diff --git a/atomics/T1592.002/T1592.002.yaml b/atomics/T1592.002/T1592.002.yaml
new file mode 100644
index 00000000..d18d0cbe
--- /dev/null
+++ b/atomics/T1592.002/T1592.002.yaml
@@ -0,0 +1,30 @@
+attack_technique: T1592.002
+display_name: 'Gather Victim Host Information: Software'
+atomic_tests:
+- name: Enumerate COM Objects with Powershell
+  description: |-
+   This test is designed to enumerate the COM objects listed in HKCR, then output their methods and CLSIDs to a text file.
+   An adversary could then use this information to identify COM objects that might be vulnerable to abuse, such as using them to spawn arbitrary processes. 
+   See: https://www.mandiant.com/resources/hunting-com-objects
+  supported_platforms:
+  - windows
+  input_arguments:
+    output_file:
+      description: File to output list of COM objects to
+      type: String
+      default: $env:temp\T1592.002Test1.txt
+  executor:
+    command: |
+      New-PSDrive -PSProvider registry -Root HKEY_CLASSES_ROOT -Name HKCR
+      Get-ChildItem -Path HKCR:\CLSID -Name | Select -Skip 1 > $env:temp\clsids.txt
+      ForEach($CLSID in Get-Content "$env:temp\clsids.txt")
+      {try{write-output "$($Position)-$($CLSID)"
+      write-output "------------"| out-file #{output_file} -append
+      write-output $($CLSID)| out-file #{output_file} -append
+      $handle=[activator]::CreateInstance([type]::GetTypeFromCLSID($CLSID))
+      $handle | get-member -erroraction silentlycontinue | out-file #{output_file} -append
+      $position += 1} catch{}}
+    cleanup_command: |
+      remove-item #{output_file} -force -erroraction silentlycontinue
+      remove-item $env:temp\clsids.txt -force -erroraction silentlycontinue      
+    name: powershell