Windows-APT 2025: A dataset for APT-inspired attack scenarios on windows systems.

The Windows-APT Dataset 2025 represents a significant advancement in cybersecurity research, addressing critical gaps in the understanding of advanced persistent threat (APT) tactics against Windows systems. Existing datasets largely focus on network data, often overlooking the detailed tactics, techniques, and procedures (TTPs) used by sophisticated threat actors. To bridge this gap, we developed a comprehensive dataset of 36 APT-inspired scenarios derived from threat actor profiles documented in the MITRE ATT&CK framework. Scenario selection mirrors MITRE ATT&CK group entries reported as China-attributed; we do not assert attribution and focus strictly on reproducing reported TTPs for research. Leveraging the MITRE Caldera framework for adversary emulation, we generated extensive system and network event logs, collected via Wazuh, and systematically mapped them to the MITRE ATT&CK framework. This dataset provides a valuable asset for machine learning model training, intrusion detection system evaluation, and the enhancement of APT dynamics studies. By providing a detailed view of APT activities in Windows environments, it enables stronger threat detection, informs defensive strategies, and facilitates development of effective countermeasures against emerging cyber threats. The dataset package contains 19 CSV files (including 16 per-period logs, one combined log, and two supplementary CSVs for manifest and validation), along with configuration files to support exact replication.