diff --git a/datasets/attack_techniques/T1485/decommissioned_buckets/cloudtrail.json b/datasets/attack_techniques/T1485/decommissioned_buckets/cloudtrail.json
new file mode 100644
index 00000000..3b7f4600
--- /dev/null
+++ b/datasets/attack_techniques/T1485/decommissioned_buckets/cloudtrail.json
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3120f96bef4d9b58c1991d5ef2c95dc64f241ca734c52368274735bfac5f7ee6
+size 16601
diff --git a/datasets/attack_techniques/T1485/decommissioned_buckets/decommissioned_buckets.yml b/datasets/attack_techniques/T1485/decommissioned_buckets/decommissioned_buckets.yml
new file mode 100644
index 00000000..0ffd13cc
--- /dev/null
+++ b/datasets/attack_techniques/T1485/decommissioned_buckets/decommissioned_buckets.yml
@@ -0,0 +1,18 @@
+author: Jose Hernandez, Bhavin Patel
+id: 984e9022-b87b-499a-a260-8d0282c46ea2
+date: '2025-02-14'
+description: Dataset generated from AWS CloudTrail logs capturing the lifecycle of an intentionally exposed S3 bucket, including its creation, public access configuration (via bucket policy and website hosting), and subsequent deletion. This simulates the detection of potentially risky S3 bucket configurations and their decommissioning process.
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1485/decommissioned_buckets/cloudtrail.json
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1485/decommissioned_buckets/dns.log
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1485/decommissioned_buckets/web_cloudfront_access.log
+sourcetypes:
+- aws:cloudtrail
+- aws:cloudfront:accesslogs
+- XmlWinEventLog
+references:
+- https://attack.mitre.org/techniques/T1485/
+- https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html
+- https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/
+- https://aws.amazon.com/premiumsupport/knowledge-center/secure-s3-resources/
diff --git a/datasets/attack_techniques/T1485/decommissioned_buckets/dns.log b/datasets/attack_techniques/T1485/decommissioned_buckets/dns.log
new file mode 100644
index 00000000..f795d9fd
--- /dev/null
+++ b/datasets/attack_techniques/T1485/decommissioned_buckets/dns.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f34fa6bcce97ede8a1a65b3f134799b5b850bc1790353e5b19898868b0d29e51
+size 1215
diff --git a/datasets/attack_techniques/T1485/decommissioned_buckets/web_cloudfront_access.log b/datasets/attack_techniques/T1485/decommissioned_buckets/web_cloudfront_access.log
new file mode 100644
index 00000000..accc8c76
--- /dev/null
+++ b/datasets/attack_techniques/T1485/decommissioned_buckets/web_cloudfront_access.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bc6c4d434eeadbd6f7d5524278f9b55ebf7e1e8904b260abd4d2a6a803c9850a
+size 517