diff --git a/atomics/T1612/T1612.yaml b/atomics/T1612/T1612.yaml
new file mode 100644
index 00000000..752d760c
--- /dev/null
+++ b/atomics/T1612/T1612.yaml
@@ -0,0 +1,29 @@
+attack_technique: T1612
+display_name: "Build Image on Host"
+atomic_tests:
+- name: Build Image On Host
+  description: Adversaries may build a container image directly on a host to bypass defenses that monitor for the retrieval of malicious images from a public registry. An adversary may take advantage of that build API to build a custom image on the host that includes malware downloaded from their C2 server, and then they then may utilize Deploy Container using that custom image.
+  supported_platforms:
+  - containers
+  dependency_executor_name: sh
+  dependencies:
+  - description: Verify docker is installed.
+    prereq_command: |
+      which docker
+    get_prereq_command: |
+      if [ "" == "`which docker`" ]; then echo "Docker Not Found"; if [ -n "`which apt-get`" ]; then sudo apt-get -y install docker ; elif [ -n "`which yum`" ]; then sudo yum -y install docker ; fi ; else echo "Docker installed"; fi
+
+  - description: Verify docker service is running.
+    prereq_command: |
+      sudo systemctl status docker  --no-pager
+    get_prereq_command: |
+      sudo systemctl start docker
+  executor:
+    command: |-
+      docker build -t t1612  $PathtoAtomicsFolder/T1612/src/
+      docker run --name t1612_container  -d -t t1612
+      docker exec t1612_container ./test.sh
+    cleanup_command: |-
+      docker stop t1612_container
+      docker rmi -f t1612
+    name: sh
diff --git a/atomics/T1612/src/Dockerfile b/atomics/T1612/src/Dockerfile
new file mode 100644
index 00000000..7e324ff1
--- /dev/null
+++ b/atomics/T1612/src/Dockerfile
@@ -0,0 +1,9 @@
+FROM ubuntu:20.04
+WORKDIR /
+LABEL key="CyberSecurity_project"
+RUN echo "CyberSecurity_project"
+RUN apt update && apt install -y git
+COPY test.sh /test.sh
+RUN chmod +x /test.sh
+ENTRYPOINT ["tail", "-f", "/dev/null"]
+
diff --git a/atomics/T1612/src/test.sh b/atomics/T1612/src/test.sh
new file mode 100644
index 00000000..d94dd1e6
--- /dev/null
+++ b/atomics/T1612/src/test.sh
@@ -0,0 +1,4 @@
+#!/usr/bin/bash
+
+echo "You have been hacked"
+