amos stealer vm check dataset

nasbench · nasbench · commit 0eab85d9f2f7 · 2025-04-25T12:05:20.000+02:00
diff --git a/datasets/attack_techniques/T1059.002/amos_stealer/amos_stealer.log b/datasets/attack_techniques/T1059.002/amos_stealer/amos_stealer.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7f35270f16a81ac348de41c253f409a0ce8120eb2bef1d60d6e128b04922b3f5
+size 1079
diff --git a/datasets/attack_techniques/T1059.002/amos_stealer/amos_stealer.yml b/datasets/attack_techniques/T1059.002/amos_stealer/amos_stealer.yml
@@ -0,0 +1,12 @@
+author: Nasreddine Bencherchali
+id: f389cba7-e9bd-4452-b933-46a4b6915806
+date: '2025-04-25'
+description: Generated dataset for amos stealer execution with osquery and endpoint security
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1059.002/amos_stealer/amos_stealer.log
+sourcetypes:
+- osquery:results
+references:
+- https://osquery.readthedocs.io/en/stable/deployment/process-auditing/
+- https://attack.mitre.org/techniques/T1059/002/

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:7f35270f16a81ac348de41c253f409a0ce8120eb2bef1d60d6e128b04922b3f5`
	`3`	`+size 1079`