From 888a4639cadbd94610eb95f1f727a0551f37b89b Mon Sep 17 00:00:00 2001
From: nasbench <nasreddineb@splunk.com>
Date: Fri, 24 Oct 2025 14:13:25 +0200
Subject: [PATCH] add lnx dataset for pipe to exec

---
 .../T1105/download_to_pipe_exec/download_to_pipe_exec.yml | 8 ++++++--
 .../download_to_pipe_exec/download_to_pipe_exec_linux.log | 3 +++
 2 files changed, 9 insertions(+), 2 deletions(-)
 create mode 100644 datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec_linux.log

diff --git a/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.yml b/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.yml
index 95462cb4..548200f8 100644
--- a/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.yml
+++ b/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.yml
@@ -3,11 +3,15 @@ id: f25b05ae-99d7-4f67-917d-5db3d219fcbb
 date: '2025-10-17'
 description: Dataset generated in attack range for the attack technique of download to pipe execution.
 environment: attack_range
-directory: atomic_red_team
+directory: download_to_pipe_exec
 mitre_technique:
 - T1105
 datasets:
-- name: windows-sysmon_curl_upload
+- name: download_to_pipe_exec
   path: /datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.log
   sourcetype: XmlWinEventLog
   source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+- name: download_to_pipe_exec_linux
+  path: /datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec_linux.log
+  sourcetype: sysmon:linux
+  source: Syslog:Linux-Sysmon/Operational
diff --git a/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec_linux.log b/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec_linux.log
new file mode 100644
index 00000000..4b01a4cc
--- /dev/null
+++ b/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec_linux.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9c629b51765f290038bef423acf717960cc3da6bf3e4d40d406627854335be7a
+size 1554