diff --git a/atomics/T1610/Src/dockerfile b/atomics/T1610/Src/dockerfile
new file mode 100644
index 00000000..e210c05f
--- /dev/null
+++ b/atomics/T1610/Src/dockerfile
@@ -0,0 +1,5 @@
+FROM ubuntu
+ARG DEBIAN_FRONTEND=noninteractive
+
+RUN  echo "1" > /tmp/output.txt && \
+     echo ' bin/sh -c "while true; do sleep 30;done;"' > /tmp/script.sh && chmod +x /tmp/script.sh
\ No newline at end of file
diff --git a/atomics/T1610/T1610.yaml b/atomics/T1610/T1610.yaml
new file mode 100644
index 00000000..339901b4
--- /dev/null
+++ b/atomics/T1610/T1610.yaml
@@ -0,0 +1,36 @@
+---
+attack_technique: T1610
+display_name: "Deploy a container"
+
+atomic_tests:
+- name: deploycontainer
+  auto_generated_guid: ab2f9520-a17a-4671-9dba-3bd034099fff
+  description: |
+    Adversaries may deploy containers based on retrieved or built malicious images or from benign images that download and execute malicious payloads at runtime. They can do this using docker create and docker start commands 
+
+  supported_platforms:
+  - containers
+  
+  dependency_executor_name: sh
+  dependencies: 
+  - description: Verify docker is installed.
+    prereq_command: |
+      which docker
+    get_prereq_command: |
+      if [ "" == "`which docker`" ]; then echo "Docker Not Found"; if [ -n "`which apt-get`" ]; then sudo apt-get -y install docker ; elif [ -n "`which yum`" ]; then sudo yum -y install docker ; fi ; else echo "Docker installed"; fi
+  
+  - description: Verify docker service is running.
+    prereq_command: |
+      sudo systemctl status docker  --no-pager
+    get_prereq_command: |
+      sudo systemctl start docker
+  
+
+  executor:
+    command: |
+      docker build -t t1610 /home/kali/test/atomic-red-team/atomics/T1610/src/
+      docker run --name t1610_container --rm -itd t1610 bash /tmp/script.sh
+    name: bash
+    cleanup_command: |
+      docker stop t1610_container
+      docker rmi -f t1610:latest