diff --git a/datasets/malware/T1007/net_start/net_start.log b/datasets/malware/lamehug/T1007/net_start/net_start.log
similarity index 100%
rename from datasets/malware/T1007/net_start/net_start.log
rename to datasets/malware/lamehug/T1007/net_start/net_start.log
diff --git a/datasets/malware/T1007/net_start/net_start.yml b/datasets/malware/lamehug/T1007/net_start/net_start.yml
similarity index 84%
rename from datasets/malware/T1007/net_start/net_start.yml
rename to datasets/malware/lamehug/T1007/net_start/net_start.yml
index f4027cc4..326e75ef 100644
--- a/datasets/malware/T1007/net_start/net_start.yml
+++ b/datasets/malware/lamehug/T1007/net_start/net_start.yml
@@ -8,6 +8,6 @@ mitre_technique:
 - T1007
 datasets:
 - name: net_start.log
-  path: /datasets/malware/T1007/net_start/net_start.log
+  path: /datasets/malware/lamehug/T1007/net_start/net_start.log
   sourcetype: 'XmlWinEventLog'
   source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file
diff --git a/datasets/malware/T1071.004/hugging_face/hugging_face.yml b/datasets/malware/lamehug/T1071.004/hugging_face/hugging_face.yml
similarity index 83%
rename from datasets/malware/T1071.004/hugging_face/hugging_face.yml
rename to datasets/malware/lamehug/T1071.004/hugging_face/hugging_face.yml
index 117181c4..9d407c3e 100644
--- a/datasets/malware/T1071.004/hugging_face/hugging_face.yml
+++ b/datasets/malware/lamehug/T1071.004/hugging_face/hugging_face.yml
@@ -8,6 +8,6 @@ mitre_technique:
 - T1071.004
 datasets:
 - name: huggingface.log
-  path: /datasets/malware/T1071.004/hugging_face/huggingface.log
+  path: /datasets/malware/lamehug/T1071.004/hugging_face/huggingface.log
   sourcetype: 'XmlWinEventLog'
   source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file
diff --git a/datasets/malware/T1071.004/hugging_face/huggingface.log b/datasets/malware/lamehug/T1071.004/hugging_face/huggingface.log
similarity index 100%
rename from datasets/malware/T1071.004/hugging_face/huggingface.log
rename to datasets/malware/lamehug/T1071.004/hugging_face/huggingface.log
diff --git a/datasets/malware/T1082/wmic_cmd/wmic_cmd.log b/datasets/malware/lamehug/T1082/wmic_cmd/wmic_cmd.log
similarity index 100%
rename from datasets/malware/T1082/wmic_cmd/wmic_cmd.log
rename to datasets/malware/lamehug/T1082/wmic_cmd/wmic_cmd.log
diff --git a/datasets/malware/T1082/wmic_cmd/wmic_cmd.yml b/datasets/malware/lamehug/T1082/wmic_cmd/wmic_cmd.yml
similarity index 85%
rename from datasets/malware/T1082/wmic_cmd/wmic_cmd.yml
rename to datasets/malware/lamehug/T1082/wmic_cmd/wmic_cmd.yml
index 693d651a..35a90c7c 100644
--- a/datasets/malware/T1082/wmic_cmd/wmic_cmd.yml
+++ b/datasets/malware/lamehug/T1082/wmic_cmd/wmic_cmd.yml
@@ -8,6 +8,6 @@ mitre_technique:
 - T1082
 datasets:
 - name: wmic_cmd.log
-  path: /datasets/malware/T1082/wmic_cmd/wmic_cmd.log
+  path: /datasets/malware/lamehug/T1082/wmic_cmd/wmic_cmd.log
   sourcetype: 'XmlWinEventLog'
   source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file
diff --git a/datasets/malware/lamehug/T1119/doc_collection/doc_collection.yml b/datasets/malware/lamehug/T1119/doc_collection/doc_collection.yml
new file mode 100644
index 00000000..5ee91ed4
--- /dev/null
+++ b/datasets/malware/lamehug/T1119/doc_collection/doc_collection.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 4db3d658-826f-11f0-b7e4-629be3538068
+date: '2025-08-26'
+description: Generated datasets for doc collection in attack range.
+environment: attack_range
+directory: doc_collection
+mitre_technique:
+- T1119
+datasets:
+- name: xcopy_event.log
+  path: /datasets/malware/lamehug/T1119/doc_collection/xcopy_event.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file
diff --git a/datasets/malware/lamehug/T1119/doc_collection/xcopy_event.log b/datasets/malware/lamehug/T1119/doc_collection/xcopy_event.log
new file mode 100644
index 00000000..fd330799
--- /dev/null
+++ b/datasets/malware/lamehug/T1119/doc_collection/xcopy_event.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d0b0b5049a6cf825e21f4f17dc436e06e1dec2743e2e7fecd8a2d02efc977993
+size 252732