From 66f05f8a22f0c015da3d66bd8985897fe1574cdf Mon Sep 17 00:00:00 2001
From: P4T12ICK <patrickbareiss1989@gmail.com>
Date: Wed, 3 Dec 2025 08:56:21 +0100
Subject: [PATCH 1/2] Add YAML metadata for T1198

---
 .../bitsadmin-download-file-new.yml                 | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 datasets/attack_techniques/T1198/bitsadmin-download-file-new/bitsadmin-download-file-new.yml

diff --git a/datasets/attack_techniques/T1198/bitsadmin-download-file-new/bitsadmin-download-file-new.yml b/datasets/attack_techniques/T1198/bitsadmin-download-file-new/bitsadmin-download-file-new.yml
new file mode 100644
index 00000000..3a35ab91
--- /dev/null
+++ b/datasets/attack_techniques/T1198/bitsadmin-download-file-new/bitsadmin-download-file-new.yml
@@ -0,0 +1,13 @@
+author: PB
+id: e594bf14-97b3-4ff4-97af-550386357fc6
+date: '2025-12-03'
+description: Attack data for detection BITSAdmin Download File New
+environment: attack_range
+directory: bitsadmin-download-file-new
+mitre_technique:
+- T1198
+datasets:
+- name: data
+  path: datasets/attack_techniques/T1198/bitsadmin-download-file-new/data.log
+  sourcetype: XmlWinEventLog
+  source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

From ea5717ebe08ea4095a683f1b9e47f60fab25006f Mon Sep 17 00:00:00 2001
From: P4T12ICK <patrickbareiss1989@gmail.com>
Date: Wed, 3 Dec 2025 08:56:21 +0100
Subject: [PATCH 2/2] Add attack data for T1198

---
 .../T1198/bitsadmin-download-file-new/data.log                 | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 datasets/attack_techniques/T1198/bitsadmin-download-file-new/data.log

diff --git a/datasets/attack_techniques/T1198/bitsadmin-download-file-new/data.log b/datasets/attack_techniques/T1198/bitsadmin-download-file-new/data.log
new file mode 100644
index 00000000..c7de96e8
--- /dev/null
+++ b/datasets/attack_techniques/T1198/bitsadmin-download-file-new/data.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f704136f00be1b26ecdfc09a6b9fc8c28086a4bece03a0204c56cd35d7cabac3
+size 13927