diff --git a/datasets/attack_techniques/T1552.001/winscp_access/winscp_access.yml b/datasets/attack_techniques/T1552.001/winscp_access/winscp_access.yml
new file mode 100644
index 00000000..929495a8
--- /dev/null
+++ b/datasets/attack_techniques/T1552.001/winscp_access/winscp_access.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: f30180dc-6fd7-11f1-b678-629be3538069
+date: '2026-06-24'
+description: Generated datasets for winscp access in attack range.
+environment: attack_range
+directory: winscp_access
+mitre_technique:
+- T1552.001
+datasets:
+- name: winscp_phnatom.log
+  path: /datasets/attack_techniques/T1552.001/winscp_access/winscp_phnatom.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Security'
\ No newline at end of file
diff --git a/datasets/attack_techniques/T1552.001/winscp_access/winscp_phnatom.log b/datasets/attack_techniques/T1552.001/winscp_access/winscp_phnatom.log
new file mode 100644
index 00000000..a62c7fbd
--- /dev/null
+++ b/datasets/attack_techniques/T1552.001/winscp_access/winscp_phnatom.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8e0593b170c1b05f3cbdfe6dafbd68a0a3642582098c915d9768ae23c55e63b4
+size 6224