From 5faa5b8c8cb92c9a584ed47f7958ca12b4d48176 Mon Sep 17 00:00:00 2001
From: Teoderick Contreras <tcontreras@splunk.com>
Date: Wed, 22 Apr 2026 14:58:26 +0200
Subject: [PATCH] vip_inj

---
 .../T1059.001/vip_injection_pwh/pwh_net_inline.log  |  3 +++
 .../vip_injection_pwh/vip_injection_pwh.yml         | 13 +++++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 datasets/attack_techniques/T1059.001/vip_injection_pwh/pwh_net_inline.log
 create mode 100644 datasets/attack_techniques/T1059.001/vip_injection_pwh/vip_injection_pwh.yml

diff --git a/datasets/attack_techniques/T1059.001/vip_injection_pwh/pwh_net_inline.log b/datasets/attack_techniques/T1059.001/vip_injection_pwh/pwh_net_inline.log
new file mode 100644
index 00000000..86b7a9df
--- /dev/null
+++ b/datasets/attack_techniques/T1059.001/vip_injection_pwh/pwh_net_inline.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c38d09675a3a9459d85d71bebecec9461d7dfc800144e624c71cb052a9d5e067
+size 8227
diff --git a/datasets/attack_techniques/T1059.001/vip_injection_pwh/vip_injection_pwh.yml b/datasets/attack_techniques/T1059.001/vip_injection_pwh/vip_injection_pwh.yml
new file mode 100644
index 00000000..d267cfae
--- /dev/null
+++ b/datasets/attack_techniques/T1059.001/vip_injection_pwh/vip_injection_pwh.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: df6600c0-3e4a-11f1-91b6-629be3538068
+date: '2026-04-22'
+description: Generated datasets for vip injection pwh in attack range.
+environment: attack_range
+directory: vip_injection_pwh
+mitre_technique:
+- T1059.001
+datasets:
+- name: pwh_net_inline.log
+  path: /datasets/attack_techniques/T1059.001/vip_injection_pwh/pwh_net_inline.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-PowerShell/Operational'
\ No newline at end of file