diff --git a/atomics/T1505.004/T1505.004.yaml b/atomics/T1505.004/T1505.004.yaml
new file mode 100644
index 00000000..756e15e7
--- /dev/null
+++ b/atomics/T1505.004/T1505.004.yaml
@@ -0,0 +1,69 @@
+attack_technique: T1505.004
+display_name: IIS Components
+atomic_tests:
+- name: Install IIS Module using AppCmd.exe
+  description: |
+    The following Atomic will utilize AppCmd.exe to install a new IIS Module. IIS must be installed.
+    This atomic utilizes a DLL on disk, but to test further suspiciousness, compile and load [IIS-Raid](https://www.mdsec.co.uk/2020/02/iis-raid-backdooring-iis-using-native-modules/).
+    A successful execution will install a module into IIS using AppCmd.exe.
+    [Managing and installing Modules Reference](https://learn.microsoft.com/en-us/iis/get-started/introduction-to-iis/iis-modules-overview#to-install-a-module-using-appcmdexe)
+    [IIS Modules](https://www.microsoft.com/en-us/security/blog/2022/12/12/iis-modules-the-evolution-of-web-shells-and-how-to-detect-them/)
+  supported_platforms:
+  - windows
+  input_arguments:
+    module_name:
+      description: The name of the IIS module
+      type: String
+      default: DefaultDocumentModule_Atomic
+    dll_path:
+      description: The path to the DLL to be loaded
+      type: path
+      default: '%windir%\system32\inetsrv\defdoc.dll'
+  dependency_executor_name: powershell  
+  dependencies:
+  - description: |
+      IIS must be installed in order to add a module to IIS.
+    prereq_command: |
+      $service = get-service w3svc -ErrorAction SilentlyContinue
+      if($service){ Write-Host "IIS installed on $env:computername" } else { Write-Host "IIS is not installed on $env:computername" } 
+    get_prereq_command: |
+      Install IIS to continue.
+  executor:
+    command: |
+      %windir%\system32\inetsrv\appcmd.exe install module /name:#{module_name} /image:#{dll_path}
+    cleanup_command: |
+      %windir%\system32\inetsrv\appcmd.exe uninstall module #{module_name}
+    name: command_prompt
+- name: Install IIS Module using PowerShell Cmdlet New-WebGlobalModule
+  description: |
+    The following Atomic will utilize PowerShell Cmdlet New-WebGlobalModule to install a new IIS Module. IIS must be installed.
+    This atomic utilizes a DLL on disk, but to test further suspiciousness, compile and load [IIS-Raid](https://www.mdsec.co.uk/2020/02/iis-raid-backdooring-iis-using-native-modules/).
+    A successful execution will install a module into IIS using New-WebGlobalModule.
+    [Managing IIS Modules with PowerShell](https://learn.microsoft.com/en-us/powershell/module/webadministration/set-webglobalmodule?view=windowsserver2022-ps)
+    [IIS Modules](https://www.microsoft.com/en-us/security/blog/2022/12/12/iis-modules-the-evolution-of-web-shells-and-how-to-detect-them/)
+  supported_platforms:
+  - windows
+  input_arguments:
+    module_name:
+      description: The name of the IIS module
+      type: String
+      default: DefaultDocumentModule_Atomic
+    dll_path:
+      description: The path to the DLL to be loaded
+      type: path
+      default: '%windir%\system32\inetsrv\defdoc.dll'
+  dependency_executor_name: powershell  
+  dependencies:
+  - description: |
+      IIS must be installed in order to add a module to IIS.
+    prereq_command: |
+      $service = get-service w3svc -ErrorAction SilentlyContinue
+      if($service){ Write-Host "IIS installed on $env:computername" } else { Write-Host "IIS is not installed on $env:computername" } 
+    get_prereq_command: |
+      Install IIS to continue.
+  executor:
+    command: |
+      New-WebGlobalModule -Name #{module_name} -Image #{dll_path}
+    cleanup_command: |
+      Remove-WebGlobalModule -Name #{module_name}
+    name: powershell
\ No newline at end of file
diff --git a/atomics/T1562.002/T1562.002.yaml b/atomics/T1562.002/T1562.002.yaml
index 7236c808..129fe98b 100644
--- a/atomics/T1562.002/T1562.002.yaml
+++ b/atomics/T1562.002/T1562.002.yaml
@@ -23,6 +23,27 @@ atomic_tests:
         C:\Windows\System32\inetsrv\appcmd.exe set config "#{website_name}" /section:httplogging /dontLog:false *>$null
       }
     name: powershell
+- name: Disable Windows IIS HTTP Logging via PowerShell
+  description: |
+    Disables HTTP logging on a Windows IIS web server as seen by Threat Group 3390 (Bronze Union).
+    This action requires HTTP logging configurations in IIS to be unlocked.
+
+    Use the cleanup commands to restore some default auditpol settings (your original settings will be lost)
+  supported_platforms:
+  - windows
+  input_arguments:
+    website_name:
+      description: The name of the website on a server
+      type: String
+      default: Default Web Site
+  executor:
+    command: |
+      set-WebConfigurationProperty -PSPath "IIS:\Sites\#{website_name}\" -filter "system.webServer/httpLogging" -name dontLog -value $true
+    cleanup_command: |
+      if(Test-Path "C:\Windows\System32\inetsrv\appcmd.exe"){
+        C:\Windows\System32\inetsrv\appcmd.exe set config "#{website_name}" /section:httplogging /dontLog:false *>$null
+      }
+    name: powershell
 - name: Kill Event Log Service Threads
   auto_generated_guid: 41ac52ba-5d5e-40c0-b267-573ed90489bd
   description: 'Kill Windows Event Log Service Threads using Invoke-Phant0m. WARNING you will need to restart PC to return to normal state with Log Service. https://artofpwn.com/phant0m-killing-windows-event-log.html'