From bc9fea70585b81a3927709cc9779f0c1adbf0fa5 Mon Sep 17 00:00:00 2001
From: Teoderick Contreras <tcontreras@splunk.com>
Date: Wed, 1 Oct 2025 11:16:51 +0200
Subject: [PATCH 1/2] lokibot

---
 .../T1071.004/vbc_dnsquery/vbc_dns_query.log        |  3 +++
 .../T1071.004/vbc_dnsquery/vbc_dnsquery.yml         | 13 +++++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 datasets/attack_techniques/T1071.004/vbc_dnsquery/vbc_dns_query.log
 create mode 100644 datasets/attack_techniques/T1071.004/vbc_dnsquery/vbc_dnsquery.yml

diff --git a/datasets/attack_techniques/T1071.004/vbc_dnsquery/vbc_dns_query.log b/datasets/attack_techniques/T1071.004/vbc_dnsquery/vbc_dns_query.log
new file mode 100644
index 00000000..314909de
--- /dev/null
+++ b/datasets/attack_techniques/T1071.004/vbc_dnsquery/vbc_dns_query.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:57edefcbfadbe1954fa2867cbf5ad761e0f1a16097f9926d95c515358bc29f44
+size 8696
diff --git a/datasets/attack_techniques/T1071.004/vbc_dnsquery/vbc_dnsquery.yml b/datasets/attack_techniques/T1071.004/vbc_dnsquery/vbc_dnsquery.yml
new file mode 100644
index 00000000..a4b2eeea
--- /dev/null
+++ b/datasets/attack_techniques/T1071.004/vbc_dnsquery/vbc_dnsquery.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 489169c0-9ea7-11f0-ba06-629be353806a
+date: '2025-10-01'
+description: Generated datasets for vbc dnsquery in attack range.
+environment: attack_range
+directory: vbc_dnsquery
+mitre_technique:
+- T1071.004
+datasets:
+- name: vbc_dns_query.log
+  path: /datasets/attack_techniques/T1071.004/vbc_dnsquery/vbc_dns_query.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file

From fdde6ec488f43c5ca853c1ea649179eca49a383c Mon Sep 17 00:00:00 2001
From: Teoderick Contreras <tcontreras@splunk.com>
Date: Wed, 1 Oct 2025 13:30:20 +0200
Subject: [PATCH 2/2] lokibot

---
 datasets/m365_copilot/m365_copilot.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/datasets/m365_copilot/m365_copilot.yml b/datasets/m365_copilot/m365_copilot.yml
index fcb1977b..d79c727b 100644
--- a/datasets/m365_copilot/m365_copilot.yml
+++ b/datasets/m365_copilot/m365_copilot.yml
@@ -3,6 +3,8 @@ id: 0bf90131-c582-4976-85b8-711d2c2c1926
 date: '2025-09-25'
 description: |
  Logs from M365 Copilot Access Logs via Splunk Add-on for M365 and Exported Logs from eDsicovery Purview. Contains actual access logs and jailbreak attacks. 
+environment: attack_range
+directory: m365_copilot
 mitre_technique: []
 datasets:
 - name: m365_access_logs