diff --git a/atomics/T1036.004/T1036.004.yaml b/atomics/T1036.004/T1036.004.yaml
index a1096b02..633f62a0 100644
--- a/atomics/T1036.004/T1036.004.yaml
+++ b/atomics/T1036.004/T1036.004.yaml
@@ -27,3 +27,30 @@ atomic_tests:
       sc delete win32times
     name: command_prompt
     elevation_required: true
+- name: linux rename /proc/pid/comm using prctl
+  description: |
+    Runs a C program that calls prctl(PR_SET_NAME) to modify /proc/pid/comm value to "totally_legit".  This will show up as process name in simple 'ps' listings.
+  supported_platforms:
+  - linux
+  input_arguments:
+    exe_path:
+      description: Output Binary Path
+      type: path
+      default: /tmp/T1036_004_prctl_rename
+  dependency_executor_name: sh
+  dependencies:
+  - description: |
+      #{exe_path} must be exist on system.
+    prereq_command: |
+      stat #{exe_path}
+    get_prereq_command: |
+      cc -o #{exe_path} PathToAtomicsFolder/T1036.004/src/prctl_rename.c
+  executor:
+    name: sh
+    command: |
+      #{exe_path} & ps
+      TMP=`ps | grep totally_legit`
+      if [ -z "${TMP}" ] ; then echo "renamed process NOT FOUND in process list" && exit 1; fi
+      exit 0
+    cleanup_command: |
+      rm -f #{exe_path}
diff --git a/atomics/T1036.004/src/prctl_rename.c b/atomics/T1036.004/src/prctl_rename.c
new file mode 100644
index 00000000..5de2b16a
--- /dev/null
+++ b/atomics/T1036.004/src/prctl_rename.c
@@ -0,0 +1,17 @@
+#include        <sys/prctl.h>
+#include        <unistd.h>
+#include        <stdio.h>
+
+int
+main (int argc, const char* const argv[])
+{
+	const char *new_name = "totally_legit";
+
+        if (prctl(PR_SET_NAME, new_name, 0, 0, 0) < 0) {
+                perror("prctl");
+                return 4;
+        }
+	usleep(3*1000000);
+
+        return 0;
+}