diff --git a/yml/OSBinaries/Rasautou.yml b/yml/OSBinaries/Rasautou.yml
new file mode 100644
index 0000000..e9276d5
--- /dev/null
+++ b/yml/OSBinaries/Rasautou.yml
@@ -0,0 +1,27 @@
+---
+Name: Rasautou.exe
+Description: Windows Remote Access Dialer
+Author: 'Tony Lambert'
+Created: '2020-01-10'
+Commands:
+  - Command: rasautou -d powershell.dll -p powershell -a a -e e 
+    Description: Loads the target .DLL specified in -d and executes the export specified in -p. Options removed in Windows 10.
+    Usecase: Execute DLL code
+    Category: Execute
+    Privileges: User, Administrator in Windows 8
+    MitreID: T1218
+    MitreLink: https://attack.mitre.org/wiki/Technique/T1218
+    OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1
+Full_Path:
+  - Path: C:\Windows\System32\rasautou.exe
+Code_Sample: 
+- Code:
+Detection:
+ - IOC: rasautou.exe command line containing -d and -p
+Resources:
+  - Link: https://github.com/fireeye/DueDLLigence
+  - Link: https://www.fireeye.com/blog/threat-research/2019/10/staying-hidden-on-the-endpoint-evading-detection-with-shellcode.html
+Acknowledgement:
+  - Person: FireEye
+    Handle: '@FireEye'
+---
\ No newline at end of file