diff --git a/monkey/monkey_island/cc/services/attack/attack_report.py b/monkey/monkey_island/cc/services/attack/attack_report.py
index 4ec62d7a2..9a5e57633 100644
--- a/monkey/monkey_island/cc/services/attack/attack_report.py
+++ b/monkey/monkey_island/cc/services/attack/attack_report.py
@@ -1,5 +1,5 @@
 import logging
-from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110, T1075, T1003, T1059
+from monkey_island.cc.services.attack.technique_reports import T1210, T1197, T1110, T1075, T1003, T1059, T1086
 from monkey_island.cc.services.attack.attack_telem import AttackTelemService
 from monkey_island.cc.services.attack.attack_config import AttackConfig
 from monkey_island.cc.database import mongo
@@ -14,7 +14,8 @@ TECHNIQUES = {'T1210': T1210.T1210,
               'T1110': T1110.T1110,
               'T1075': T1075.T1075,
               'T1003': T1003.T1003,
-              'T1059': T1059.T1059}
+              'T1059': T1059.T1059,
+              'T1086': T1086.T1086}
 
 REPORT_NAME = 'new_report'
 
diff --git a/monkey/monkey_island/cc/services/attack/attack_schema.py b/monkey/monkey_island/cc/services/attack/attack_schema.py
index a79b57a87..24c8cf1c6 100644
--- a/monkey/monkey_island/cc/services/attack/attack_schema.py
+++ b/monkey/monkey_island/cc/services/attack/attack_schema.py
@@ -95,6 +95,14 @@ SCHEMA = {
                     "necessary": True,
                     "description": "Adversaries may use command-line interfaces to interact with systems "
                                    "and execute other software during the course of an operation.",
+                },
+                "T1086": {
+                    "title": "T1086 Powershell",
+                    "type": "bool",
+                    "value": True,
+                    "necessary": True,
+                    "description": "Adversaries can use PowerShell to perform a number of actions,"
+                                   " including discovery of information and execution of code.",
                 }
             }
         },
diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
new file mode 100644
index 000000000..1dc2e9a67
--- /dev/null
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
@@ -0,0 +1,30 @@
+from monkey_island.cc.services.attack.technique_reports import AttackTechnique
+from common.utils.attack_utils import ScanStatus
+from monkey_island.cc.database import mongo
+
+__author__ = "VakarisZ"
+
+
+class T1086(AttackTechnique):
+
+    tech_id = "T1086"
+    unscanned_msg = "Monkey didn't run powershell."
+    scanned_msg = ""
+    used_msg = "Monkey successfully ran powershell commands on exploited machines in the network."
+
+    query = [{'$match': {'telem_type': 'exploit',
+                         'data.info.executed_cmds.powershell': {'$exists': True}}},
+             {'$project': {'_id': 0,
+                           'machine': '$data.machine',
+                           'info': '$data.info'}},
+             {'$group': {'_id': '$machine', 'data': {'$push': '$$ROOT'}}}]
+
+    @staticmethod
+    def get_report_data():
+        cmd_data = list(mongo.db.telemetry.aggregate(T1086.query))
+        data = {'title': T1086.technique_title(T1086.tech_id), 'cmds': cmd_data}
+        if cmd_data:
+            data.update({'message': T1086.used_msg, 'status': ScanStatus.USED.name})
+        else:
+            data.update({'message': T1086.unscanned_msg, 'status': ScanStatus.UNSCANNED.name})
+        return data
diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1086.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1086.js
new file mode 100644
index 000000000..d0b7c2928
--- /dev/null
+++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1086.js
@@ -0,0 +1,40 @@
+import React from 'react';
+import '../../../styles/Collapse.scss'
+import ReactTable from "react-table";
+import { RenderMachine } from "./Helpers"
+
+
+class T1086 extends React.Component {
+
+  constructor(props) {
+    super(props);
+  }
+
+  static getPowershellColumns() {
+    return ([{
+      Header: 'Example Powershell commands used',
+      columns: [
+        {Header: 'Machine', id: 'machine', accessor: x => RenderMachine(x.data[0].machine), style: { 'whiteSpace': 'unset'}, width: 160 },
+        {Header: 'Approx. Time', id: 'time', accessor: x => x.data[0].info.finished, style: { 'whiteSpace': 'unset' }},
+        {Header: 'Command', id: 'command', accessor: x => x.data[0].info.executed_cmds.powershell, style: { 'whiteSpace': 'unset' }},
+        ]
+    }])};
+
+  render() {
+    return (
+      <div>
+        <div>{this.props.data.message}</div>
+        <br/>
+        {this.props.data.status === 'USED' ?
+          <ReactTable
+              columns={T1086.getPowershellColumns()}
+              data={this.props.data.cmds}
+              showPagination={false}
+              defaultPageSize={this.props.data.cmds.length}
+          /> : ""}
+      </div>
+    );
+  }
+}
+
+export default T1086;