diff --git a/datasets/malware/T1007/net_start/net_start.log b/datasets/malware/T1007/net_start/net_start.log
new file mode 100644
index 00000000..4a2accb7
--- /dev/null
+++ b/datasets/malware/T1007/net_start/net_start.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6d7213e8ae5e9329d07d55399aa600443eab9229ac8b7c87afb7a153f60ec2e1
+size 5721
diff --git a/datasets/malware/T1007/net_start/net_start.yml b/datasets/malware/T1007/net_start/net_start.yml
new file mode 100644
index 00000000..f4027cc4
--- /dev/null
+++ b/datasets/malware/T1007/net_start/net_start.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 175f345e-81c9-11f0-af7e-629be3538068
+date: '2025-08-25'
+description: Generated datasets for net start in attack range.
+environment: attack_range
+directory: net_start
+mitre_technique:
+- T1007
+datasets:
+- name: net_start.log
+  path: /datasets/malware/T1007/net_start/net_start.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file
diff --git a/datasets/malware/T1071.004/hugging_face/hugging_face.yml b/datasets/malware/T1071.004/hugging_face/hugging_face.yml
new file mode 100644
index 00000000..117181c4
--- /dev/null
+++ b/datasets/malware/T1071.004/hugging_face/hugging_face.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 21fdc0b4-81d4-11f0-af7e-629be3538068
+date: '2025-08-25'
+description: Generated datasets for hugging face in attack range.
+environment: attack_range
+directory: hugging_face
+mitre_technique:
+- T1071.004
+datasets:
+- name: huggingface.log
+  path: /datasets/malware/T1071.004/hugging_face/huggingface.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file
diff --git a/datasets/malware/T1071.004/hugging_face/huggingface.log b/datasets/malware/T1071.004/hugging_face/huggingface.log
new file mode 100644
index 00000000..b9c982f6
--- /dev/null
+++ b/datasets/malware/T1071.004/hugging_face/huggingface.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5ee9ab56b4218aa52d316105fa330f09261324cd4630aa158d814dc1a72c02bd
+size 28232
diff --git a/datasets/malware/T1082/wmic_cmd/wmic_cmd.log b/datasets/malware/T1082/wmic_cmd/wmic_cmd.log
new file mode 100644
index 00000000..3501fae2
--- /dev/null
+++ b/datasets/malware/T1082/wmic_cmd/wmic_cmd.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7285d5187d1168b0c6f3422360510162beef0bfa4d070dc0e5abf3655ceab91a
+size 104546
diff --git a/datasets/malware/T1082/wmic_cmd/wmic_cmd.yml b/datasets/malware/T1082/wmic_cmd/wmic_cmd.yml
new file mode 100644
index 00000000..693d651a
--- /dev/null
+++ b/datasets/malware/T1082/wmic_cmd/wmic_cmd.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 39db6f66-81c9-11f0-af7e-629be3538068
+date: '2025-08-25'
+description: Generated datasets for wmic cmd in attack range.
+environment: attack_range
+directory: wmic_cmd
+mitre_technique:
+- T1082
+datasets:
+- name: wmic_cmd.log
+  path: /datasets/malware/T1082/wmic_cmd/wmic_cmd.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file