From a159d2bf2f3f676e9cc66075e0f2ff93c0e2330e Mon Sep 17 00:00:00 2001
From: Teoderick Contreras <tcontreras@splunk.com>
Date: Thu, 16 Apr 2026 17:11:22 +0200
Subject: [PATCH] vip

---
 .../vip_big_env_variable/vip_INTERNAL_DB_CACHE.log  |  3 +++
 .../vip_big_env_variable/vip_big_env_variable.yml   | 13 +++++++++++++
 .../T1218/vip_aspnet_process/vip_aspnet_process.log |  3 +++
 .../T1218/vip_aspnet_process/vip_aspnet_process.yml | 13 +++++++++++++
 4 files changed, 32 insertions(+)
 create mode 100644 datasets/attack_techniques/T1112/vip_big_env_variable/vip_INTERNAL_DB_CACHE.log
 create mode 100644 datasets/attack_techniques/T1112/vip_big_env_variable/vip_big_env_variable.yml
 create mode 100644 datasets/attack_techniques/T1218/vip_aspnet_process/vip_aspnet_process.log
 create mode 100644 datasets/attack_techniques/T1218/vip_aspnet_process/vip_aspnet_process.yml

diff --git a/datasets/attack_techniques/T1112/vip_big_env_variable/vip_INTERNAL_DB_CACHE.log b/datasets/attack_techniques/T1112/vip_big_env_variable/vip_INTERNAL_DB_CACHE.log
new file mode 100644
index 00000000..581ea774
--- /dev/null
+++ b/datasets/attack_techniques/T1112/vip_big_env_variable/vip_INTERNAL_DB_CACHE.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b7b7a92f504ec7af15951bb2de90ed91f35499909331de3f70a8bfd7ea6d12cf
+size 20948
diff --git a/datasets/attack_techniques/T1112/vip_big_env_variable/vip_big_env_variable.yml b/datasets/attack_techniques/T1112/vip_big_env_variable/vip_big_env_variable.yml
new file mode 100644
index 00000000..bbf84753
--- /dev/null
+++ b/datasets/attack_techniques/T1112/vip_big_env_variable/vip_big_env_variable.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 37c77a40-39a6-11f1-b68e-629be3538069
+date: '2026-04-16'
+description: Generated datasets for vip big env variable in attack range.
+environment: attack_range
+directory: vip_big_env_variable
+mitre_technique:
+- T1112
+datasets:
+- name: vip_INTERNAL_DB_CACHE.log
+  path: /datasets/attack_techniques/T1112/vip_big_env_variable/vip_INTERNAL_DB_CACHE.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file
diff --git a/datasets/attack_techniques/T1218/vip_aspnet_process/vip_aspnet_process.log b/datasets/attack_techniques/T1218/vip_aspnet_process/vip_aspnet_process.log
new file mode 100644
index 00000000..310e2793
--- /dev/null
+++ b/datasets/attack_techniques/T1218/vip_aspnet_process/vip_aspnet_process.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9294f3a6b31ca36ad954bd65bf2ca2bbced303f79e1e68e3dfbdb8895eb1c990
+size 42550
diff --git a/datasets/attack_techniques/T1218/vip_aspnet_process/vip_aspnet_process.yml b/datasets/attack_techniques/T1218/vip_aspnet_process/vip_aspnet_process.yml
new file mode 100644
index 00000000..67daa68e
--- /dev/null
+++ b/datasets/attack_techniques/T1218/vip_aspnet_process/vip_aspnet_process.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 71500688-39a6-11f1-b68e-629be3538069
+date: '2026-04-16'
+description: Generated datasets for vip aspnet process in attack range.
+environment: attack_range
+directory: vip_aspnet_process
+mitre_technique:
+- T1218
+datasets:
+- name: vip_aspnet_process.log
+  path: /datasets/attack_techniques/T1218/vip_aspnet_process/vip_aspnet_process.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file