diff --git a/datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.log b/datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.log
new file mode 100644
index 00000000..4fbfd8cd
--- /dev/null
+++ b/datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:81594d6183d8f23a3faa034057cb009f39c94393ac902bbc7bb9c9a459b45bd3
+size 7073
diff --git a/datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.yml b/datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.yml
new file mode 100644
index 00000000..e44a6cc9
--- /dev/null
+++ b/datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.yml
@@ -0,0 +1,13 @@
+author: Bhavin Patel, Splunk
+id: 822a7bed-b71f-4818-9f60-d1799a23528c
+date: '2026-01-23'
+description: This data is collected from an industary event that shows the execution of outlook.exe writing a zip file to the disk.
+environment: attack_range
+directory: outlook_writing_zip
+mitre_technique:
+- T1566.001
+datasets:
+- name: outlook_writing_zip
+  path: /datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.log
+  sourcetype: XmlWinEventLog
+  source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
\ No newline at end of file