diff --git a/datasets/attack_techniques/T1553.001/atomic_red_team/macos_gatekeeper_bypass_xattr/macos_gatekeeper_bypass_xattr.log b/datasets/attack_techniques/T1553.001/atomic_red_team/macos_gatekeeper_bypass_xattr/macos_gatekeeper_bypass_xattr.log
new file mode 100644
index 00000000..7a50f3ec
--- /dev/null
+++ b/datasets/attack_techniques/T1553.001/atomic_red_team/macos_gatekeeper_bypass_xattr/macos_gatekeeper_bypass_xattr.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:eed3cd1fcfd35b468a8326f4580800a64f54309121252111cd319d92f4329be7
+size 3352
diff --git a/datasets/attack_techniques/T1553.001/atomic_red_team/macos_gatekeeper_bypass_xattr/macos_gatekeeper_bypass_xattr.yml b/datasets/attack_techniques/T1553.001/atomic_red_team/macos_gatekeeper_bypass_xattr/macos_gatekeeper_bypass_xattr.yml
new file mode 100644
index 00000000..50bfde54
--- /dev/null
+++ b/datasets/attack_techniques/T1553.001/atomic_red_team/macos_gatekeeper_bypass_xattr/macos_gatekeeper_bypass_xattr.yml
@@ -0,0 +1,13 @@
+author: Jamie Windley
+id: bc5865ff-2ea2-4b78-b34b-f2b375d464a3
+date: '2025-12-16'
+description: Generated dataset for MacOS Gatekeeper Bypass using xattr
+environment: vm
+directory: macos_gatekeeper_bypass_xattr
+mitre_technique:
+- T1553.001
+datasets:
+- name: macos_gatekeeper_bypass_xattr.log
+  path: /datasets/attack_techniques/T1553.001/atomic_red_team/macos_gatekeeper_bypass_xattr/macos_gatekeeper_bypass_xattr.log
+  sourcetype: 'osquery:results'
+  source: '/var/log/osquery/osqueryd.results.log'
diff --git a/datasets/attack_techniques/T1553.001/macos_gatekeeper_bypass_LSFileQuarantineEnabled/macos_gatekeeper_bypass_LSFileQuarantineEnabled.log b/datasets/attack_techniques/T1553.001/macos_gatekeeper_bypass_LSFileQuarantineEnabled/macos_gatekeeper_bypass_LSFileQuarantineEnabled.log
new file mode 100644
index 00000000..114afb25
--- /dev/null
+++ b/datasets/attack_techniques/T1553.001/macos_gatekeeper_bypass_LSFileQuarantineEnabled/macos_gatekeeper_bypass_LSFileQuarantineEnabled.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2e2e29b722ab46aed1c4fb5c3c6a570ad298b10ef269d62c1b0c5fcf7d00b828
+size 1951
diff --git a/datasets/attack_techniques/T1553.001/macos_gatekeeper_bypass_LSFileQuarantineEnabled/macos_gatekeeper_bypass_LSFileQuarantineEnabled.yml b/datasets/attack_techniques/T1553.001/macos_gatekeeper_bypass_LSFileQuarantineEnabled/macos_gatekeeper_bypass_LSFileQuarantineEnabled.yml
new file mode 100644
index 00000000..49397c5c
--- /dev/null
+++ b/datasets/attack_techniques/T1553.001/macos_gatekeeper_bypass_LSFileQuarantineEnabled/macos_gatekeeper_bypass_LSFileQuarantineEnabled.yml
@@ -0,0 +1,13 @@
+author: Jamie Windley
+id: fbcfb4fb-1be3-4348-87d3-60c68a0b6334
+date: '2025-12-16'
+description: Generated dataset for MacOS Gatekeeper Bypass by making changes to LSFileQuarantineEnabled field in Info.plist
+environment: vm
+directory: macos_gatekeeper_bypass_LSFileQuarantineEnabled
+mitre_technique:
+- T1553.001
+datasets:
+- name: macos_gatekeeper_bypass_LSFileQuarantineEnabled.log
+  path: /datasets/attack_techniques/T1553.001/macos_gatekeeper_bypass_LSFileQuarantineEnabled/macos_gatekeeper_bypass_LSFileQuarantineEnabled.log
+  sourcetype: 'osquery:results'
+  source: '/var/log/osquery/osqueryd.results.log'