diff --git a/monkey/common/utils/attack_utils.py b/monkey/common/utils/attack_utils.py
index 28feaa537..cb3c8f029 100644
--- a/monkey/common/utils/attack_utils.py
+++ b/monkey/common/utils/attack_utils.py
@@ -9,8 +9,9 @@ class ScanStatus(Enum):
     # Technique was attempted and succeeded
     USED = 2
 
+
 # Dict that describes what BITS job was used for
-BITS_UPLOAD_STRING = {"usage": "BITS job was used to upload monkey to a remote system."}
+BITS_UPLOAD_STRING = "BITS job was used to upload monkey to a remote system."
 
 
 def format_time(time):
diff --git a/monkey/infection_monkey/exploit/elasticgroovy.py b/monkey/infection_monkey/exploit/elasticgroovy.py
index 8b5759c8f..24a902eea 100644
--- a/monkey/infection_monkey/exploit/elasticgroovy.py
+++ b/monkey/infection_monkey/exploit/elasticgroovy.py
@@ -11,7 +11,7 @@ from infection_monkey.exploit.web_rce import WebRCE
 from infection_monkey.model import WGET_HTTP_UPLOAD, RDP_CMDLINE_HTTP, CHECK_COMMAND, ID_STRING, CMD_PREFIX,\
     DOWNLOAD_TIMEOUT
 from infection_monkey.network.elasticfinger import ES_PORT, ES_SERVICE
-from infection_monkey.telemetry.attack.victim_host_telem import VictimHostTelem
+from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
 from common.utils.attack_utils import ScanStatus, BITS_UPLOAD_STRING
 
 import re
@@ -64,7 +64,7 @@ class ElasticGroovyExploiter(WebRCE):
     def upload_monkey(self, url, commands=None):
         result = super(ElasticGroovyExploiter, self).upload_monkey(url, commands)
         if 'windows' in self.host.os['type'] and result:
-            VictimHostTelem("T1197", ScanStatus.USED, self.host, BITS_UPLOAD_STRING).send()
+            T1197Telem(ScanStatus.USED, self.host, BITS_UPLOAD_STRING).send()
         return result
 
     def get_results(self, response):
diff --git a/monkey/infection_monkey/exploit/rdpgrinder.py b/monkey/infection_monkey/exploit/rdpgrinder.py
index 1e2937d7e..bb8db1d46 100644
--- a/monkey/infection_monkey/exploit/rdpgrinder.py
+++ b/monkey/infection_monkey/exploit/rdpgrinder.py
@@ -15,9 +15,9 @@ from infection_monkey.exploit.tools import get_target_monkey
 from infection_monkey.model import RDP_CMDLINE_HTTP_BITS, RDP_CMDLINE_HTTP_VBS
 from infection_monkey.network.tools import check_tcp_port
 from infection_monkey.exploit.tools import build_monkey_commandline
+from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
 from infection_monkey.utils import utf_to_ascii
 from common.utils.exploit_enum import ExploitType
-from infection_monkey.telemetry.attack.victim_host_telem import VictimHostTelem
 from common.utils.attack_utils import ScanStatus, BITS_UPLOAD_STRING
 
 __author__ = 'hoffer'
@@ -316,7 +316,7 @@ class RdpExploiter(HostExploiter):
 
                 if client_factory.success:
                     if not self._config.rdp_use_vbs_download:
-                        VictimHostTelem("T1197", ScanStatus.USED, self.host, BITS_UPLOAD_STRING).send()
+                        T1197Telem(ScanStatus.USED, self.host, BITS_UPLOAD_STRING).send()
                     self.add_vuln_port(RDP_PORT)
                     exploited = True
                     self.report_login_attempt(True, user, password)
diff --git a/monkey/infection_monkey/exploit/web_rce.py b/monkey/infection_monkey/exploit/web_rce.py
index c594df8f4..134ea4817 100644
--- a/monkey/infection_monkey/exploit/web_rce.py
+++ b/monkey/infection_monkey/exploit/web_rce.py
@@ -7,7 +7,7 @@ from infection_monkey.exploit import HostExploiter
 from infection_monkey.model import *
 from infection_monkey.exploit.tools import get_target_monkey, get_monkey_depth, build_monkey_commandline, HTTPTools
 from infection_monkey.network.tools import check_tcp_port, tcp_port_to_service
-from infection_monkey.telemetry.attack.victim_host_telem import VictimHostTelem
+from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
 from common.utils.attack_utils import ScanStatus, BITS_UPLOAD_STRING
 
 __author__ = 'VakarisZ'
@@ -307,7 +307,7 @@ class WebRCE(HostExploiter):
         if not isinstance(resp, bool) and POWERSHELL_NOT_FOUND in resp:
             LOG.info("Powershell not found in host. Using bitsadmin to download.")
             backup_command = RDP_CMDLINE_HTTP % {'monkey_path': dest_path, 'http_path': http_path}
-            VictimHostTelem("T1197", ScanStatus.USED, self.host, BITS_UPLOAD_STRING).send()
+            T1197Telem(ScanStatus.USED, self.host, BITS_UPLOAD_STRING).send()
             resp = self.exploit(url, backup_command)
         return resp
 
diff --git a/monkey/infection_monkey/telemetry/attack/t1197_telem.py b/monkey/infection_monkey/telemetry/attack/t1197_telem.py
new file mode 100644
index 000000000..387c3aa13
--- /dev/null
+++ b/monkey/infection_monkey/telemetry/attack/t1197_telem.py
@@ -0,0 +1,22 @@
+from infection_monkey.telemetry.attack.victim_host_telem import VictimHostTelem
+
+__author__ = "itay.mizeretz"
+
+
+class T1197Telem(VictimHostTelem):
+    def __init__(self, status, machine, usage):
+        """
+        T1197 telemetry.
+        :param status: ScanStatus of technique
+        :param machine: VictimHost obj from model/host.py
+        :param usage: Usage string
+        """
+        super(T1197Telem, self).__init__('T1197', status, machine)
+        self.usage = usage
+
+    def get_data(self):
+        data = super(T1197Telem, self).get_data()
+        data.update({
+            'usage': self.usage
+        })
+        return data
diff --git a/monkey/infection_monkey/telemetry/attack/test_victimHostTelem.py b/monkey/infection_monkey/telemetry/attack/test_victim_host_telem.py
similarity index 100%
rename from monkey/infection_monkey/telemetry/attack/test_victimHostTelem.py
rename to monkey/infection_monkey/telemetry/attack/test_victim_host_telem.py