From 65bdbed43e346489b3432a06a34023c9e534f000 Mon Sep 17 00:00:00 2001
From: nasbench <nasreddineb@splunk.com>
Date: Fri, 17 Oct 2025 16:30:32 +0200
Subject: [PATCH 1/2] add dataset for download-to-pipe

---
 .../download_to_pipe_exec/download_to_pipe_exec.log |  3 +++
 .../download_to_pipe_exec/download_to_pipe_exec.yml | 13 +++++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.log
 create mode 100644 datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.yml

diff --git a/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.log b/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.log
new file mode 100644
index 00000000..27a19a39
--- /dev/null
+++ b/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:00816cd9278f3eab0fcb1596d284da35a15dbef9db15a8b4973fac10ebd5dbf3
+size 35886
diff --git a/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.yml b/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.yml
new file mode 100644
index 00000000..0e263875
--- /dev/null
+++ b/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.yml
@@ -0,0 +1,13 @@
+author: Nasreddine Bencherchali, Splunk
+id: f25b05ae-99d7-4f67-917d-5db3d219fcbb
+date: 2025-10-17
+description: Dataset generated in attack range for the attack technique of download to pipe execution.
+environment: attack_range
+directory: atomic_red_team
+mitre_technique:
+- T1105
+datasets:
+- name: windows-sysmon_curl_upload
+  path: /datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.log
+  sourcetype: XmlWinEventLog
+  source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

From e8a9a3c6d028821c0d971d9b71a4283353f94f44 Mon Sep 17 00:00:00 2001
From: nasbench <nasreddineb@splunk.com>
Date: Fri, 17 Oct 2025 16:32:02 +0200
Subject: [PATCH 2/2] fix date

---
 .../T1105/download_to_pipe_exec/download_to_pipe_exec.yml       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.yml b/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.yml
index 0e263875..95462cb4 100644
--- a/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.yml
+++ b/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.yml
@@ -1,6 +1,6 @@
 author: Nasreddine Bencherchali, Splunk
 id: f25b05ae-99d7-4f67-917d-5db3d219fcbb
-date: 2025-10-17
+date: '2025-10-17'
 description: Dataset generated in attack range for the attack technique of download to pipe execution.
 environment: attack_range
 directory: atomic_red_team