diff --git a/datasets/attack_techniques/T1195.001/npm/npm_supply_chain.yml b/datasets/attack_techniques/T1195.001/npm/npm_supply_chain.yml
new file mode 100644
index 00000000..bd3b82cb
--- /dev/null
+++ b/datasets/attack_techniques/T1195.001/npm/npm_supply_chain.yml
@@ -0,0 +1,17 @@
+author: Michael Haag, Splunk
+id: 0e029cfc-ce81-48c4-ba74-598afa1ddbba
+date: '2025-10-28'
+description: Dataset generated in attack range for the attack technique of npm supply chain.
+environment: attack_range
+directory: npm
+mitre_technique:
+- T1195.001
+datasets:
+- name: workflow_yml_sysmon_linux
+  path: /datasets/attack_techniques/T1195.001/npm/workflow_yml_sysmon.log
+  sourcetype: sysmon:linux
+  source: Syslog:Linux-Sysmon/Operational
+- name: shai_hulud_workflow_sysmon
+  path: /datasets/attack_techniques/T1195.001/npm/shai_hulud_workflow_sysmon.log
+  sourcetype: sysmon:linux
+  source: Syslog:Linux-Sysmon/Operational
\ No newline at end of file
diff --git a/datasets/attack_techniques/T1195.001/npm/shai_hulud_workflow_sysmon.log b/datasets/attack_techniques/T1195.001/npm/shai_hulud_workflow_sysmon.log
new file mode 100644
index 00000000..00cac1db
--- /dev/null
+++ b/datasets/attack_techniques/T1195.001/npm/shai_hulud_workflow_sysmon.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:23a4fb324372db0799d122661a62f342f2f5e999e28c8f619c0d003ba0c6715a
+size 17001
diff --git a/datasets/attack_techniques/T1195.001/npm/workflow_yml_sysmon.log b/datasets/attack_techniques/T1195.001/npm/workflow_yml_sysmon.log
new file mode 100644
index 00000000..81485fcc
--- /dev/null
+++ b/datasets/attack_techniques/T1195.001/npm/workflow_yml_sysmon.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3a57a9a1933720890fd70c23684349f82d9182f33044ffff7009c7330b001e71
+size 22920