https://www.sneakymonkey.net/2019/10/29/trickbot-analysis-part-ii/
+
+'
+      supported_platforms:
+      - windows
+      executor:
+        name: command_prompt
+        elevation_required: false
+        command: |-
+          ipconfig /all
+          net config workstation
+          net view /all /domain
+          nltest /domain_trusts
   T1049:
     technique:
       x_mitre_permissions_required:
diff --git a/atomics/windows-index.md b/atomics/windows-index.md
index cf69e36c..0c1a7747 100644
--- a/atomics/windows-index.md
+++ b/atomics/windows-index.md
@@ -433,6 +433,7 @@
 - [T1016 System Network Configuration Discovery](./T1016/T1016.md)
   - Atomic Test #1: System Network Configuration Discovery [windows]
   - Atomic Test #2: List Windows Firewall Rules [windows]
+  - Atomic Test #4: System Network Configuration Discovery (Trickbot Style) [windows]
 - [T1049 System Network Connections Discovery](./T1049/T1049.md)
   - Atomic Test #1: System Network Connections Discovery [windows]
   - Atomic Test #2: System Network Connections Discovery with PowerShell [windows]