From de466f1d8119061715b53ade1cc9198c631f955f Mon Sep 17 00:00:00 2001
From: Bhavin Patel <bpatel@splunk.com>
Date: Fri, 23 Jan 2026 18:15:32 +0530
Subject: [PATCH 1/2] adding data

---
 .../outlook_writing_zip/outlook_writing_zip.log     |  3 +++
 .../outlook_writing_zip/outlook_writing_zip.yml     | 13 +++++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.log
 create mode 100644 datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.yml

diff --git a/datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.log b/datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.log
new file mode 100644
index 00000000..2b24ea3a
--- /dev/null
+++ b/datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c02e91f7542838f357cbbbf0f6b2b8bceede84534d193c001db9a2bcd561dda1
+size 7146
diff --git a/datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.yml b/datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.yml
new file mode 100644
index 00000000..e44a6cc9
--- /dev/null
+++ b/datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.yml
@@ -0,0 +1,13 @@
+author: Bhavin Patel, Splunk
+id: 822a7bed-b71f-4818-9f60-d1799a23528c
+date: '2026-01-23'
+description: This data is collected from an industary event that shows the execution of outlook.exe writing a zip file to the disk.
+environment: attack_range
+directory: outlook_writing_zip
+mitre_technique:
+- T1566.001
+datasets:
+- name: outlook_writing_zip
+  path: /datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.log
+  sourcetype: XmlWinEventLog
+  source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
\ No newline at end of file

From 111fca4a13da9ca153da9615fa90697f54b271ee Mon Sep 17 00:00:00 2001
From: Bhavin Patel <bpatel@splunk.com>
Date: Fri, 23 Jan 2026 18:23:16 +0530
Subject: [PATCH 2/2] udpating

---
 .../T1566.001/outlook_writing_zip/outlook_writing_zip.log     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.log b/datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.log
index 2b24ea3a..4fbfd8cd 100644
--- a/datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.log
+++ b/datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.log
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:c02e91f7542838f357cbbbf0f6b2b8bceede84534d193c001db9a2bcd561dda1
-size 7146
+oid sha256:81594d6183d8f23a3faa034057cb009f39c94393ac902bbc7bb9c9a459b45bd3
+size 7073