diff --git a/atomics/T1622/T1622.yaml b/atomics/T1622/T1622.yaml
new file mode 100644
index 00000000..e2258689
--- /dev/null
+++ b/atomics/T1622/T1622.yaml
@@ -0,0 +1,15 @@
+attack_technique: T1622
+display_name: Debugger Evasion
+atomic_tests:
+- name: Detect a Debugger Presence in the Machine
+  description: Detecting a running debugger process or if the debugger is attached to a process via PowerShell
+  supported_platforms:
+  - windows 
+  executor:
+    command: |-
+      # Check for common debugger processes
+      $debuggerProcesses = Get-Process | Where-Object { $_.ProcessName -match "dbg" -or $_.ProcessName -match "debug" }
+      # Check for debugging flags
+      $debuggingFlags = [System.Diagnostics.Debugger]::IsAttached 
+    name: powershell
+    elevation_required: true