diff --git a/atomics/T1564.004/T1564.004.yaml b/atomics/T1564.004/T1564.004.yaml
index 4cc3a8ae..838efcc0 100644
--- a/atomics/T1564.004/T1564.004.yaml
+++ b/atomics/T1564.004/T1564.004.yaml
@@ -115,3 +115,28 @@ atomic_tests:
     cleanup_command: |
       Remove-Item -Path #{file_name} -ErrorAction Ignore
     name: powershell
+
+- name: Create Hidden Directory via $index_allocation 
+  auto_generated_guid: 3e6791e7-232c-481c-a680-a52f86b83fdf
+  description: |
+    Create an Alternate Data Stream Directory and File with the command prompt. Write access is required. Upon execution, 
+    run "dir /A /Q /R" in the %temp% folder to view that the alternate data stream folder exists. To view the data in the  
+    alternate data stream, run "type %temp%\...$.......::$index_allocation\secrets.txt"
+  supported_platforms:
+  - windows
+  input_arguments:
+    folder_name:
+      description: File name of file to create inside the folder.
+      type: string
+      default: '%temp%\...$.......::$index_allocation'
+    hidden_filename:
+      description: Name of the files containing the hidden information
+      type: string
+      default: secrets.txt
+  executor:
+    command: |
+      md #{folder_name}
+      echo too many secrets > #{folder_name}\#{hidden_filename}
+    cleanup_command: |
+      rmdir /S /Q #{folder_name} >nul 2>&1
+    name: command_prompt