sysmon data for outlook writing zip (#1121)

patel-bhavin · web-flow · commit 284dcf00d843 · 2026-01-23T18:25:41.000+05:30
* adding data

* udpating
diff --git a/datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.log b/datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:81594d6183d8f23a3faa034057cb009f39c94393ac902bbc7bb9c9a459b45bd3
+size 7073
diff --git a/datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.yml b/datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.yml
@@ -0,0 +1,13 @@
+author: Bhavin Patel, Splunk
+id: 822a7bed-b71f-4818-9f60-d1799a23528c
+date: '2026-01-23'
+description: This data is collected from an industary event that shows the execution of outlook.exe writing a zip file to the disk.
+environment: attack_range
+directory: outlook_writing_zip
+mitre_technique:
+- T1566.001
+datasets:
+- name: outlook_writing_zip
+  path: /datasets/attack_techniques/T1566.001/outlook_writing_zip/outlook_writing_zip.log
+  sourcetype: XmlWinEventLog
+  source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:81594d6183d8f23a3faa034057cb009f39c94393ac902bbc7bb9c9a459b45bd3`
	`3`	`+size 7073`