headless_bee

t-contreras · t-contreras · commit 0ad0b41cefe0 · 2025-03-13T10:11:29.000+01:00
diff --git a/T1036/executables_suspicious_file_path/exec_susp_path2.log b/T1036/executables_suspicious_file_path/exec_susp_path2.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ae3ae67e3f31e6600605b816a2d9a504b7acf7a70e8838fcec9e9dbeccc6ae6f
+size 5479
diff --git a/datasets/attack_techniques/T1036.005/process_in_programdata/exec_programdata.log b/datasets/attack_techniques/T1036.005/process_in_programdata/exec_programdata.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7a7e9633dba344d6e5ed31460b870a2aed575eae0183393d49ccf7e695826f59
+size 2024
diff --git a/datasets/attack_techniques/T1036.005/process_in_programdata/process_in_programdata.yml b/datasets/attack_techniques/T1036.005/process_in_programdata/process_in_programdata.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: c5ebef14-ffea-11ef-bd3a-629be353806a
+date: '2025-03-13'
+description: Generated datasets for process in programdata in attack range.
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1036.005/process_in_programdata/exec_programdata.log
+sourcetypes:
+- 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
+references:
+- https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:ae3ae67e3f31e6600605b816a2d9a504b7acf7a70e8838fcec9e9dbeccc6ae6f`
	`3`	`+size 5479`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:7a7e9633dba344d6e5ed31460b870a2aed575eae0183393d49ccf7e695826f59`
	`3`	`+size 2024`