Skip to content

Commit 16c236f

Browse files
patel-bhavinpatel-bhavin
authored
Merge pull request #955 from nterl0k/nterl0k-t1567-o365-sus-file-exfil
Nterl0k - T1567 O365 Suspect File Exfiltration Events
2 parents e56e986 + 2cafd08 commit 16c236f

File tree

2 files changed

+16
-0
lines changed

2 files changed

+16
-0
lines changed

datasets/attack_techniques/T1567/o365_sus_file_activity/o365_sus_file_activity.log

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
version https://git-lfs.github.com/spec/v1
2+
oid sha256:ef3b8cc321fed3031bca6d16d4c35e7de3112ab40ea08f2fca02879a065d8774
3+
size 503181

datasets/attack_techniques/T1567/o365_sus_file_activity/o365_sus_file_activity.yml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
author: Steven Dick
2+
id: a5b98f63-2116-4f7d-bd46-228872bc79f8
3+
date: '2025-01-28'
4+
description: 'Sample of events when an actor attempts to exfiltrate data from sharepoint using various methods.'
5+
environment: attack_range
6+
dataset:
7+
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1567/o365_sus_file_activity/o365_sus_file_activity.log
8+
sourcetypes:
9+
- o365:management:activity
10+
references:
11+
- https://attack.mitre.org/techniques/T1567/exfil
12+
- https://www.varonis.com/blog/sidestepping-detection-while-exfiltrating-sharepoint-data
13+
- https://thedfirjournal.com/posts/m365-data-exfiltration-rclone/

0 commit comments

Comments
 (0)