From 8aa93fb15bdb4ecd0c29be48ede0fe88ec07094b Mon Sep 17 00:00:00 2001
From: P4T12ICK <patrickbareiss1989@gmail.com>
Date: Tue, 18 Nov 2025 13:38:10 +0100
Subject: [PATCH 1/2] Add YAML metadata for T1197

---
 .../bitsadmin-download-file-new.yml                 | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 datasets/attack_techniques/T1197/bitsadmin-download-file-new/bitsadmin-download-file-new.yml

diff --git a/datasets/attack_techniques/T1197/bitsadmin-download-file-new/bitsadmin-download-file-new.yml b/datasets/attack_techniques/T1197/bitsadmin-download-file-new/bitsadmin-download-file-new.yml
new file mode 100644
index 00000000..e88fad2a
--- /dev/null
+++ b/datasets/attack_techniques/T1197/bitsadmin-download-file-new/bitsadmin-download-file-new.yml
@@ -0,0 +1,13 @@
+author: PB
+id: 860011fc-435b-47bf-bed3-16c1654c18ea
+date: '2025-11-18'
+description: Attack data for detection BITSAdmin Download File New
+environment: attack_range
+directory: bitsadmin-download-file-new
+mitre_technique:
+- T1197
+datasets:
+- name: data
+  path: datasets/attack_techniques/T1197/bitsadmin-download-file-new/data.log
+  sourcetype: XmlWinEventLog
+  source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

From e574a1f7e2311d9735e1d97c75e67f11d04ed94b Mon Sep 17 00:00:00 2001
From: P4T12ICK <patrickbareiss1989@gmail.com>
Date: Tue, 18 Nov 2025 13:38:11 +0100
Subject: [PATCH 2/2] Add attack data for T1197

---
 .../T1197/bitsadmin-download-file-new/data.log                 | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 datasets/attack_techniques/T1197/bitsadmin-download-file-new/data.log

diff --git a/datasets/attack_techniques/T1197/bitsadmin-download-file-new/data.log b/datasets/attack_techniques/T1197/bitsadmin-download-file-new/data.log
new file mode 100644
index 00000000..0edd6fe9
--- /dev/null
+++ b/datasets/attack_techniques/T1197/bitsadmin-download-file-new/data.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4b4de4a252c146972a4d03dcc0e416623222cccdd1cf71b9c6988eced3e23fad
+size 33132