diff --git a/atomics/T1218.011/T1218.011.yaml b/atomics/T1218.011/T1218.011.yaml
index 53d7449373..dc701c7957 100644
--- a/atomics/T1218.011/T1218.011.yaml
+++ b/atomics/T1218.011/T1218.011.yaml
@@ -295,3 +295,42 @@ atomic_tests:
       copy #{exe_to_launch} not_an_scr.scr
       rundll32.exe desk.cpl,InstallScreenSaver not_an_scr.scr
     cleanup_command: del not_an_scr.scr
+- name: Running DLL with .init extension and function
+
+  description: This test, based on common Gamarue tradecraft, consists of a DLL file with a .init extension being run by rundll32.exe. When this DLL file's 'krnl' function is called, it launches a Windows pop-up.
+  supported_platforms:
+  - windows
+  input_arguments:
+    input_file:
+
+      description: The DLL file to be called
+
+      type: string
+
+      default: PathToAtomicsFolder\T1218.011\bin\_WT.init
+
+    input_url:
+
+      description: The URL to the DLL file that must be downloaded
+
+      type: url
+
+      default: https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.011/bin/_WT.init
+
+  dependency_executor_name: powershell
+
+  dependencies:
+
+  - description: Pull file
+
+    prereq_command: if (Test-Path "#{input_file}") {exit 0} else {exit 1}
+
+    get_prereq_command: Invoke-WebRequest "#{input_url}" -OutFile "#{input_file}"
+
+  executor:
+
+    command: rundll32.exe _WT.init,krnl
+
+    cleanup_command: del _WT.init
+
+    name: powershell
\ No newline at end of file
diff --git a/atomics/T1218.011/bin/_WT.init b/atomics/T1218.011/bin/_WT.init
new file mode 100644
index 0000000000..19114b69cf
Binary files /dev/null and b/atomics/T1218.011/bin/_WT.init differ