diff --git a/atomics/T1059.005/T1059.005.yaml b/atomics/T1059.005/T1059.005.yaml
new file mode 100644
index 00000000..08049513
--- /dev/null
+++ b/atomics/T1059.005/T1059.005.yaml
@@ -0,0 +1,29 @@
+attack_technique: T1059.005
+display_name: 'Command and Scripting Interpreter: Visual Basic'
+atomic_tests:
+- name: Visual Basic script execution to gather local computer information
+  description: |-
+    Visual Basic execution test, execute vbscript via PowerShell.
+  
+    When successful, system information will be written to $env:TEMP\T1059.005.out.txt.
+  supported_platforms:
+  - windows
+  input_arguments:
+    vbscript:
+      description: Path to sample script
+      type: String
+      default: PathToAtomicsFolder\T1059.005\src\sys_info.vbs
+  dependency_executor_name: powershell
+  dependencies:
+  - description: Sample script must exist on disk at specified location (#{vbscript})
+    prereq_command: 'if (Test-Path #{vbscript}) {exit 0} else {exit 1} '
+    get_prereq_command: |-
+      Invoke-WebRequest "https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.005/src/sys_info.vbs" -OutFile "$env:TEMP\sys_info.vbs"
+      New-Item -ItemType Directory (Split-Path #{vbscript}) -Force | Out-Null
+      Copy-Item $env:TEMP\sys_info.vbs #{vbscript} -Force
+  executor:
+    command: 'cscript #{vbscript} > $env:TEMP\out.txt'
+    cleanup_command: |-
+      Remove-Item $env:TEMP\sys_info.vbs -ErrorAction Ignore
+      Remove-Item $env:TEMP\T1059.005.out.txt -ErrorAction Ignore
+    name: powershell
diff --git a/atomics/T1059.005/src/sys_info.vbs b/atomics/T1059.005/src/sys_info.vbs
new file mode 100644
index 00000000..e81966f7
--- /dev/null
+++ b/atomics/T1059.005/src/sys_info.vbs
@@ -0,0 +1,14 @@
+Set objWMIService = GetObject( "winmgmts:\\.\root\cimv2" )
+Set objList = objWMIService.ExecQuery( "Select * from Win32_ComputerSystem" )
+
+For Each objItem in objList
+        strDomain = objItem.Domain
+	strName = objItem.Name
+	strManu = objItem.Manufacturer
+	strModel = objItem.Model
+	
+	WScript.Echo "Domain: " & strDomain
+        WScript.Echo "Computer Name: " & strName
+	WScript.Echo "Manufacturer: " & strManu
+	WScript.Echo "Model: " & strModel
+Next