Skip to content

Commit 52629ee

Browse files
t-contrerast-contreras
committed
medusa_ransomware
1 parent 0ad0b41 commit 52629ee

File tree

7 files changed

+45
-0
lines changed

7 files changed

+45
-0
lines changed

datasets/attack_techniques/T1021.001/mstsc_rdp_cmd/mstsc_rdp_cmd.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
author: Teoderick Contreras, Splunk
2+
id: 5886e632-0336-11f0-bf1c-629be3538069
3+
date: '2025-03-17'
4+
description: Generated datasets for mstsc rdp cmd in attack range.
5+
environment: attack_range
6+
dataset:
7+
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1021.001/mstsc_rdp_cmd/mstsc_sysmon.log
8+
sourcetypes:
9+
- 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
10+
references:
11+
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a

datasets/attack_techniques/T1021.001/mstsc_rdp_cmd/mstsc_sysmon.log

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
version https://git-lfs.github.com/spec/v1
2+
oid sha256:d892e534679ed2509cab7d305841e9dc1bff77574aee64d1ab869c227d78931e
3+
size 9893

datasets/attack_techniques/T1059.003/delete_pwh_history/delete_pwh_history.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
author: Teoderick Contreras, Splunk
2+
id: 2a10561c-0336-11f0-bf1c-629be3538069
3+
date: '2025-03-17'
4+
description: Generated datasets for delete pwh history in attack range.
5+
environment: attack_range
6+
dataset:
7+
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1059.003/delete_pwh_history/delete_pwh_history_file.log
8+
sourcetypes:
9+
- 'XmlWinEventLog:Microsoft-Windows-PowerShell/Operational'
10+
references:
11+
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a

datasets/attack_techniques/T1059.003/delete_pwh_history/delete_pwh_history_file.log

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
version https://git-lfs.github.com/spec/v1
2+
oid sha256:be5b6850302e520c21383885e395e59e4e5a09c64333d644a501e5f9cb9e721f
3+
size 1323

datasets/attack_techniques/T1070.003/ConsoleHost_History_deletion/ConsoleHost_History_deletion.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
author: Teoderick Contreras, Splunk
2+
id: 469bf8a8-0337-11f0-bf1c-629be3538069
3+
date: '2025-03-17'
4+
description: Generated datasets for ConsoleHost History deletion in attack range.
5+
environment: attack_range
6+
dataset:
7+
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1070.003/ConsoleHost_History_deletion/delete_pwh_history_file.log
8+
sourcetypes:
9+
- 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
10+
references:
11+
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a

datasets/attack_techniques/T1070.003/ConsoleHost_History_deletion/HistorySavePath_powershell.log

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
version https://git-lfs.github.com/spec/v1
2+
oid sha256:75de156569359e9e1ea44508621acc910552f2cf20f562f94ba6aa72b2a7992f
3+
size 3825

datasets/attack_techniques/T1070.003/ConsoleHost_History_deletion/delete_pwh_history_file.log

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
version https://git-lfs.github.com/spec/v1
2+
oid sha256:be5b6850302e520c21383885e395e59e4e5a09c64333d644a501e5f9cb9e721f
3+
size 1323

0 commit comments

Comments
 (0)