diff --git a/atomics/T1016/T1016.yaml b/atomics/T1016/T1016.yaml
index 6ddbb101..e6522970 100644
--- a/atomics/T1016/T1016.yaml
+++ b/atomics/T1016/T1016.yaml
@@ -147,4 +147,16 @@ atomic_tests:
       #{adfind_path} -f (objectcategory=subnet)
     name: command_prompt
 
-
+- name: Qakbot Recon
+  description: A list of commands known to be performed by Qakbot for recon purposes
+  supported_platforms:
+  - windows
+  input_arguments:
+    recon_commands:
+      description: File that houses list of commands to be executed
+      type: Path
+      default: PathToAtomicsFolder\T1016\src\qakbot.bat
+  executor:
+    command: |
+      #{recon_commands}
+    name: command_prompt
diff --git a/atomics/T1016/src/qakbot.bat b/atomics/T1016/src/qakbot.bat
new file mode 100644
index 00000000..3c02ae0b
--- /dev/null
+++ b/atomics/T1016/src/qakbot.bat
@@ -0,0 +1,10 @@
+whoami /all
+cmd /c set
+arp -a
+ipconfig /all
+net view /all
+nslookup -querytype=ALL -timeout=10 _ldap._tcp.dc._msdcs.WORKGROUP
+net share
+route print
+netstat -nao
+net localgroup